SQL Server 2016 introduces a new feature called “Always Encrypted”. It allows to encrypt the data in storage and also in motion (when reading a data). This helps us to secure the data.
There are several concepts involved in Always Encrypted,
- Column Master Key
- This is an encryption key that protects the column encryption keys.
- At least one master key should be available before encrypting any columns.
- Column Encryption Key
- This is the encryption key that actually protects the encrypted columns.
- This will make use of column master key.
- Column-Level Encryption setting
- Column must be set to encrypted using
- Column encryption key
- Type of encryption
- It is always encrypted to the same cyphertext (The result of encryption performed on plaintext using an algorithm).
- It can be used for operations like lookup (join), distinct, group by.
- It can be indexed.
- It is more secure.
- It cannot be used for operations like deterministic.
- Write and Read only possible
- It cannot be indexed.