libmongocrypt: data key generation

XMLWordPrintableJSON

    • Type: New Feature
    • Resolution: Fixed
    • Priority: Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      The driver depends on libmongocrypt to create encrypted key material so it can insert into the key vault. The driver spec "Driver: Key Vault" describes the document that gets created. libmongocrypt is used to generate the "keyMaterial" field's value.

      To do so, libmongocrypt should provide API that does the following:

      • creates a data key (64 byte random string)
      • asks the driver to encrypt the data key material with KMS by returning a mongocrypt_key_decryptor_t (being added in CDRIVER-2949)
      • returns the final encrypted data key

        1.
        		 Generalize _mongocrypt_random_iv to generate a random n byte IV. MONGOCRYPT-52 Sub-task Closed Clyde Bazile III (Inactive)  
        2.
        		 Generalize mongocrypt-key-decryptor.c and related classes to work for both encryption and decryption. MONGOCRYPT-53 Sub-task Closed Kevin Albertson  

            Assignee:
            Kevin Albertson
            Reporter:
            Samantha Ritter (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: