14,494 questions
collation_name = 'Hebrew_CI_AS'
It is required to use one of the *_BIN2 collations for Always Encrypted text.
SQL Server - Assigning values to "Always Encrypted"(=AE) textual columns fails while informing "Operand type clash"
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 28.999999999999996%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHE%3C/text%3E%3C/svg%3E)
Hillel Eilat
1
Reputation point
My application shares table definitions across databases for replicating data between them thereafter.
Following table definition stands for an example of a table where that "Operand type clash" fault occurs.
--drop TABLE [dbo].[AEtargetByTypesN]
CREATE TABLE [dbo].[AEtargetByTypesN](
[ky] [int] NOT NULL,
[txt] [char](20) COLLATE Latin1_General_BIN2 ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = [CEK2], ENCRYPTION_TYPE = Deterministic, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NULL,
[dat] [int] ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = [CEK2], ENCRYPTION_TYPE = Deterministic, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NULL,
PRIMARY KEY CLUSTERED
(
[ky] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY]
GO
The script that generates that fault is as simple as follows:
go
truncate table AEtargetByTypesN
declare @k integer = 4
declare @t char(20)='Clash?'
declare @d integer = 1004
insert into AEtargetByTypesN (ky,txt,dat) values (@k,@t,@d)
Error issued:
Msg 206, Level 16, State 2, Line 1114
Operand type clash:
char(20) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'CEK2', column_encryption_key_database_name = 'AEdemo')
collation_name = 'Hebrew_CI_AS'
is incompatible with
char(20) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'CEK2', column_encryption_key_database_name = 'AEdemo')
collation_name = 'Latin1_General_BIN2'
Msg 8180, Level 16, State 1, Procedure sp_describe_parameter_encryption, Line 1 [Batch Start Line 1105]
Statement(s) could not be prepared.
An error occurred while executing batch. Error message is: Internal error. Metadata for parameter '@pb021e6afd90e4c0c901e6fda53e08a03' in statement or procedure 'TRUNCATE TABLE AEtargetByTypesN;
DECLARE @k AS INT = @pb021e6afd90e4c0c901e6fda53e08a03;
DECLARE @t AS CHAR (20) = @pf3683e782e7e4d70a5eba57e5e0993ad;
DECLARE @d AS INT = @pc94e107a3c62444a9977ff198fb05943;
INSERT INTO AEtargetByTypesN (ky, txt, dat)
VALUES (@k, @t, @d);
' is missing in resultset returned by sp_describe_parameter_encryption.
More information:
As observed above - the only attribute that clashes is the COLLATION.
The table definition was mirrored onto the 'AEdemo' target database from a source database having SQL_Latin1_General_CP1_CI_AS as a database COLLATION.
However - the 'AEdemo' target database COLLATION is set as Hebrew_CI_AS.
SELECT [name] as [database_name], collation_name FROM sys.databases WHERE name = 'AEdemo';
database_name collation_name
+------------------
AEdemo Hebrew_CI_AS
Questions:
- One may guess that COLLATION can be the reason for that clash - is it?
- Can there be other reasons for that?
- No references regarding COLLATION restrictions of that kind could be found with respect to Always Encrypted.
- What does it actually mean "is incompatible with" with respect to COLLATION?
- Is there any documentation explaining the terms of COLLATION-s being compatible with each other?
- Are there any intermediate 'mediating' definitions behind the scenes which are involved in matching COLLATION-s for compatibility? ( This question relates to a 'Compatibility_136_8200_0' reported in an error message, which was inspected once)
- How can all these conditions be monitored and controlled?
And most important: What can I do about this?
SQL Server Other
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 69%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sean Gallardy - MSFT 1,901 Reputation points Microsoft Employee2021-02-23T12:57:00.147+00:00 -
Hillel Eilat 1 Reputation point
2021-02-23T13:12:18.197+00:00 Thanks Sean.
The fact that "Always Encrypted" mandates using *_BIN2 collation is well known.
Indeed - the COLUMN in question is qualified as "COLLATE Latin1_General_BIN2", as required.
Reading my question carefully - the point is that when the DATABASE collation is 'Hebrew_CI_AS' - a clash occurs.
If the DATABASE collation is set to - say - SQL_Latin1_General_CP1_CI_AS - it may work fine.
This conflicting case is not mentioned in the URL given in your answer.
Neither can one understand what is the point here.Thanks.
Hillel.
Sign in to comment -
-
CathyJi-MSFT 22,396 Reputation points Microsoft External Staff2021-02-24T09:48:00.173+00:00 Hi @Hillel Eilat ,
Did you enable “Parameterization for Always Encrypted”. Right-click over the query and select “Query Options”, then “Advanced” and enable the option as shown below.
Please refer to the blog to get more.
If the response is helpful, please click "Accept Answer" and upvote it, thank you.
-
Hillel Eilat 1 Reputation point
2021-02-24T11:41:30.697+00:00 Hello Cathy
^^Did you enable “Parameterization ... ”.
Sure I did!
Look - I am far beyond all these setup issues.
The fault is clear and is reproduced in a consistent manner-gap between COLLATION-sReproduce by:
1. Set data base COLLATION to Hebrew_CI_AS
USE master; GO ALTER DATABASE AEdemo COLLATE Hebrew_CI_AS; GO USE AEdemo;2. Create a Column Encryption Key - CEK2
3. Create the table as described above.
Note The column in question is qualified as char COLLATE Latin1_General_BIN2 ENCRYPTED WITH ...
[txt] [char](20) COLLATE Latin1_General_BIN2 ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = [CEK2], ENCRYPTION_TYPE = Deterministic, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NULL,4. Issue the INSERT DML sequence
declare @k integer = 4 declare @t char(20)='Clash?' declare @d integer = 1004 insert into AEtargetByTypesN (ky,txt,dat) values (@k,@t,@d)
Sign in to comment -