SQL Server Column Encryption using Azure Key Vault and Spring Boot

问题

I need to save the data in SQL server having column encryption using the Azure Key vault

        @Bean
    @Primary
    public DataSource dataSource() throws SQLException {

        KeyVaultClient client = new KeyVaultClient(keyVaultCredentialService);

        String userName = client.getSecret(vaultURL, "spring-datasource-username").value();
        String password = client.getSecret(vaultURL, "spring-datasource-password").value();
        String url = "jdbc:sqlserver://test.database.windows.net;databaseName=encryption_demo;columnEncryptionSetting=Enabled;"; 

        String driverClass = client.getSecret(vaultURL, "spring-datasource-driverClassName").value();

        DataSource dataSource = DataSourceBuilder
                .create()
                .username(userName)
                .password(password)
                .url(url)
                .driverClassName(driverClass)
                .build();

SQLServerColumnEncryptionAzureKeyVaultProvider akvProvider = new SQLServerColumnEncryptionAzureKeyVaultProvider(clientId, clientKey);

Map<String, SQLServerColumnEncryptionKeyStoreProvider> keyStoreMap = new HashMap<String, SQLServerColumnEncryptionKeyStoreProvider>();

keyStoreMap.put(akvProvider.getName(), akvProvider);        SQLServerConnection.registerColumnEncryptionKeyStoreProviders(keyStoreMap);

return dataSource;

}

application.properties

azure.keyvault.uri= ....
azure.keyvault.client-id= ...
azure.keyvault.client-key= ...

SQLServer table

CREATE TABLE [dbo].[Patients](
    [id] [int] PRIMARY KEY NOT NULL,
    [ssn] [varchar](max) COLLATE Latin1_General_BIN2 ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = [CEK_Auto1], ENCRYPTION_TYPE = Randomized, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NOT NULL,
    [first_name] [varchar](max) COLLATE Latin1_General_BIN2 ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = [CEK_Auto1], ENCRYPTION_TYPE = Randomized, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NULL,
    [last_name] [varchar](max) COLLATE Latin1_General_BIN2 ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = [CEK_Auto1], ENCRYPTION_TYPE = Randomized, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NULL
) 
GO

While saving the data in DB getting the error: Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: Internal error while encryption: Illegal key size

回答1:

Download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. Be sure to read the Readme included in the zip file for installation instructions and relevant details on possible export/import issues.

If using the mssql-jdbc-X.X.X.jre7.jar or sqljdbc41.jar, the policy files can be downloaded from Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 Download.

If using the mssql-jdbc-X.X.X.jre8.jar or sqljdbc42.jar, the policy files can be downloaded from Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 Download.

If using the mssql-jdbc-X.X.X.jre9.jar, no policy file needs to be downloaded. The jurisdiction policy in Java 9 defaults to unlimited strength encryption.

For more details, you could refer to this article.

来源：https://stackoverflow.com/questions/56186470/sql-server-column-encryption-using-azure-key-vault-and-spring-boot