A few questions:
Are there best practices regarding when a Certificate is appropriate for encrypting data versus using a asymmetric key?
Also, when you create an asymmetric key - aren't you really creating both the public/private key pair?
Lastly, what can a Certificate do that an asymmetric key cannot?
Thanks much,
JoeYes, when you create the asymmetric key, you create a key pair. The same thing happens for certificates if you use the "WITH SUBJECT" clause instead of creating the certificate from a file.
In terms of encryption and signing, what you can do with one, you can also do with the other. The main differences are in how you create them (certificates can be imported from X.509 files, asymmetric keys from assemblies) and the fact that certificates can be backed up to files, while asymmetric keys cannot.
This last point is very important because it means that if an asymmetric key is created internaly, not loaded from a file, then it is not easy (it is possible but not practical) to create the same asymmetric key in another database. So if you do code signing and you want the signature to grant server-level permissions, it will be more convenient to use certificates.
Thanks
Laurentiu|||
That answers my questions Laurentiu. As always, thanks again for your help.
Best Regards,
Joe
No comments:
Post a Comment