Reputation: 31
SQL Server - Unsupported Keystore Provider MSSQL_JAVA_KEYSTORE
I am working on a project where we plan to encrypt our SQL Server 2016 database using SQL Server Always Encrypted. The client apps will access data via a compatible jdbc driver.
Microsoft docs say that I can use MSSQL_JAVA_KEYSTORE as the Keystore provider.
Step 1: I created a KeyPair using keytool command and I have a jks file.
Step 2: I created a Column Master Key in SQL Server using SSMS as follows
CREATE COLUMN MASTER KEY CMK_2 WITH (KEY_STORE_PROVIDER_NAME = N'MSSQL_JAVA_KEYSTORE', KEY_PATH = N'tp-7b679880-706e-47af-bcbe-e1cc3cc78690');where
KEY_PATHis the alias of the key in mykeystore.jksfile.Step 3: Now I am trying to create a Column Encryption key using SSMS wizard and it throws the following Error
Unsupported Keystore Provider type: MSSQL_JAVA_KEYSTORE.
A bit baffled by the error - as per Microsoft docs, MSSQL_JAVA_KEYSTORE is one of the built in column master keystore providers.
What am I doing wrong?
Upvotes: 2
Views: 1580
Answers (1)
Reputation: 11
Unfortunately is not possible to create the ECK directly using SSMS. I hope in the future microsoft could handle this. I've used AE with Java app using JBoss EAP 7.x using this steps:
- Keytool to creating the keys.
- Following the guide of Microsoft SQL guide to create a java class and after an EMK and ECK with it.
- Creating my db table objects making reference of this ECK.
- In the jdbc, inform the keystore, its password and connection properties to the sql server.
Important:
- MSSQL will not be able to handle the crypt data register inside the DB. It cannot read the keystore.
- You'll need to create another class or java app with the same keystore access to be able to handle the data (CRUD) actions and troubleshooting the register inside your database.
- If this AE keystore be exposed all your data may be at risk, Keep then safe.
Tip: With DBeaver and Squirrel I could make some select commands using the keystore, and make changes and table structure normally. But insert, update not, only using java class.
Upvotes: 1
Related Questions
- The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "PKIX path building failed:
- SQL Server JDBC Error on Java 8: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption
- Always Encryption: Failed to decrypt a column encryption key using key store provider: 'MSSQL_CERTIFICATE_STORE'
- How to fix " The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption" error
- SQL Server JDBC Error: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption
- com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using SSL encryption
- MSSQL_CERTIFICATE_STORE Operation is not supported on this platform
- The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Server key"
- The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption
- ssl jdbc connection keystore not found