[MONGOCRYPT-336] Move key wrap and unwrap functions Created: 03/Oct/21  Updated: 28/Oct/23  Resolved: 04/Oct/21

Status: Closed
Project: Libmongocrypt
Component/s: None
Affects Version/s: None
Fix Version/s: 1.3.0

Type: Improvement Priority: Unknown
Reporter: Kevin Albertson Assignee: Kevin Albertson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Epic Link: CSFLE 1.0 KMIP Support

 Description   

Background & Motivation

Terms

  • Data Encryption Key (DEK) - the encryption key used to encrypt data.
  • Key Encryption Key (KEK) - the encryption key used to encrypt a DEK.
  • Wrap / Unwrap - the process of using a KEK to encrypt / decrypt a DEK.

The local KMS provider wraps DEKs in _kms_start and unwraps DEKs in _decrypt_with_local_kms

The KMIP KMS provider will need to perform the same functions with a KEK obtained from a KMIP server.

Scope

Move the key wrap and unwrap functions to a common place for to be used by the KMIP KMS provider in MONGOCRYPT-333.



 Comments   
Comment by Githook User [ 04/Oct/21 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: MONGOCRYPT-336 move key wrap and unwrap functions (#197)
Branch: master
https://github.com/mongodb/libmongocrypt/commit/bb27edaca63fc340b9e1012afc1720a0a8d8c034

Comment by Kevin Albertson [ 04/Oct/21 ]

PR: https://github.com/mongodb/libmongocrypt/pull/197

Generated at Thu Feb 08 09:08:28 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.