0

I enabled Always Encrypted option on a varchar column in database (MS SQL 2019). Now, ColdFusion (2016) application is generating an error ByteArray objects cannot be converted to strings.

How to enable or register encryption for this database in the CF 2016 server?

UPDATE: Thanks to Miguel-F comment, I went with this guide below to enable Always Encrypted and configuration of data source in CF Administrator.

https://community.hostek.com/t/sql-server-always-encrypted-columns/315#heading--ColdFusion

But, I stack on the paragraph under the heading

Using Always Encrypted Columns with ColdFusion

....

You must also ensure that the ColdFusion service account has access to the
private key. This service usually runs under the ‘cfusion’ user so you will
want to give read permissions for that user to the private key of the 
‘Column Master Key’.

Do I need to create a standard user and login as that user and assign to the service ColdFusion 2016 Application Server? Does this service is reffered here as a "cfusion"?

Then, how would I give that user read permissions for the private key of the ‘Column Master Key’? Is that running certlm?

The column that I encrypted with Always Encrypted option is nvarchar(50), when encrypted, the collation changed to Latin1_General_BIN2. Still getting this error while open the page with the reference to the column

ByteArray objects cannot be converted to strings.

Any help would be greatly appreciated. Gena

user1706426
  • 387
  • 1
  • 3
  • 12
  • 1
    [See this reference](https://community.hostek.com/t/sql-server-always-encrypted-columns/315#heading--ColdFusion) _In order to use Always Encrypted Columns with ColdFusion, you must install the latest Microsoft JDBC driver for Java into the ColdFusion lib directory. Then, you must create the datasource in the ColdFusion administrator using the ‘Other’ option with the following parameters: JDBC URL:_ `jdbc:sqlserver://SERVER_HOSTNAME;databaseName=DATABASE_NAME;columnEncryptionSetting=Enabled; Driver Class: com.microsoft.sqlserver.jdbc.SQLServerDriver` – Miguel-F Jan 25 '21 at 13:22
  • @Miguel-F. Thank you, I added the source with the instructions. Stack on this paragraph and can not find any references on how to: You must also ensure that the ColdFusion service account has access to the private key. This service usually runs under the ‘cfusion’ user so you will want to give read permissions for that user to the private key of the ‘Column Master Key’. – user1706426 Jan 26 '21 at 14:29
  • I believe it discusses this in that same article above the link reference I provided. It depends on how and where you store the private key. The article recommends exporting as 'local machine' for more general use then you import it on your ColdFusion server using `certlm.msc`. The article walks you through this. The ColdFusion service runs under some account. That account will need 'read' access to use the key. How to set this depends on the operating system of your server. Read through the "Additional Information" links provided at the bottom of the article as well. – Miguel-F Jan 26 '21 at 15:40

0 Answers0