0

I am trying to implement Always Encrypted feature in SQL Server 2016. I am using Entity Framework 6.0 c# to access my data. I have successfully accessed my encrypted data and displayed it as plain text after decryption. To achieve this I installed the certificate in correct user certificate store and included Column Encryption Setting = Enabled in my connection string. However, I would like to display ciphertext to users who do not have certificate installed on their machine. If i remove the cert, it gives me an error to say certificate is missing. If I remove the cert and Column Encryption Enabled attribute, it gives me error again. At a loss as to how to display ciphertext. Help?

removed the cert removed column encryption setting attribute

waqar_lionheart
  • 13
  • 5
  • You don't have to display the actual encrypted text, you can just display something that 'looks' encrypted. – stuartd Jul 16 '19 at 10:32
  • Well you need to handle the error when the cert is missing and display some generic error message I guess – Vidmantas Blazevicius Jul 16 '19 at 10:56
  • Well, I dont want to get an error at all. I would like to get something like (plaintext,plaintext,ciphertext,ciphertext) and display it as that without getting an error, just like in management studio where if you dont specify column encryption setting = enabled and dont have a cert, it will just display ciphertext. – waqar_lionheart Jul 16 '19 at 11:37
  • https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/configure-always-encrypted-using-sql-server-management-studio?view=sql-server-2017#retrieving-ciphertext-values-stored-in-encrypted-columns – stuartd Jul 16 '19 at 14:13
  • Yup read it already. The problem isnt in SSMS. The problem is in application layer in EF c#. When you access any property in the model as the binding has been done as byte[] on a string property, it throws an exception to say cannot assign byte[] to string or something to that effect. What I am trying to do is to retrieve the ciphertext as string or even serialise the byte[]. I guess I am gonna have to go down the getter route of the property. I was just wondering if there is a out of the box solution for this. – waqar_lionheart Jul 18 '19 at 07:31

0 Answers0