无法使用 PowerShell 插入始终加密的 table
Unable to insert into an always encrypted table using PowerShell
我无法使用 PowerShell 插入始终加密的 table,我使用的代码是:
$serverName = "ServerName"
$databaseName = "SecureDB"
$connStr = "Server = " + $serverName + "; Database = " + $databaseName + ";
Integrated Security = True; Column Encryption Setting = Enabled"
$connection = New-Object
Microsoft.SqlServer.Management.Common.ServerConnection
$connection.ConnectionString = $connStr
$connection.Connect()
$server = New-Object Microsoft.SqlServer.Management.Smo.Server($connection)
$database = $server.Databases[$databaseName]
$query = @"
DECLARE @Param1 VARCHAR(50) = 'Param1Value'
DECLARE @Param2 VARCHAR(500) = 'Param2Value'
DECLARE @Param3 VARCHAR(50) = 'Param3Value'
DECLARE @Param4 VARCHAR(100) = 'Param4Value'
Insert into [dbo].[SecureTable]
values (@Param1,@Param2,@Param3,@Param4)
GO
"@
Invoke-Sqlcmd -Query $query -ConnectionString $connStr
请注意,只有 Param2 已加密,我在 SSMS 上成功使用了相同的查询。
错误信息:
Invoke-Sqlcmd : Encryption scheme mismatch for columns/variables '@Param2'. The encryption scheme for the columns/variables is (encryption_type = 'PLAINTEXT') and the expression near line '6' expects it to be (encryption_type = 'DETERMINISTIC',
encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'CEK1', column_encryption_key_database_name = 'SecureDB') (or weaker).
由于 Invoke-sqlcmd 不支持针对加密列的插入语句 ,我找到的解决方案是使用 SqlCommand.ExecuteNonQuery 方法插入 ()
https://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.executenonquery(v=vs.110).aspx
$sqlConn = New-Object System.Data.SqlClient.SqlConnection
$sqlConn.ConnectionString = "Server=ServerName;Integrated Security=true; Initial Catalog=SecurePasswords; Column Encryption Setting=enabled;"
$sqlConn.Open()
$sqlcmd = New-Object System.Data.SqlClient.SqlCommand
$sqlcmd.Connection = $sqlConn
$sqlcmd.CommandText = "INSERT INTO dbo.SecureTable (Column1, Column2, Column3, Column4) VALUES (@Param1, @Param2, @Param3, @)"
$sqlcmd.Parameters.Add((New-Object Data.SqlClient.SqlParameter("@Param1",[Data.SQLDBType]::VarChar,50)))
$sqlcmd.Parameters["@Param1"].Value = "$Param1"
$sqlcmd.Parameters.Add((New-Object Data.SqlClient.SqlParameter("@Param2",[Data.SQLDBType]::VarChar,500)))
$sqlcmd.Parameters["@Param2"].Value = "$Param2"
$sqlcmd.Parameters.Add((New-Object Data.SqlClient.SqlParameter("@Param3",[Data.SQLDBType]::VarChar,50)))
$sqlcmd.Parameters["@Param3"].Value = "$Param3"
$sqlcmd.Parameters.Add((New-Object Data.SqlClient.SqlParameter("@Param4",[Data.SQLDBType]::VarChar,100)))
$sqlcmd.Parameters["@Param4"].Value = "$Param4"
$sqlcmd.ExecuteNonQuery();
$sqlConn.Close()
我无法使用 PowerShell 插入始终加密的 table,我使用的代码是:
$serverName = "ServerName"
$databaseName = "SecureDB"
$connStr = "Server = " + $serverName + "; Database = " + $databaseName + ";
Integrated Security = True; Column Encryption Setting = Enabled"
$connection = New-Object
Microsoft.SqlServer.Management.Common.ServerConnection
$connection.ConnectionString = $connStr
$connection.Connect()
$server = New-Object Microsoft.SqlServer.Management.Smo.Server($connection)
$database = $server.Databases[$databaseName]
$query = @"
DECLARE @Param1 VARCHAR(50) = 'Param1Value'
DECLARE @Param2 VARCHAR(500) = 'Param2Value'
DECLARE @Param3 VARCHAR(50) = 'Param3Value'
DECLARE @Param4 VARCHAR(100) = 'Param4Value'
Insert into [dbo].[SecureTable]
values (@Param1,@Param2,@Param3,@Param4)
GO
"@
Invoke-Sqlcmd -Query $query -ConnectionString $connStr
请注意,只有 Param2 已加密,我在 SSMS 上成功使用了相同的查询。
错误信息:
Invoke-Sqlcmd : Encryption scheme mismatch for columns/variables '@Param2'. The encryption scheme for the columns/variables is (encryption_type = 'PLAINTEXT') and the expression near line '6' expects it to be (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'CEK1', column_encryption_key_database_name = 'SecureDB') (or weaker).
由于 Invoke-sqlcmd 不支持针对加密列的插入语句
$sqlConn = New-Object System.Data.SqlClient.SqlConnection
$sqlConn.ConnectionString = "Server=ServerName;Integrated Security=true; Initial Catalog=SecurePasswords; Column Encryption Setting=enabled;"
$sqlConn.Open()
$sqlcmd = New-Object System.Data.SqlClient.SqlCommand
$sqlcmd.Connection = $sqlConn
$sqlcmd.CommandText = "INSERT INTO dbo.SecureTable (Column1, Column2, Column3, Column4) VALUES (@Param1, @Param2, @Param3, @)"
$sqlcmd.Parameters.Add((New-Object Data.SqlClient.SqlParameter("@Param1",[Data.SQLDBType]::VarChar,50)))
$sqlcmd.Parameters["@Param1"].Value = "$Param1"
$sqlcmd.Parameters.Add((New-Object Data.SqlClient.SqlParameter("@Param2",[Data.SQLDBType]::VarChar,500)))
$sqlcmd.Parameters["@Param2"].Value = "$Param2"
$sqlcmd.Parameters.Add((New-Object Data.SqlClient.SqlParameter("@Param3",[Data.SQLDBType]::VarChar,50)))
$sqlcmd.Parameters["@Param3"].Value = "$Param3"
$sqlcmd.Parameters.Add((New-Object Data.SqlClient.SqlParameter("@Param4",[Data.SQLDBType]::VarChar,100)))
$sqlcmd.Parameters["@Param4"].Value = "$Param4"
$sqlcmd.ExecuteNonQuery();
$sqlConn.Close()