November 1, 2018 at 1:10 pm
In running a NIST-compliance security check, it advises that this asymmetric key uses an encryption algorithm (RSA_1024) that will no longer be compliant in like 2022 or so, perhaps before that.
1) What is this key used for? Most Google searches wind up pointing to pages referencing SSISDB configuration - which isn't installed on the instance. Is there any source describing specifically what this key is used for?
2) This appears to be installed by default. Is there a way to redefine the encryption algorithm?
3) FWIW, I installed a SQL2017 instance, and the key doesn't even appear.
November 1, 2018 at 2:21 pm
d short - Thursday, November 1, 2018 1:10 PMIn running a NIST-compliance security check, it advises that this asymmetric key uses an encryption algorithm (RSA_1024) that will no longer be compliant in like 2022 or so, perhaps before that.1) What is this key used for? Most Google searches wind up pointing to pages referencing SSISDB configuration - which isn't installed on the instance. Is there any source describing specifically what this key is used for?
2) This appears to be installed by default. Is there a way to redefine the encryption algorithm?
3) FWIW, I installed a SQL2017 instance, and the key doesn't even appear.
Yes it's used by Integration Services. If you haven't installed the catalog, you wouldn't have it on that instance. There is an explanation of it's use in the documentation for SSIS Catalog - read the section To Restore the SSIS Databases and under the second step it has you create the key and explains the usage for the CLR stored procedures:
SSIS Catalog
Sue
November 5, 2018 at 10:45 am
Sue_H - Thursday, November 1, 2018 2:21 PMd short - Thursday, November 1, 2018 1:10 PMIn running a NIST-compliance security check, it advises that this asymmetric key uses an encryption algorithm (RSA_1024) that will no longer be compliant in like 2022 or so, perhaps before that.1) What is this key used for? Most Google searches wind up pointing to pages referencing SSISDB configuration - which isn't installed on the instance. Is there any source describing specifically what this key is used for?
2) This appears to be installed by default. Is there a way to redefine the encryption algorithm?
3) FWIW, I installed a SQL2017 instance, and the key doesn't even appear.Yes it's used by Integration Services. If you haven't installed the catalog, you wouldn't have it on that instance. There is an explanation of it's use in the documentation for SSIS Catalog - read the section To Restore the SSIS Databases and under the second step it has you create the key and explains the usage for the CLR stored procedures:
SSIS CatalogSue
I did read the doc for SSIS Catalog. The curious thing is, the catalog has NOT been installed. Is it safe to assume then that the key can just be deleted?
November 5, 2018 at 1:52 pm
d short - Monday, November 5, 2018 10:45 AMSue_H - Thursday, November 1, 2018 2:21 PMd short - Thursday, November 1, 2018 1:10 PMIn running a NIST-compliance security check, it advises that this asymmetric key uses an encryption algorithm (RSA_1024) that will no longer be compliant in like 2022 or so, perhaps before that.1) What is this key used for? Most Google searches wind up pointing to pages referencing SSISDB configuration - which isn't installed on the instance. Is there any source describing specifically what this key is used for?
2) This appears to be installed by default. Is there a way to redefine the encryption algorithm?
3) FWIW, I installed a SQL2017 instance, and the key doesn't even appear.Yes it's used by Integration Services. If you haven't installed the catalog, you wouldn't have it on that instance. There is an explanation of it's use in the documentation for SSIS Catalog - read the section To Restore the SSIS Databases and under the second step it has you create the key and explains the usage for the CLR stored procedures:
SSIS CatalogSue
I did read the doc for SSIS Catalog. The curious thing is, the catalog has NOT been installed. Is it safe to assume then that the key can just be deleted?
It can but there is also a login that gets mapped to it which you may or may not have depending on that got there in the first place. The login would be
##MS_SQLEnableSystemAssemblyLoadingUser##
I was able to play around with creating, dropping SSISDB, catalog, etc until I could get the left over key, couldn't delete due to the mappings.But I just went in and right clicked on Integration Services, select create catalog, didn't do anything other than to drop SSISDB and the login dropped with the database this time and then I deleted the key.
Check the post at the end of the following thread on how things are rebuilt - you can work backwards to figure out what was setup. Good checklist to keep anyway - clr gets enabled so check that (sp_configure) if you need it to change:
"An asymmetric key with name 'MSCRMSqlClrKey' already exists" error when creating a new org
Sue
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply