As you know this has been introduced in sql server 2016, I am not going in details on it but would like to highlights some points which I learned today:
YOU WILL NEVER GET/READ THE REAL DATA FROM “SQL SERVER MANAGEMENT STUDIO”. IT WILL ALWAYS BEEN ENCRYPTED. THOSE COLUMNS HAS BE READ/WRITE USING APPLICATION CODE ONLY(having higher privilege)
- It intern uses self signed certificate for reading the data.
- Must required .NET FRAMEWORK 4.6
- Need to create COLUMN MASTER KEY and that has to be registered with COLUMN ENCRYPTION KEY.
- Presently Microsoft supports only 1 ALGORITHM as ‘AEAD_AES_256_CBC_HMAC_SHA_256’.
- Encryption type can be DETERMINISTIC support indexes,RANDOMIZED not supported/good for indexing.
limitations and errors related to always encryption: