Uploaded image for project: 'Libmongocrypt'
  1. Libmongocrypt
  2. MONGOCRYPT-365

Support new context and state for rewrapManyDataKey

    • Type: Icon: New Feature New Feature
    • Resolution: Fixed
    • Priority: Icon: Unknown Unknown
    • 1.5.0-alpha0, 1.5.0
    • Affects Version/s: None
    • Component/s: None
    • None

      Background

      WRITING-9378 proposes adding a new context to libmongocrypt to assist with driver implementation of the new ClientEncryption::rewrapManyDataKey method.

      The ClientEncryption::rewrapManyDataKey method should create a context in libmongocrypt.

      The libmongocrypt context should do the following:

      • Enter the MONGOCRYPT_CTX_NEED_MONGO_KEYS state to request the driver "find" matching keys.
      • Decrypt matching keys with the old KMS provider, entering the MONGOCRYPT_CTX_NEED_KMS state as needed.
      • Encrypt matching keys with the new KMS provider, entering the MONGOCRYPT_CTX_NEED_KMS state as needed.
      • Enter a new state MONGOCRYPT_CTX_NEED_UPDATE to request the driver run a bulk update on the key vault collection with the new documents.
        • Drivers are expected to run a bulk update after obtaining the rewrapped key documents with mongocrypt_ctx_finalize(), after which libmongocrypt has no further work to do. A new state was therefore deemed unnecessary.

      Scope

      • Support a new context in libmongocrypt to rewrap multiple data keys.
      • Add a new state MONGOCRYPT_CTX_NEED_UPDATE to request the driver run a bulk update.

            Assignee:
            ezra.chung@mongodb.com Ezra Chung
            Reporter:
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: