[DRIVERS-2539] createEncryptedCollection should not accept keyAltNames or keyMaterial Created: 31/Jan/23  Updated: 02/Jun/23  Resolved: 02/Jun/23

Status: Closed
Project: Drivers
Component/s: Client Side Encryption
Fix Version/s: None

Type: Task Priority: Unknown
Reporter: Shane Harvey Assignee: Kevin Albertson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Issue split
split to CDRIVER-4568 createEncryptedCollection should not ... Closed
split to CSHARP-4514 createEncryptedCollection should not ... Closed
split to CXX-2646 createEncryptedCollection should not ... Closed
split to GODRIVER-2746 createEncryptedCollection should not ... Closed
split to JAVA-4865 createEncryptedCollection should not ... Closed
split to MOTOR-1092 createEncryptedCollection should not ... Closed
split to NODE-5029 createEncryptedCollection should not ... Closed
split to PHPLIB-1078 createEncryptedCollection should not ... Closed
split to PYTHON-3589 createEncryptedCollection should not ... Closed
split to RUBY-3214 createEncryptedCollection should not ... Closed
split to RUST-1593 createEncryptedCollection should not ... Closed
Related
related to MONGOCRYPT-432 Allow keyAltName in encryptedFieldsMap Backlog
Driver Changes: Needed
Downstream Changes Summary:

For drivers that have implemented DRIVERS-2312, replace the DataKeyOpts with masterKey in CreateEncryptedCollection. See: https://github.com/mongodb/specifications/commit/479f4bddf517eb6d90abdfc71043b711ccc1f867

 

The Downstream Changes Summary of DRIVERS-2312 has been updated to include this specification change. Drivers that have not implemented DRIVERS-2312 should do this with DRIVERS-2312.

Driver Compliance:
Key Status/Resolution FixVersion
CDRIVER-4568 Done 1.24.0
CXX-2646 Done
CSHARP-4514 Fixed 2.20.0
GODRIVER-2746 Fixed 1.12.0
JAVA-4865 Duplicate
NODE-5029 Duplicate
MOTOR-1092 Duplicate
PYTHON-3589 Fixed 4.4
PHPLIB-1078 Works as Designed
RUBY-3214 Duplicate ruby-3052
RUST-1593 Duplicate
SWIFT-1699 Won't Do

 Description   

Summary

createEncryptedCollection (DRIVERS-2312) should not accept keyAltNames. The problem is that if keyAltNames is given and createEncryptedCollection creates >1 key, then the method will always fail because of a duplicate key error.

MONGOCRYPT-432 would allow createEncryptedCollection to create keys with different keyAltNames through encryptedFieldsMap/encryptedFields.

Motivation

Who is the affected end user?

Users will be confused by duplicate key errors.

How does this affect the end user?

Users that want to create keys with keyAltNames will need to call createDataKey manually.

How likely is it that this problem or use case will occur?

Likely if keyAltNames is given.

Is this issue urgent?

Would be good to remove the keyAltNames parameter before users encounter this issue.

Is this ticket required by a downstream team?

No.

Is this ticket only for tests?

No.



 Comments   
Comment by Githook User [ 02/Feb/23 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: DRIVERS-2539 Replace `DataKeyOpts` with `masterKey` in `CreateEncryptedCollection` (#1377)

  • add CEC test case with `aws`
  • replace CEC DataKeyOpts with masterKey
  • update Last Modified and Changelog
Generated at Thu Feb 08 08:25:50 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.