Hi,
I have a few AWS EC2 instances currently running SQL Server 2016. I'd now like to upgrade these to SQL Server 2019 but the problem is that some of the data has been encrypted at the column level. I understand that, after SQL 2016, the encryption algorithm changed from SHA1 to SHA2. Would this data "survive" the upgrade or would I need to always start SQL with trace flag 4631 enabled?
Is there a way to decrypt using SHA1 and re-encrypt with SHA2 on the same server so I don't have to worry about this in the future?
The encrypted data isn't affected by the hashing algorithm change, the storage of the encryption key is.
Details of the issue are listed in the KB article that introduced the trace flag: https://support.microsoft.com/en-us/topic/kb4053407-fix-sql-server-2017-cannot-decrypt-data-encrypted-by-earlier-versions-of-sql-server-by-using-the-same-symmetric-key-a33f8bc7-e01a-55c6-72db-b851334df3dd
From that article: "Note This issue will not occur if the symmetric key from an earlier version of SQL Server isn't dropped or recreated in SQL Server 2017."
Eddie Wuerch
MCM: SQL
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply