CERTPRIVATEKEY (Transact-SQL)

Returns the private key of a certificate in binary format. This function takes three arguments.

  • A certificate ID.

  • An encryption password which is used to encrypt the private key bits when they are returned by the function, so that the keys are not exposed clear text to users.

  • A decryption password which is optional. If a decryption password is specified, then it is used to decrypt the private key of the certificate otherwise database master key is used.

Only users that have access to certificate’s private key will be able to use this function. This function returns the private key in PVK format.

Syntax

CERTPRIVATEKEY 
    (
          cert_ID 
        , ' encryption_password ' 
      [ , ' decryption_password ' ]
    )

Arguments

  • certificate_ID
    Is the certificate_id of the certificate. This is available from sys.certificates or by using the CERT_ID (Transact-SQL) function. cert_id is type int

  • encryption_password
    The password used to encrypt the returned binary value.

  • decryption_password
    The password used to decrypt the returned binary value.

Return Types

varbinary

Remarks

CERTENCODED and CERTPRIVATEKEY are used together to return different portions of a certificate in binary form.

Permissions

CERTPRIVATEKEY is available to public.

Examples

CREATE DATABASE TEST1;
GO
USE TEST1
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'Use 5tr0ng P^55Words'
GO
CREATE CERTIFICATE Shipping04 
WITH SUBJECT = 'Sammamish Shipping Records', 
EXPIRY_DATE = '20141031';
GO
SELECT CERTPRIVATEKEY(CERT_ID('Shipping04'), 'jklalkaa/; uia3dd');

For a more complex example that uses CERTPRIVATEKEY and CERTENCODED to copy a certificate to another database, see example B in the topic CERTENCODED (Transact-SQL).

See Also

Reference

Security Functions (Transact-SQL)

CREATE CERTIFICATE (Transact-SQL)

Security Functions (Transact-SQL)

sys.certificates (Transact-SQL)