When a BSON value of any type is encrypted, its value is hidden but its type is deliberately exposed as plaintext. This scheme hides BSON values of type String, Double, etc., but the following BSON types can have only one value:
- 0x06 Undefined (deprecated)
- 0x0A Null
- 0xFF Min key
- 0x7F Max key
Therefore, encrypting a value of a single-valued type leaves its value exposed, since its value is implied by its type. A JSON schema that specifies an encrypted field of one of these types is invalid, and mongocryptd must return an error for such a schema.
- related to
-
SERVER-41264 Mongocryptd is willing to mark single-valued types for encryption
- Closed