Details
-
Bug
-
Resolution: Done
-
Major - P3
-
None
-
None
-
None
Description
The instructions for key-file encryption tell us to use the following command for keyfile creation
openssl rand -base64 32 | head -c 32 > mongodb-keyfile
|
This is incorrect as when you base64 encode something, original key length is not preserved, therefore we are truncating our keys with this command. What we actually want is
openssl rand -base64 32 > mongodb-keyfile
|
The exact issue can be found at http://docs.mongodb.org/manual/release-notes/3.1-dev-series-configure-encryption/#local-key-management