无法为加密列申请MAX（）SQL Server上

Question

我有这是使用SQL Server 2016

现在我想执行这个简单的选择上始终处于加密功能加密的datetime列的表：

select max(dt_order) 
from orders 
where customer = 123; 

我遇到了这个错误：

Msg 33299, Level 16, State 2, Line 5
Encryption scheme mismatch for columns/variables 'dt_order'. The encryption scheme for the columns/variables is (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'myColHML', column_encryption_key_database_name = 'TESTING') and the expression near line '1' expects it to be (encryption_type = 'PLAINTEXT') (or weaker).

在SSMS我已经设置连接选项“一栏加密设置=已启用”，也有我已设置查询选项“启用始终加密参数化”

任何想法？

Answer 1

由于您的数据是使用客户端上的密钥加密的，因此SQL Server将无法计算最大值。这是由于SQL Server没有密钥。 Always Encrypted的主要价值主张是它保护来自SQL Server管理员的数据。目前，加密列上唯一可能的操作是平等的。

从官方文档

Deterministic encryption always generates the same encrypted value for any given plain text value. Using deterministic encryption allows point lookups, equality joins, grouping and indexing on encrypted columns. However, but may also allow unauthorized users to guess information about encrypted values by examining patterns in the encrypted column, especially if there is a small set of possible encrypted values, such as True/False, or North/South/East/West region. Deterministic encryption must use a column collation with a binary2 sort order for character columns.

Randomized encryption uses a method that encrypts data in a less predictable manner. Randomized encryption is more secure, but prevents searching, grouping, indexing, and joining on encrypted columns.