dbd_list_tokens

exec master..dbd_list_tokens [@module sysname], [@autologin bit]

This procedure lists all tokens of all or of specified modules. If @autologin set to 1 and PIN was previously saved by dbd_login_token the procedure tries to login to the token.

The token is a real or virtual device. Generally, you can imagine a token as a small USB stick. You may have several USB tokens attached to the computer. They will all be listed, but with different slot numbers. To be used for database encryption, a token must support the AES_CTR algorithm.

Important: If a token is removed from the computer, don't forget to delete it's PIN with dbd_logout_token.
Usually tokens have a limit on the number of failed login attempts. If there is an old and incorrect PIN associated with the slot, then subsequent calls to dbd_list_tokens with @autologin set to 1 may quickly reach this limit. When this limit is reached, tokens usually lock themselves for all operations until administrator login. You should use token vendor's tools to unlock the locked token.

Example output:

module         slot  slot_description      token_label  AES_CTR  login
-------------- ----- --------------------- ------------ -------- --------
acdemopkcs11   1     Demo PKCS#11 slot     Token 1      Yes      Yes
etoken         8     ETOKEN HID READER 0   EToken1      Yes      No
etoken         9     ETOKEN HID READER 1   EToken2      Yes      No

Fields:

module - module name

slot - slot number

slot description - self-description from the PKCS#11 module

token_label - token label from the PKCS#11 module

AES_CTR - displays if the token supports an encryption mode suitable for database encryption. Not every token supports this mode. Please check vendor documentation. For example, SafeNet eToken 5110 supports AES_CTR, but SafeNet eToken 5100 does not.

login - shows if SQL Server is logged to token: Yes | No

Login is not always required by a token. Some tokens and it's keys may be configured to allow encryption without a login. DbDefence doesn't provide functions for key generation and token configuration.

To login use dbd_login_token

To logout or remove a PIN, use dbd_logout_token

To list token keys, use dbd_list_token_keys