"Invalid use of a side-effecting operator 'OPEN SYMMETRIC KEY' within a function." 打开对称密钥时出错
"Invalid use of a side-effecting operator 'OPEN SYMMETRIC KEY' within a function." error while opening a symmetric key
我正在尝试在两个函数中打开对称密钥。像这样:
CREATE FUNCTION DECRYPTDATA
(
@CipherText NVARCHAR(MAX)
)
RETURNS NVARCHAR(MAX)
AS
BEGIN
DECLARE @Result NVARCHAR(MAX)
OPEN SYMMETRIC KEY MyKEY DECRYPTION BY CERTIFICATE MyCERT
SELECT @Result = CONVERT(VARCHAR(MAX),DECRYPTBYKEY(@CipherText))
RETURN @Result
END
GO
CREATE FUNCTION ENCRYPTDATA
(
@Text NVARCHAR(MAX)
)
RETURNS NVARCHAR(MAX)
AS
BEGIN
DECLARE @Result NVARCHAR(MAX)
OPEN SYMMETRIC KEY MyKEY DECRYPTION BY CERTIFICATE MyCERT
SELECT @Result = ENCRYPTBYKEY(Key_GUID('MyKEY'),@Text)
RETURN @Result
END
GO
但是我收到这个错误:
Invalid use of a side-effecting operator 'OPEN SYMMETRIC KEY' within a
function.
为什么会这样?
有几件事可以在过程中执行但不能在函数中执行。根据 Ben Cull 的 blog,您可以通过创建处理打开键的过程并在使用该函数之前调用它来绕过此限制。
程序:
CREATE PROCEDURE OpenKeys
AS
BEGIN
SET NOCOUNT ON;
BEGIN TRY
OPEN SYMMETRIC KEY MyKEY
DECRYPTION BY CERTIFICATE MyCERT
END TRY
BEGIN CATCH
-- Handle non-existant key here
END CATCH
END
然后在调用函数之前调用它。
实际上,您可以在函数中执行此操作而无需使用 DECRYPTBYKEYAUTOCERT 函数打开对称密钥:
Decrypts by using a symmetric key that is automatically decrypted with
a certificate.
以下示例演示了这一点:
CREATE MASTER KEY ENCRYPTION
BY PASSWORD = 'sm_long_password@'
GO
CREATE CERTIFICATE CERT_01
WITH SUBJECT = 'CERT_01'
GO
CREATE SYMMETRIC KEY SK_01
WITH ALGORITHM = AES_256 ENCRYPTION
BY CERTIFICATE CERT_01
GO
CREATE FUNCTION [dbo].[TEST] (@encryptedValue VARBINARY(256))
RETURNS NVARCHAR(128)
AS
BEGIN;
RETURN CONVERT(NVARCHAR(128),DECRYPTBYKEYAUTOCERT(CERT_ID('CERT_01'), NULL, @encryptedValue));
END
GO
DECLARE @encryptedValue VARBINARY(256);
OPEN SYMMETRIC KEY SK_01 DECRYPTION
BY CERTIFICATE CERT_01
SET @encryptedValue = ENCRYPTBYKEY(KEY_GUID('SK_01'), N'Stack Overflow')
CLOSE SYMMETRIC KEY SK_01;
SELECT [dbo].[TEST] (@encryptedValue);
DROP FUNCTION [dbo].[TEST];
DROP SYMMETRIC KEY SK_01;
DROP CERTIFICATE CERT_01;
DROP MASTER KEY;
我正在尝试在两个函数中打开对称密钥。像这样:
CREATE FUNCTION DECRYPTDATA
(
@CipherText NVARCHAR(MAX)
)
RETURNS NVARCHAR(MAX)
AS
BEGIN
DECLARE @Result NVARCHAR(MAX)
OPEN SYMMETRIC KEY MyKEY DECRYPTION BY CERTIFICATE MyCERT
SELECT @Result = CONVERT(VARCHAR(MAX),DECRYPTBYKEY(@CipherText))
RETURN @Result
END
GO
CREATE FUNCTION ENCRYPTDATA
(
@Text NVARCHAR(MAX)
)
RETURNS NVARCHAR(MAX)
AS
BEGIN
DECLARE @Result NVARCHAR(MAX)
OPEN SYMMETRIC KEY MyKEY DECRYPTION BY CERTIFICATE MyCERT
SELECT @Result = ENCRYPTBYKEY(Key_GUID('MyKEY'),@Text)
RETURN @Result
END
GO
但是我收到这个错误:
Invalid use of a side-effecting operator 'OPEN SYMMETRIC KEY' within a function.
为什么会这样?
有几件事可以在过程中执行但不能在函数中执行。根据 Ben Cull 的 blog,您可以通过创建处理打开键的过程并在使用该函数之前调用它来绕过此限制。
程序:
CREATE PROCEDURE OpenKeys
AS
BEGIN
SET NOCOUNT ON;
BEGIN TRY
OPEN SYMMETRIC KEY MyKEY
DECRYPTION BY CERTIFICATE MyCERT
END TRY
BEGIN CATCH
-- Handle non-existant key here
END CATCH
END
然后在调用函数之前调用它。
实际上,您可以在函数中执行此操作而无需使用 DECRYPTBYKEYAUTOCERT 函数打开对称密钥:
Decrypts by using a symmetric key that is automatically decrypted with a certificate.
以下示例演示了这一点:
CREATE MASTER KEY ENCRYPTION
BY PASSWORD = 'sm_long_password@'
GO
CREATE CERTIFICATE CERT_01
WITH SUBJECT = 'CERT_01'
GO
CREATE SYMMETRIC KEY SK_01
WITH ALGORITHM = AES_256 ENCRYPTION
BY CERTIFICATE CERT_01
GO
CREATE FUNCTION [dbo].[TEST] (@encryptedValue VARBINARY(256))
RETURNS NVARCHAR(128)
AS
BEGIN;
RETURN CONVERT(NVARCHAR(128),DECRYPTBYKEYAUTOCERT(CERT_ID('CERT_01'), NULL, @encryptedValue));
END
GO
DECLARE @encryptedValue VARBINARY(256);
OPEN SYMMETRIC KEY SK_01 DECRYPTION
BY CERTIFICATE CERT_01
SET @encryptedValue = ENCRYPTBYKEY(KEY_GUID('SK_01'), N'Stack Overflow')
CLOSE SYMMETRIC KEY SK_01;
SELECT [dbo].[TEST] (@encryptedValue);
DROP FUNCTION [dbo].[TEST];
DROP SYMMETRIC KEY SK_01;
DROP CERTIFICATE CERT_01;
DROP MASTER KEY;