FIX: DecryptByKeyAutoAsymKey() function returns "NULL" value when you decrypt data that is encrypted by an asymmetric key in SQL Server

Applies to: SQL Server 2008 R2 Service Pack 2SQL Server 2008 R2 DatacenterSQL Server 2008 R2 Developer


Consider the following scenario:
  • You have a symmetric key that is encrypted by an asymmetric key in Microsoft SQL Server 2008 R2, SQL Server 2012, or SQL Server 2014.
  • The asymmetric key is created by using an Extensible Key Management (EKM) provider.
  • You use the DecryptByKeyAutoAsymKey() function to decrypt the data that is encrypted by the symmetric key.
In this scenario, the DecryptByKeyAutoAsymKey() function returns "NULL" value.


The issue was first fixed in the following cumulative update of SQL Server.

Cumulative Update 1 for SQL Server 2014

Cumulative Update 8 for SQL Server 2012 SP1

Cumulative Update 11 for SQL Server 2012

Cumulative Update 9 for SQL Server 2008 R2 SP2


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.