Question

我需要使用Azure密钥保管库将数据保存在具有列加密的SQL Server中

        @Bean
    @Primary
    public DataSource dataSource() throws SQLException {

        KeyVaultClient client = new KeyVaultClient(keyVaultCredentialService);

        String userName = client.getSecret(vaultURL, "spring-datasource-username").value();
        String password = client.getSecret(vaultURL, "spring-datasource-password").value();
        String url = "jdbc:sqlserver://test.database.windows.net;databaseName=encryption_demo;columnEncryptionSetting=Enabled;"; 

        String driverClass = client.getSecret(vaultURL, "spring-datasource-driverClassName").value();

        DataSource dataSource = DataSourceBuilder
                .create()
                .username(userName)
                .password(password)
                .url(url)
                .driverClassName(driverClass)
                .build();

SQLServerColumnEncryptionAzureKeyVaultProvider akvProvider = new SQLServerColumnEncryptionAzureKeyVaultProvider(clientId, clientKey);

Map<String, SQLServerColumnEncryptionKeyStoreProvider> keyStoreMap = new HashMap<String, SQLServerColumnEncryptionKeyStoreProvider>();

keyStoreMap.put(akvProvider.getName(), akvProvider);        SQLServerConnection.registerColumnEncryptionKeyStoreProviders(keyStoreMap);

return dataSource;

}

application.properties

azure.keyvault.uri= ....
azure.keyvault.client-id= ...
azure.keyvault.client-key= ...

SQLServer table

CREATE TABLE [dbo].[Patients](
    [id] [int] PRIMARY KEY NOT NULL,
    [ssn] [varchar](max) COLLATE Latin1_General_BIN2 ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = [CEK_Auto1], ENCRYPTION_TYPE = Randomized, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NOT NULL,
    [first_name] [varchar](max) COLLATE Latin1_General_BIN2 ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = [CEK_Auto1], ENCRYPTION_TYPE = Randomized, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NULL,
    [last_name] [varchar](max) COLLATE Latin1_General_BIN2 ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = [CEK_Auto1], ENCRYPTION_TYPE = Randomized, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NULL
) 
GO

在将数据保存到DB时出现错误：原因：com.microsoft.sqlserver.jdbc.SQLServerException：加密时发生内部错误：密钥大小非法

Answer 1

下载并安装Java密码学扩展（JCE）无限强度管辖权策略文件。请务必阅读zip文件中包含的自述文件，以获取安装说明以及有关可能的导出/导入问题的相关详细信息。

如果使用mssql-jdbc-X.X.X.jre7.jar或sqljdbc41.jar，则可以从Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 Download下载策略文件。

如果使用mssql-jdbc-X.X.X.jre8.jar或sqljdbc42.jar，则可以从Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 Download下载策略文件。

如果使用mssql-jdbc-X.X.X.jre9.jar，则无需下载任何策略文件。 Java 9中的管辖区策略默认为无限制强度加密。

有关更多详细信息，您可以参考此article。

使用Azure Key Vault和Spring Boot的SQL Server列加密

1 个答案: