SQL Server Always Encrypted columns error

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SQL Server Always Encrypted columns error

Crater Void
I have a sql server database with some "Always Encrypted" columns.  I was given the certificate to decrypt these and successfully tested with a java program using plain jdbc.  The data in the columns returns fine. 

However when I try to query them using mybatis 3.5.0  I get:

### Error querying database.  Cause: com.microsoft.sqlserver.jdbc.SQLServerException: Encryption scheme mismatch for columns/variables 'customer_name'. The encryption scheme for the columns/variables is (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'Encryption_Key', column_encryption_key_database_name = 'DataWarehouse_user_readonly') and the expression near line '1' expects it to be (encryption_type = 'PLAINTEXT') (or weaker).


 

Here is what's in my configuration file:

<environments default="development">
       
<environment id="development">
           
<transactionManager type="JDBC"/>
           
<dataSource type="UNPOOLED">
               
<property name="driver" value="com.microsoft.sqlserver.jdbc.SQLServerDriver"/>
               
<property name="url" value="jdbc:sqlserver://2SERVERDB;databaseName=DataWarehouse_user_readonly;integratedSecurity=true;columnEncryptionSetting=Enabled;keyStoreAuthentication=JavaKeyStorePassword;keyStoreLocation=EncryptionCertificate.pfx;keyStoreSecret=xxxxxx" />
           
</dataSource>
       
</environment>
   
</environments>

The same connection string url from above works fine with plain jdbc.

Any suggestions for this error?

--
You received this message because you are subscribed to the Google Groups "mybatis-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/mybatis-user/66f61739-2a43-45dd-a123-f9d23f9c3be0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: SQL Server Always Encrypted columns error

Iwao AVE!
Hi,

The following issue looks similar. See if the committer's comment helps.

If it didn't, please post 1) the plain JDBC code that worked and 2) MyBatis statement causing the error.

Regards,
Iwao



On Tue, May 7, 2019 at 4:57 AM Crater Void <[hidden email]> wrote:
I have a sql server database with some "Always Encrypted" columns.  I was given the certificate to decrypt these and successfully tested with a java program using plain jdbc.  The data in the columns returns fine. 

However when I try to query them using mybatis 3.5.0  I get:

### Error querying database.  Cause: com.microsoft.sqlserver.jdbc.SQLServerException: Encryption scheme mismatch for columns/variables 'customer_name'. The encryption scheme for the columns/variables is (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'Encryption_Key', column_encryption_key_database_name = 'DataWarehouse_user_readonly') and the expression near line '1' expects it to be (encryption_type = 'PLAINTEXT') (or weaker).


 

Here is what's in my configuration file:

<environments default="development">
       
<environment id="development">
           
<transactionManager type="JDBC"/>
           
<dataSource type="UNPOOLED">
               
<property name="driver" value="com.microsoft.sqlserver.jdbc.SQLServerDriver"/>
               
<property name="url" value="jdbc:sqlserver://2SERVERDB;databaseName=DataWarehouse_user_readonly;integratedSecurity=true;columnEncryptionSetting=Enabled;keyStoreAuthentication=JavaKeyStorePassword;keyStoreLocation=EncryptionCertificate.pfx;keyStoreSecret=xxxxxx" />
           
</dataSource>
       
</environment>
   
</environments>

The same connection string url from above works fine with plain jdbc.

Any suggestions for this error?

--
You received this message because you are subscribed to the Google Groups "mybatis-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/mybatis-user/66f61739-2a43-45dd-a123-f9d23f9c3be0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "mybatis-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/mybatis-user/CA%2Buep2Trq%2BY3jyWiZ4AXkeLSVN4fJa_b81nmzLonhyi0qt%2BDHQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.