How can I get certificate public key from SQL Server?

Question

I have imported certificate into a SQL Server database.

 create certificate MyCertificate from file = 'c:\certificate.cer';

Now I want to retrieve public key of that certificate. How to do it ?

I can do

select * from sys.certificates

but there is no public key column.

I know I can save it to disk by

backup certificate MyCertificate to file = 'c:\MyCertificate.cer';

but that's not what I want. I just need database to tell me public key or somehow get me whole certificate but I dont want to use files.

EDIT:

I wanted to verify digital signature of a row in database table using SQL Server and certificate. But since function VerifySignedByCert doesn't check certificate expiration date (according to this note: Built-in functions for encryption and signing do not check the expiration dates of certificates. Users of these functions must decide when to check certificate expiration. in http://msdn.microsoft.com/en-US/library/ms187798%28v=SQL.90%29.aspx ) I have to do it manually in C# code.

That's why I wanted to get certificate public key and expiration date (which can be found in sys.certificates). But it seems that storing certificate in a varbinary column in a table is the best option. Or are there other better ways how to achieve this ?

Thank you for your help

Answer 1

The information that you are looking for resides in the master database in the syscerts table. However, there is no easy way to get at that data. If you are trying to get to the keys, perhaps you are not trying to use the certificate for the purpose in which certificates are intended to be used by SQL Server?

If you are trying to store certificates in SQL Server but not use them for the security of SQL Server then you might want to try storing them in a varbinary column in a table. Would something like that work for you?

If you give a little more information about what you are trying to accomplish, I might be able to help you a little more.

Here is a good overview of certificates in SQL Server: http://www.mssqltips.com/sqlservertip/1319/sql-server-2005-encryption-certificates-overview/

Answer 2

Create a table create table Atm ( AID int identity, PIN varchar(300) ) INSERT INTO Atm(PIN) VALUES (EncryptByCert(cert_id('PinNumber1'),'473429000000')) INSERT INTO Atm(PIN) VALUES (EncryptByCert(cert_id('PinNumber1'),'473567000000')) INSERT INTO Atm(PIN) VALUES (EncryptByCert(cert_id('PinNumber1'),'4678904290000'))

After that create a certificate as follows:-

CREATE CERTIFICATE PinNumber1 ENCRYPTION BY PASSWORD ='3e@k80*^' WITH SUBJECT = 'This Pin number is Encrpted'

if you want to decrypt it later then :-

select convert(varchar(max), DecryptByCert(cert_id('PinNumber1'),PIN,N'3e@k80*^')) from Atm where AID=2

Answer 3

Starting with SQL Server 2012 there is the CERTENCODED(certid) function:

SELECT
     *,
     CERTENCODED(C.certificate_id)
FROM sys.certificates C;

Per documentation you can use this to recreate the certificate and as such it should be an ASN-encoded certificate (without private key). From there on you should be able to find a way to import the certificate into your C# code. If you are only interested in a certain certificate you can also use SELECT CERTENCODED(CERT_ID('myCert')), CERTPROPERTY(CERT_ID('myCert'), 'Expiry_Date') to get the desired data.