Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to: 
SQL Server
Azure SQL Database
Azure SQL Managed Instance
Returns a row for each symmetric key encryption specified by using the ENCRYPTION BY clause of the CREATE SYMMETRIC KEY statement.
To protect the key material of the symmetric key, SQL Server and Azure SQL store the key material in encrypted form. Historically, this encryption utilized PKCS#1 v1.5 padding mode; starting with database compatibility level 170, the encryption uses OAEP-256 padding mode.
| Column names | Data types | Description |
|---|---|---|
key_id |
int | ID of the encrypted key. |
thumbprint |
varbinary(32) | SHA-1 hash of the certificate with which the key is encrypted, or the GUID of the symmetric key with which the key is encrypted. |
crypt_type |
char(4) | Type of encryption:ESKS = Encrypted by symmetric keyESKP, ESP2, or ESP3 = Encrypted by passwordEPUC = Encrypted by certificateEPUA = Encrypted by asymmetric keyESKM = Encrypted by master keyC256 = Encrypted by certificate OAEP256A256 = Encrypted by asymmetric key OAEP256 |
crypt_type_desc |
nvarchar(60) | Description of encryption type:ENCRYPTION BY SYMMETRIC KEYENCRYPTION BY PASSWORDBeginning with SQL Server 2017 (14.x) ENCRYPTION BY CERTIFICATEENCRYPTION BY ASYMMETRIC KEYENCRYPTION BY MASTER KEY 1ENCRYPTION BY CERTIFICATE OAEP256ENCRYPTION BY ASYMMETRIC KEY OAEP256 |
crypt_property |
varbinary(max) | Signed or encrypted bits. |
1 Windows DPAPI is used to protect the SMK.
Permissions
The visibility of the metadata in catalog views is limited to securables that a user either owns, or on which the user was granted some permission. For more information, see Metadata Visibility Configuration.