Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2539

createEncryptedCollection should not accept keyAltNames or keyMaterial

    • Type: Icon: Task Task
    • Resolution: Done
    • Priority: Icon: Unknown Unknown
    • None
    • Component/s: Client Side Encryption
    • None
    • Needed
    • Hide

      For drivers that have implemented DRIVERS-2312, replace the DataKeyOpts with masterKey in CreateEncryptedCollection. See: https://github.com/mongodb/specifications/commit/479f4bddf517eb6d90abdfc71043b711ccc1f867

       

      The Downstream Changes Summary of DRIVERS-2312 has been updated to include this specification change. Drivers that have not implemented DRIVERS-2312 should do this with DRIVERS-2312.

      Show
      For drivers that have implemented DRIVERS-2312, replace the DataKeyOpts with masterKey in CreateEncryptedCollection. See: https://github.com/mongodb/specifications/commit/479f4bddf517eb6d90abdfc71043b711ccc1f867   The Downstream Changes Summary of DRIVERS-2312 has been updated to include this specification change. Drivers that have not implemented DRIVERS-2312 should do this with DRIVERS-2312.
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      CDRIVER-4568 Done 1.24.0
      CXX-2646 Done
      CSHARP-4514 Fixed 2.20.0
      GODRIVER-2746 Fixed 1.12.0
      JAVA-4865 Duplicate
      NODE-5029 Duplicate
      MOTOR-1092 Duplicate
      PYTHON-3589 Fixed 4.4
      PHPLIB-1078 Works as Designed
      RUBY-3214 Duplicate
      RUST-1593 Duplicate
      SWIFT-1699 Won't Do
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion CDRIVER-4568 Done 1.24.0 CXX-2646 Done CSHARP-4514 Fixed 2.20.0 GODRIVER-2746 Fixed 1.12.0 JAVA-4865 Duplicate NODE-5029 Duplicate MOTOR-1092 Duplicate PYTHON-3589 Fixed 4.4 PHPLIB-1078 Works as Designed RUBY-3214 Duplicate RUST-1593 Duplicate SWIFT-1699 Won't Do

      Summary

      createEncryptedCollection (DRIVERS-2312) should not accept keyAltNames. The problem is that if keyAltNames is given and createEncryptedCollection creates >1 key, then the method will always fail because of a duplicate key error.

      MONGOCRYPT-432 would allow createEncryptedCollection to create keys with different keyAltNames through encryptedFieldsMap/encryptedFields.

      Motivation

      Who is the affected end user?

      Users will be confused by duplicate key errors.

      How does this affect the end user?

      Users that want to create keys with keyAltNames will need to call createDataKey manually.

      How likely is it that this problem or use case will occur?

      Likely if keyAltNames is given.

      Is this issue urgent?

      Would be good to remove the keyAltNames parameter before users encounter this issue.

      Is this ticket required by a downstream team?

      No.

      Is this ticket only for tests?

      No.

            Assignee:
            kevin.albertson@mongodb.com Kevin Albertson
            Reporter:
            shane.harvey@mongodb.com Shane Harvey
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: