Merge pull request from MicrosoftDocs/FromPublicRepo

v-alje · web-flow · commit ac0563f72a27 · 2018-04-16T10:29:55.000-07:00
Confirm merge from FromPublicRepo to master to sync with
diff --git a/docs/t-sql/functions/certencoded-transact-sql.md b/docs/t-sql/functions/certencoded-transact-sql.md
@@ -29,7 +29,7 @@ ms.workload: "Inactive"
 # CERTENCODED (Transact-SQL)
 [!INCLUDE[tsql-appliesto-ss2012-asdb-xxxx-xxx-md](../../includes/tsql-appliesto-ss2012-asdb-xxxx-xxx-md.md)]
 
-Returns the public portion of a certificate in binary format. This function takes a certificate ID and returns the encoded certificate. The binary result can be passed to **CREATE CERTIFICATE … WITH BINARY** to create a new certificate.
+This function returns the public portion of a certificate in binary format. This function takes a certificate ID as an argument, and returns the encoded certificate. To create a new certificate, pass the binary result to **CREATE CERTIFICATE … WITH BINARY**.
   
 ## Syntax  
   
@@ -39,39 +39,39 @@ CERTENCODED ( cert_id )
   
 ## Arguments  
 *cert_id*  
-Is the **certificate_id** of the certificate. This is available from sys.certificates or by using the [CERT_ID &#40;Transact-SQL&#41;](../../t-sql/functions/cert-id-transact-sql.md) function. *cert_id* is type **int**
+The **certificate_id** of the certificate. Find this value in sys.certificates; the [CERT_ID &#40;Transact-SQL&#41;](../../t-sql/functions/cert-id-transact-sql.md) function will return it as well. *cert_id* has data type **int**.
   
 ## Return types
 **varbinary**
   
 ## Remarks  
-**CERTENCODED** and **CERTPRIVATEKEY** are used together to return different portions of a certificate in binary form.
+Use **CERTENCODED** and **CERTPRIVATEKEY** together to return, in binary form, different portions of a certificate.
   
 ## Permissions  
-**CERTENCODED** is available to public.
+**CERTENCODED** is publicly available.
   
 ## Examples  
   
 ### Simple Example  
-The following example creates a certificate named `Shipping04` and then uses the **CERTENCODED** function to return the binary encoding of the certificate.
+This example creates a certificate named `Shipping04`, and then uses the **CERTENCODED** function to return the binary encoding of the certificate. This example sets the certificate expiry date to October 31, 2040.
   
 ```sql
-CREATE DATABASE TEST1;  
-GO  
-USE TEST1  
-CREATE CERTIFICATE Shipping04   
-ENCRYPTION BY PASSWORD = 'pGFD4bb925DGvbd2439587y'  
-WITH SUBJECT = 'Sammamish Shipping Records',   
-EXPIRY_DATE = '20161031';  
-GO  
-SELECT CERTENCODED(CERT_ID('Shipping04'));  
+CREATE DATABASE TEST1;
+GO
+USE TEST1
+CREATE CERTIFICATE Shipping04
+ENCRYPTION BY PASSWORD = 'pGFD4bb925DGvbd2439587y'
+WITH SUBJECT = 'Sammamish Shipping Records',
+EXPIRY_DATE = '20401031';
+GO
+SELECT CERTENCODED(CERT_ID('Shipping04'));
   
 ```  
   
 ### B. Copying a Certificate to Another Database  
-The following more complicated example, creates two databases, `SOURCE_DB` and `TARGET_DB`. The goal is to create a certificate in the `SOURCE_DB`, and then copy the certificate to the `TARGET_DB`, and then demonstrate that data encrypted in `SOURCE_DB` can be decrypted in `TARGET_DB` using the copy of the certificate.
+The more complex example creates two databases, `SOURCE_DB` and `TARGET_DB`. Then, create a certificate in `SOURCE_DB`, and then copy the certificate to the `TARGET_DB`. Finally, demonstrate that data encrypted in `SOURCE_DB` can be decrypted in `TARGET_DB` using the copy of the certificate.
   
-To create the example environment, create the `SOURCE_DB` and `TARGET_DB` databases, and a master key in each. Then create a certificate in `SOURCE_DB`.
+To create the example environment, create the `SOURCE_DB` and `TARGET_DB` databases, and a master key in each database. Then, create a certificate in `SOURCE_DB`.
   
 ```sql
 USE master;  
@@ -96,7 +96,7 @@ CREATE CERTIFICATE SOURCE_CERT WITH SUBJECT = 'SOURCE_CERTIFICATE';
 GO  
 ```  
   
-Now extract the binary description of the certificate.
+Next, extract the binary description of the certificate.
   
 ```sql
 DECLARE @CERTENC VARBINARY(MAX);  
@@ -109,7 +109,7 @@ SELECT @CERTPVK AS EncryptedBinaryCertificate;
 GO  
 ```  
   
-Create the duplicate certificate in the `TARGET_DB` database. You must modify the following code, inserting the two binary values returned in the previous step.
+Then, create the duplicate certificate in the `TARGET_DB` database. Modify the following code for this to work, inserting the two binary values - @CERTENC and @CERTPVK - returned in the previous step. Don't surround these values with quotes.
   
 ```sql
 -- Create the duplicate certificate in the TARGET_DB database  
@@ -128,7 +128,7 @@ UNION
 SELECT * FROM TARGET_DB.sys.certificates;  
 ```  
   
-The following code executed as a single batch demonstrates that data encrypted in `SOURCE_DB` can be decrypted in `TARGET_DB`.
+This code, executed as a single batch, demonstrates that `TARGET_DB` can decrypt data originally encrypted in `SOURCE_DB`.
   
 ```sql
 USE SOURCE_DB;  
diff --git a/docs/t-sql/functions/certprivatekey-transact-sql.md b/docs/t-sql/functions/certprivatekey-transact-sql.md
@@ -29,12 +29,12 @@ ms.workload: "Inactive"
 # CERTPRIVATEKEY (Transact-SQL)
 [!INCLUDE[tsql-appliesto-ss2012-asdb-xxxx-xxx-md](../../includes/tsql-appliesto-ss2012-asdb-xxxx-xxx-md.md)]
 
-Returns the private key of a certificate in binary format. This function takes three arguments.
+This function returns the private key of a certificate in binary format. This function takes three arguments.
 -   A certificate ID.  
--   An encryption password which is used to encrypt the private key bits when they are returned by the function, so that the keys are not exposed clear text to users.  
--   A decryption password which is optional. If a decryption password is specified, then it is used to decrypt the private key of the certificate otherwise database master key is used.  
+-   An encryption password, used to encrypt the private key bits returned by the function. This approach does not expose the keys as clear text text to users.  
+-   An optional decryption password. A specified decryption password is used to decrypt the private key of the certificate. Otherwise, the database master key is used.  
   
-Only users that have access to certificate’s private key will be able to use this function. This function returns the private key in PVK format.
+Only users with access to the certificate private key can use this function. This function returns the private key in PVK format.
   
 ## Syntax  
   
@@ -49,7 +49,7 @@ CERTPRIVATEKEY
   
 ## Arguments  
 *certificate_ID*  
-Is the **certificate_id** of the certificate. This is available from sys.certificates or by using the [CERT_ID &#40;Transact-SQL&#41;](../../t-sql/functions/cert-id-transact-sql.md) function. *cert_id* is type **int**
+The **certificate_id** of the certificate. Obtain this value from sys.certificates or from the [CERT_ID &#40;Transact-SQL&#41;](../../t-sql/functions/cert-id-transact-sql.md) function. *cert_id* has data type **int**.
   
 *encryption_password*  
 The password used to encrypt the returned binary value.
@@ -61,10 +61,10 @@ The password used to decrypt the returned binary value.
 **varbinary**
   
 ## Remarks  
-**CERTENCODED** and **CERTPRIVATEKEY** are used together to return different portions of a certificate in binary form.
+Use **CERTENCODED** and **CERTPRIVATEKEY** together to return different portions of a certificate, in binary form.
   
 ## Permissions  
-**CERTPRIVATEKEY** is available to public.
+**CERTPRIVATEKEY** is publicly available.
   
 ## Examples  
   
@@ -76,12 +76,12 @@ CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'Use 5tr0ng P^55Words'
 GO  
 CREATE CERTIFICATE Shipping04   
 WITH SUBJECT = 'Sammamish Shipping Records',   
-EXPIRY_DATE = '20141031';  
+EXPIRY_DATE = '20401031';  
 GO  
 SELECT CERTPRIVATEKEY(CERT_ID('Shipping04'), 'jklalkaa/; uia3dd');  
 ```  
   
-For a more complex example that uses **CERTPRIVATEKEY** and **CERTENCODED** to copy a certificate to another database, see example B in the topic [CERTENCODED &#40;Transact-SQL&#41;](../../t-sql/functions/certencoded-transact-sql.md).
+See [CERTENCODED &#40;Transact-SQL&#41;](../../t-sql/functions/certencoded-transact-sql.md), Example B, for a more complex example that uses **CERTPRIVATEKEY** and **CERTENCODED** to copy a certificate to another database.
   
 ## See also
 [Security Functions &#40;Transact-SQL&#41;](../../t-sql/functions/security-functions-transact-sql.md)  
diff --git a/docs/t-sql/functions/decryptbykey-transact-sql.md b/docs/t-sql/functions/decryptbykey-transact-sql.md
@@ -61,7 +61,9 @@ DecryptByKey ( { 'ciphertext' | @ciphertext }
  Is a variable that contains data from which to generate an authenticator. Must match the value that was supplied to EncryptByKey.  
   
 ## Return Types  
- **varbinary** with a maximum size of 8,000 bytes.  
+ **varbinary** with a maximum size of 8,000 bytes.
+ 
+Returns NULL if the symmetric key used for encrypting the data is not open or the *ciphertext* is NULL.
   
 ## Remarks  
  DecryptByKey uses a symmetric key. This symmetric key must already be open in the database. There can be multiple keys open at the same time. You do not have to open the key immediately before decrypting the cipher text.  
