Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Fixed
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
- API

Epic Link:
Build libmongocrypt library
Confidence Status:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Link:
None
Goal Name(s):
None

This is to support explicitly encrypting any BSON value or explicitly decrypting a BSON binary subtype 6 value.

For client code that does this:

keyvault.encrypt("some value", { key_id: BinData(...), algorithm: "..." } )

The driver should use libmongocrypt to encrypt "some value". We can reuse the mongocrypt_ctx_t type. I'm roughly thinking of:

mongocrypt_ctx_setopt_key_id (mongocrypt_ctx_t *ctx, mongocrypt_binary_t *key_id);
mongocrypt_ctx_setopt_key_algorithm (mongocrypt_ctx_t *ctx, const char* algorithm, uint32_t algorithm_len);
mongocrypt_ctx_setopt_key_initialization_vector (mongocrypt_ctx_t *ctx, const char* iv, uint32_t iv_len);
mongocrypt_ctx_init_explicit_encrypt (mongocrypt_ctx_t *ctx, mongocrypt_buffer_t *wrapped_value);

Then the context can be used the same way as auto encryption.

Drivers will likely need to wrap the BSON value to encrypt in a document. So in the above example, wrapped_value would represent the document

{ "v": "some value" }

is depended on by

JAVA-3226 POC - Support Client-side FLE

Closed

Assignee:: Samantha Ritter (Inactive)
Reporter:: Kevin Albertson
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: Apr 05 2019 01:59:28 PM UTC
Updated:: Oct 28 2023 10:26:05 AM UTC
Resolved:: Apr 17 2019 08:01:09 PM UTC
Confidence Status Last Update:: 08/Apr/19 3:50 PM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates