7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databases

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Microsoft Best Practices recommend to use at least a 2048-bit encryption algorithm for asymmetric keys.


The RSA_2048 encryption algorithm for asymmetric keys in SQL Server is the highest bit-level provided and therefore the most secure available choice (other choices are RSA_512 and RSA_1024).


The higher-bit level may result in slower performance, but reduces the likelihood of an attacker breaking the key.

Encrypted data cannot be compressed, but compressed data can be encrypted. If you use compression, you should compress data before encrypting it.


Refer to Microsoft SQL Server Books Online ALTER ASYMMETRIC KEY entry: https://docs.microsoft.com/en-us/sql/t-sql/statements/alter-asymmetric-key-transact-sql

Default Value:


See Also