Module com.microsoft.sqlserver.jdbc
Package com.microsoft.sqlserver.jdbc

Class SQLServerColumnEncryptionKeyStoreProvider

    • Constructor Detail

      • SQLServerColumnEncryptionKeyStoreProvider

        public SQLServerColumnEncryptionKeyStoreProvider()
        default constructor

    • Method Detail

      • setName

        public abstract void setName​(String name)
        Sets the name of this key store provider.
        Parameters:
        name - value to be set for the key store provider.

      • getName

        public abstract String getName()
        Returns the name of this key store provider.
        Returns:
        the name of this key store provider.

      • decryptColumnEncryptionKey

        public abstract byte[] decryptColumnEncryptionKey​(String masterKeyPath,
                                                  String encryptionAlgorithm,
                                                  byte[] encryptedColumnEncryptionKey)
                                           throws SQLServerException
        Decrypts the specified encrypted value of a column encryption key. The encrypted value is expected to be encrypted using the column master key with the specified key path and using the specified algorithm.
        Parameters:
        masterKeyPath - The column master key path.
        encryptionAlgorithm - the specific encryption algorithm.
        encryptedColumnEncryptionKey - the encrypted column encryption key
        Returns:
        the decrypted value of column encryption key.
        Throws:
        SQLServerException - when an error occurs while decrypting the CEK

      • encryptColumnEncryptionKey

        public abstract byte[] encryptColumnEncryptionKey​(String masterKeyPath,
                                                  String encryptionAlgorithm,
                                                  byte[] columnEncryptionKey)
                                           throws SQLServerException
        Encrypts a column encryption key using the column master key with the specified key path and using the specified algorithm.
        Parameters:
        masterKeyPath - The column master key path.
        encryptionAlgorithm - the specific encryption algorithm.
        columnEncryptionKey - column encryption key to be encrypted.
        Returns:
        the encrypted column encryption key.
        Throws:
        SQLServerException - when an error occurs while encrypting the CEK

      • verifyColumnMasterKeyMetadata

        public abstract boolean verifyColumnMasterKeyMetadata​(String masterKeyPath,
                                                      boolean allowEnclaveComputations,
                                                      byte[] signature)
                                               throws SQLServerException
        Verify the signature is valid for the column master key
        Parameters:
        masterKeyPath - column master key path
        allowEnclaveComputations - indicates whether the column master key supports enclave computations
        signature - signature of the column master key metadata
        Returns:
        whether the signature is valid for the column master key
        Throws:
        SQLServerException - when an error occurs while verifying the signature

      • getColumnEncryptionKeyCacheTtl

        public Duration getColumnEncryptionKeyCacheTtl()
        Returns the time-to-live for items in the cache of column encryption keys, as implemented in the key store provider.
        Returns:
        the time-to-live for items in the cache.

      • setColumnEncryptionCacheTtl

        public void setColumnEncryptionCacheTtl​(Duration duration)
        Sets the the time-to-live for items in the cache of column encryption keys in the key store provider.
        Parameters:
        duration - value to be set for the time-to-live for items in the cache in the key store provider.