[DRIVERS-2732] CSFLE/QE KMIP support for encrypt/decrypt Created: 22/Sep/23  Updated: 05/Feb/24

Status: Designing
Project: Drivers
Component/s: Client Side Encryption
Fix Version/s: None

Type: Epic Priority: Major - P3
Reporter: Cynthia Braund (Inactive) Assignee: Adrian Dole
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Issue split
split to CDRIVER-4817 CSFLE/QE KMIP support for encrypt/dec... Blocked
split to CSHARP-4941 CSFLE/QE KMIP support for encrypt/dec... Blocked
split to CXX-2813 CSFLE/QE KMIP support for encrypt/dec... Blocked
split to GODRIVER-3103 CSFLE/QE KMIP support for encrypt/dec... Blocked
split to JAVA-5300 CSFLE/QE KMIP support for encrypt/dec... Blocked
split to MOTOR-1236 CSFLE/QE KMIP support for encrypt/dec... Blocked
split to NODE-5853 CSFLE/QE KMIP support for encrypt/dec... Blocked
split to PHPLIB-1375 CSFLE/QE KMIP support for encrypt/dec... Blocked
split to PYTHON-4164 CSFLE/QE KMIP support for encrypt/dec... Blocked
split to RUBY-3383 CSFLE/QE KMIP support for encrypt/dec... Blocked
split to RUST-1830 CSFLE/QE KMIP support for encrypt/dec... Blocked
Driver Changes: Needed
Quarter: FY24Q4
Engineering Lead: Kevin Albertson Kevin Albertson
Program Manager: Esha Bhargava Esha Bhargava
Scope Cost Estimate: 0
Cost to Date: 0
Final Cost Estimate: 0
Cost Threshold %: 100
Detailed Project Statuses:

2024-02-05: 

Status update: 

  • libmongocrypt and C driver implementation working.
  • Working on specification tests.

Driver Compliance:
Key Status/Resolution FixVersion
CDRIVER-4817 Blocked
CXX-2813 Blocked
CSHARP-4941 Blocked
GODRIVER-3103 Blocked
JAVA-5300 Blocked
NODE-5853 Blocked
MOTOR-1236 Blocked
PYTHON-4164 Blocked
PHPLIB-1375 Blocked
RUBY-3383 Blocked
RUST-1830 Blocked

 Description   

Summary

Previous versions of the KMIP spec did not support encrypt and decrypt functionality.  It was added in 1.2 but even those using 1.2 didn't necessarily support the encrypt/decrypt calls.  For CSFLE and Queryable Encryption, that means that the CMK is what needs to be transported back and forth from the key provider to the driver, which is less than ideal from a security standpoint because you are exposing a wrapping key.  If that wrapping key is exposed all dek encrypted with it can be decrypted.  HashiCorp Vault Enterprise added support for encrypt/decrypt in their 1.13 version, at our request, so that we can use KMIP like we do for the other key providers, which is sending the cleartext DEK to the key provider for encryption and sending encrypted DEK for decryption.

Cast of Characters

Engineering Lead:
Document Author:
POCers:
Product Owner:
Program Manager:
Stakeholders:

Channels & Docs

Slack Channel

[Scope Document|some.url]

[Technical Design Document|some.url]


Generated at Thu Feb 08 08:26:18 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.