我正在尝试将数据插入到表中,该表使用ODBC驱动程序17进行SQL加密,并在AZURE KEY VAULT中使用列主密钥,但它会引发错误。当我使用SQL SERVER MANAGEMENT STUDIO尝试相同时它工作正常。 SSMS询问我的天蓝色凭据,并将值插入表中。使用Windows证书存储区创建CMK时,我可以毫无错误地执行此操作。我将相同的证书导出到azure密钥库。
以下链接显示可以使用ODBC连接选项使用具有AD身份验证的Azure密钥保管库。
我在使用带有 KeyStoreAuthentication 的 KeyVaultPassword 的odbc驱动程序进行检索时,尝试插入并获取没有行时出现以下错误。但 KeyVaultClientSecret 身份验证方法有效。我在这里错过了什么吗?
连接字符串:
"DSN=SQLSERVERNativeAE;Database=test_usr;ColumnEncryption=Enabled;KeyStoreAuthentication=KeyVaultPassword;KeyStorePrincipalId=<my mail id>;KeyStoreSecret=<my password>"。
Insert into Customers (CustName, SSN, Age) values (?, ?, 10)
SQLSTATE = CE275
NATIVE ERROR = 0
MSG = [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Error requesting access token, HTTP status 400, expected 200
SQLSTATE = CE275
NATIVE ERROR = 0
MSG = [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Error requesting access token, HTTP status 41360, expected 200
SQLSTATE = CE258
NATIVE ERROR = 0
MSG = [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Error retrieving key information for https://aesveeramakeyvault.vault.azure.net:443/keys/AEWCSPFX/35241fa9559c4e04a5e04ae21a123e0f
SQLSTATE = CE202
NATIVE ERROR = 0
MSG = [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]The keystore provider AZURE_KEY_VAULT failed to decrypt the ECEK https://aesveeramakeyvault.vault.azure.net:443/keys/AEWCSPFX/35241fa9559c4e04a5e04ae21a123e0f with RSA_OAEP.
CREATE TABLE [dbo].[Customers](
[CustName] [nvarchar](60) COLLATE Latin1_General_BIN2 ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = [CEK_Auto1], ENCRYPTION_TYPE = Randomized, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NULL,
[SSN] [varchar](12) COLLATE Latin1_General_BIN2 ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = [CEK_Auto1], ENCRYPTION_TYPE = Deterministic, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NULL,
[Age] [int] NULL
) ON [PRIMARY]
CREATE COLUMN MASTER KEY [CMK_Auto1]
WITH
(
KEY_STORE_PROVIDER_NAME = N'AZURE_KEY_VAULT',
KEY_PATH = N'https://aesveeramakeyvault.vault.azure.net:443/keys/AEWCSPFX/35241fa9559c4e04a5e04ae21a123e0f'
)
CREATE COLUMN ENCRYPTION KEY [CEK_Auto1]
WITH VALUES
(
COLUMN_MASTER_KEY = [CMK_Auto1],
ALGORITHM = 'RSA_OAEP',
ENCRYPTED_VALUE = 0x016E000001630075007200720065006E00740075007300650072002F006D0079002F003000650066003400360038003400300063006300610039003700320063006200380032003400390062003200660033003900610039003200300063006600640033003700630061003800310036006300332CAAB1F90FEF11C204297F156833E3E1E4462F03E82C1EABCD717CF3E15C3D1F36FF71AEFFCCAF0C47762E21FD1537E3F65E28F311679FE4E27778F7C19958693D931007F2656DBDA7C37BF352979637CA50F3EB682F69366353F9FA2D0EC906F023784261E8C285A02A034A5B3E189939BE1F7F3D46B0BDD0437A4A1340DB93CF55D6493020CAFF9C3FD9BCFBE8CA466FEAF5C88D949200CC815CC2519E9ECB77FEA7FEB1F7644B52AF424E43D670DC3C7EB0C55DE358489AD30C7EF52CA12C606A0C149052D1085C029EDA7150DF2559CC92A3502ED094AD94C992AE3B00A97B935294F6A68C8A3A79692F8420E369C2AA90BA5C2100288136CAB0620241AAC931F67DD0441E57F3340B5B0D2F8E3668DBBFADC3C01AEFB714C27B37DBDA51F0F7E5EDA65758D172F7B01F87946FEBCAD92D9F55A0A8A0975DAD4F95F1BE9E95B40391E73C8DCB3E45BEF13E767AA240F69AE30A00696584570BB66D8261C81DA401C177513FC55CE137504DCB49561AD5623A55C3166CD8EA8812F0E1B9EB72D456705EC1A32751DA0DF894B4861C001845D0E9D8FBB5E0ED80F6FE95CC44E3571239BC16442EEDFE8F6334F2078677B087742A35C784CEC07E77C5EFACF635E6424C97DAC42363C4445DC1DFDEA9DB46CFCDB44FE611F2BFF54A7DBBD0ACE1F925C73C9F53A90E813B220FFE2491809A3D8A7B90E590CC9D83884CC07B
)