Entity framework 更改加密列属性的最佳做法是什么

正在使用Always Encrypt对[Email]列进行加密的我的[User]表

我需要将[Email]的长度从max限制为MaxLength250，我通过在Email属性上添加MaxLength250来实现这一点

public class User
{    
    [Key, Required]
    public Guid Id { get; set; }
    [Required, **MaxLength(250)**]
    public string Email { get; set; }
    ...
}

但当我运行迁移脚本时，出现了以下异常：

Operand type clash: nvarchar(max) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'CEK1', column_encryption_key_database_name = 'Identity') is incompatible with nvarchar

迁移脚本是：

DECLARE @var0 nvarchar(128)
SELECT @var0 = name
FROM sys.default_constraints
WHERE parent_object_id = object_id(N'dbo.User')
AND col_name(parent_object_id, parent_column_id) = 'Email';
IF @var0 IS NOT NULL
    EXECUTE('ALTER TABLE [dbo].[User] DROP CONSTRAINT [' + @var0 + ']')
ALTER TABLE [dbo].[User] ALTER COLUMN [Email] [nvarchar](250) NOT NULL
INSERT [dbo].[__MigrationHistory]([MigrationId], [ContextKey], [Model], [ProductVersion])
VALUES (N'201804250659054_12345678', N'Concordya.PWC.Verify.DataAccess.Migrations.Configuration',  0x1F8... , N'6.2.0-61023')

我在DB中手动运行脚本，同样的错误

这是否意味着一旦列被加密，更改属性的唯一方法就是解密、修改，然后加密

谢谢，

---

Cheng

我在尝试增大始终加密的NVARCHAR列的大小时遇到了类似的错误。问题是ALTERCOLUMN语句仍然需要包含加密参数。例如，你可以改变这个-

ALTER TABLE [dbo].[User] ALTER COLUMN [Email] [nvarchar](250) NOT NULL

设置为“始终加密”参数的值-

ALTER TABLE [dbo].[User] ALTER COLUMN [Email] [nvarchar](250) NOT NULL
ENCRYPTED WITH (
      ENCRYPTION_TYPE = DETERMINISTIC
    , ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256'
    , COLUMN_ENCRYPTION_KEY = [**YOUR KEY**]
) NULL

---

别担心！很高兴能帮忙：