[SOLVED] Azure AES 128 problems

This topic is locked

[SOLVED] Â Azure AES 128 problems	1/17/2017 12:38:37 PM
PHPRunner General questions
T thudsen author Hi Not sure if anyone knows how to help. I'm trying to add encryption to a MS SQL database which I'm using through azure. When I try to add AES128 as the encryption method I get the following error Error executing query IF NOT EXISTS( SELECT * FROM sys.symmetric_keys WHERE symmetric_key_id = 101 ) BEGIN CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; END; CREATE CERTIFICATE XXXX_certname WITH SUBJECT = 'PHPRunner DataSecurity Certificate', EXPIRY_DATE = '12/31/2024'; CREATE SYMMETRIC KEY XXXXXX_keyname WITH ALGORITHM=AES_128 ENCRYPTION BY CERTIFICATE XXXXXX_certname; IDispatch error #3092 Password validation failed. The password does not meet policy requirements because it is not complex enough. I've replaced my password and server name with X's in the above. Does anyone know how to make it valid? Thanks Terry

Mark as Solved Mark as not solved

3 replies


	Admin 1/17/2017
	Well, Google certainly knows the answers, first result: https://www.google.com/search?q=Password+validation+failed.+The+password+does+not+meet+policy+requirements+because+it+is+not+complex+enough. There are certain password requirements that your password didn't meet.


T	thudsen author 1/17/2017
	Well, Google certainly knows the answers, first result: https://www.google.com/search?q=Password+validation+failed.+The+password+does+not+meet+policy+requirements+because+it+is+not+complex+enough. There are certain password requirements that your password didn't meet. Thanks for this. I did google it but it's not as straight forward as that. I'm using MSSQL on Microsoft Azure platform as the server. Unfortunately, PHPRunner generates a simple password and will not allow user defined passwords when setting up AES-128 on MSSQL. When setting up database-based AES, it only gives the option to create a new certificate and symmetric key - all fine. When you click ok, a screen opens with the title "generic script" with the code I listed in it (but without the error code). The generic script window cannot be edited. This means I cannot set a password more complex than PHPRunner has automatically generated. The requirement is to include letters, numbers, uppercase, lowercase and special symbols. I'm not able to do this though. Google hasn't been much help in working out how to do this in PHPRunner - believe it or not I have spent several hours looking... I could opt for code-based encryption but it will mean I'll lose the more powerful search functions on encrypted fields (like names). Thanks Terry


T	thudsen author 1/25/2017
	Just a quick update on this in case anybody is using Azure SQL and having the same issues. Asymmetric key and certificate have to be issued by the server, not created in phprunner. You do this by setting encryption options in the SQL database via Microsoft SQL Server Management Studio (free from the microsoft site). Once you have set the encryption method and it has been stored in the Azure Key Vault, you can select the option for AES in the security settings of PHP Runner. The certificate and symmetric key can be selected from the drop down and it will connect. Note this method does not tell you what they keys are - you don't need to know them as they are stored in the Azure Key Vault.

3 replies

Mark as Solved Reply