Uploaded image for project: 'Libmongocrypt'
  1. Libmongocrypt
  2. MONGOCRYPT-85

Support explicit encryption and decryption

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None

      This is to support explicitly encrypting any BSON value or explicitly decrypting a BSON binary subtype 6 value.

      For client code that does this:

      keyvault.encrypt("some value", { key_id: BinData(...), algorithm: "..." } )
      

      The driver should use libmongocrypt to encrypt "some value". We can reuse the mongocrypt_ctx_t type. I'm roughly thinking of:

      mongocrypt_ctx_setopt_key_id (mongocrypt_ctx_t *ctx, mongocrypt_binary_t *key_id);
      mongocrypt_ctx_setopt_key_algorithm (mongocrypt_ctx_t *ctx, const char* algorithm, uint32_t algorithm_len);
      mongocrypt_ctx_setopt_key_initialization_vector (mongocrypt_ctx_t *ctx, const char* iv, uint32_t iv_len);
      mongocrypt_ctx_init_explicit_encrypt (mongocrypt_ctx_t *ctx, mongocrypt_buffer_t *wrapped_value);
      

      Then the context can be used the same way as auto encryption.

      Drivers will likely need to wrap the BSON value to encrypt in a document. So in the above example, wrapped_value would represent the document

      { "v": "some value" }

      .

            Assignee:
            samantha.ritter@mongodb.com Samantha Ritter (Inactive)
            Reporter:
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: