SQL Server 2016 - 是否可以连接两个 nvarchar 始终加密的列?

SQL Server 2016 - Is it possible to concatenate two nvarchar always encrypted columns?

我创建了一个 table 使用:

create table dbo.employee(firstname nvarchar(100) null,lastname nvarchar(100) null)

使用以下方法插入了一些示例数据:

insert into dbo.employee values('Sachin','Tendulkar')
insert into dbo.employee values('Rohit','Sharma')
insert into dbo.employee values('Virendra','Sehwag')
insert into dbo.employee values('Irfan','Pathan')

然后我使用始终加密的向导使用 SSMS v17 加密此 table 的 列。现在我正在尝试像这样连接名字和姓氏:

select concat(firstname, lastname) from dbo.employee

它给我以下错误:

Operand type clash: nvarchar(100) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'SampleDB_CEK', column_encryption_key_database_name = 'SampleDB') is incompatible with varchar

当我尝试这个时:

select firstname + lastname from dbo.employee

它给出以下错误:

Encryption scheme mismatch for columns/variables 'firstname', 'lastname'. The encryption scheme for the columns/variables is (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'SampleDB_CEK', column_encryption_key_database_name = 'SampleDB') and the expression near line '1' expects it to be (encryption_type = 'PLAINTEXT') (or weaker).

感谢任何帮助。

不允许在加密列上串联。目前,对加密列唯一可能的操作是相等。这是因为 SQL 服务器没有密钥。

您可能必须在客户端应用程序中实现此逻辑。

来自官方文档

Deterministic encryption always generates the same encrypted value for any given plain text value. Using deterministic encryption allows point lookups, equality joins, grouping and indexing on encrypted columns. However, but may also allow unauthorized users to guess information about encrypted values by examining patterns in the encrypted column, especially if there is a small set of possible encrypted values, such as True/False, or North/South/East/West region. Deterministic encryption must use a column collation with a binary2 sort order for character columns.

Randomized encryption uses a method that encrypts data in a less predictable manner. Randomized encryption is more secure, but prevents searching, grouping, indexing, and joining on encrypted columns.