public void ClientSideExplicitEncryptionAndDecryptionTour() { RequireServer.Check().Supports(Feature.ClientSideEncryption); var localMasterKey = Convert.FromBase64String(LocalMasterKey); var kmsProviders = new Dictionary <string, IReadOnlyDictionary <string, object> >(); var localKey = new Dictionary <string, object> { { "key", localMasterKey } }; kmsProviders.Add("local", localKey); var keyVaultNamespace = CollectionNamespace.FromFullName("encryption.__keyVault"); var keyVaultClient = new MongoClient("mongodb://localhost"); var keyVaultDatabase = keyVaultClient.GetDatabase(keyVaultNamespace.DatabaseNamespace.DatabaseName); keyVaultDatabase.DropCollection(keyVaultNamespace.CollectionName); // Create the ClientEncryption instance var clientEncryptionSettings = new ClientEncryptionOptions( keyVaultClient, keyVaultNamespace, kmsProviders); using (var clientEncryption = new ClientEncryption(clientEncryptionSettings)) { var dataKeyId = clientEncryption.CreateDataKey( "local", new DataKeyOptions(), CancellationToken.None); var originalString = "123456789"; _output.WriteLine($"Original string {originalString}."); // Explicitly encrypt a field var encryptOptions = new EncryptOptions( EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic.ToString(), keyId: dataKeyId); var encryptedFieldValue = clientEncryption.Encrypt( originalString, encryptOptions, CancellationToken.None); _output.WriteLine($"Encrypted value {encryptedFieldValue}."); // Explicitly decrypt the field var decryptedValue = clientEncryption.Decrypt(encryptedFieldValue, CancellationToken.None); _output.WriteLine($"Decrypted value {decryptedValue}."); } }
private Guid CreateDataKey( ClientEncryption clientEncryption, string kmsProvider, DataKeyOptions dataKeyOptions, bool async) { if (async) { return(clientEncryption .CreateDataKeyAsync(kmsProvider, dataKeyOptions, CancellationToken.None) .GetAwaiter() .GetResult()); } else { return(clientEncryption.CreateDataKey(kmsProvider, dataKeyOptions, CancellationToken.None)); } }
// public void ClientSideEncryptionAutoEncryptionSettingsTour() public static void Main(string[] args) { var localMasterKey = Convert.FromBase64String(LocalMasterKey); var kmsProviders = new Dictionary <string, IReadOnlyDictionary <string, object> >(); var localKey = new Dictionary <string, object> { { "key", localMasterKey } }; kmsProviders.Add("local", localKey); var keyVaultDB = "keyVault"; var keystore = "__keystore"; var keyVaultNamespace = CollectionNamespace.FromFullName($"{keyVaultDB}.{keystore}"); var keyVaultMongoClient = new MongoClient(); var clientEncryptionSettings = new ClientEncryptionOptions( keyVaultMongoClient, keyVaultNamespace, kmsProviders); var clientEncryption = new ClientEncryption(clientEncryptionSettings); keyVaultMongoClient.GetDatabase(keyVaultDB).DropCollection(keystore); var altKeyName = new[] { "csharpDataKey01" }; var dataKeyOptions = new DataKeyOptions(alternateKeyNames: altKeyName); var dataKeyId = clientEncryption.CreateDataKey("local", dataKeyOptions, CancellationToken.None); var base64DataKeyId = Convert.ToBase64String(GuidConverter.ToBytes(dataKeyId, GuidRepresentation.Standard)); clientEncryption.Dispose(); var collectionNamespace = CollectionNamespace.FromFullName("test.coll"); var schemaMap = $@"{{ properties: {{ SSN: {{ encrypt: {{ keyId: [{{ '$binary' : {{ 'base64' : '{base64DataKeyId}', 'subType' : '04' }} }}], bsonType: 'string', algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic' }} }} }}, 'bsonType': 'object' }}"; var autoEncryptionSettings = new AutoEncryptionOptions( keyVaultNamespace, kmsProviders, schemaMap: new Dictionary <string, BsonDocument>() { { collectionNamespace.ToString(), BsonDocument.Parse(schemaMap) } }); var clientSettings = new MongoClientSettings { AutoEncryptionOptions = autoEncryptionSettings }; var client = new MongoClient(clientSettings); var database = client.GetDatabase("test"); database.DropCollection("coll"); var collection = database.GetCollection <BsonDocument>("coll"); collection.InsertOne(new BsonDocument("SSN", "123456789")); var result = collection.Find(FilterDefinition <BsonDocument> .Empty).First(); Console.WriteLine(result.ToJson()); }
public void ClientSideExplicitEncryptionAndAutoDecryptionTour() { RequireServer.Check().Supports(Feature.ClientSideEncryption); var localMasterKey = Convert.FromBase64String(LocalMasterKey); var kmsProviders = new Dictionary <string, IReadOnlyDictionary <string, object> >(); var localKey = new Dictionary <string, object> { { "key", localMasterKey } }; kmsProviders.Add("local", localKey); var keyVaultNamespace = CollectionNamespace.FromFullName("encryption.__keyVault"); var collectionNamespace = CollectionNamespace.FromFullName("test.coll"); var autoEncryptionOptions = new AutoEncryptionOptions( keyVaultNamespace, kmsProviders, bypassAutoEncryption: true); var clientSettings = MongoClientSettings.FromConnectionString("mongodb://localhost"); clientSettings.AutoEncryptionOptions = autoEncryptionOptions; var mongoClient = new MongoClient(clientSettings); var database = mongoClient.GetDatabase(collectionNamespace.DatabaseNamespace.DatabaseName); database.DropCollection(collectionNamespace.CollectionName); var collection = database.GetCollection <BsonDocument>(collectionNamespace.CollectionName); var keyVaultClient = new MongoClient("mongodb://localhost"); var keyVaultDatabase = keyVaultClient.GetDatabase(keyVaultNamespace.DatabaseNamespace.DatabaseName); keyVaultDatabase.DropCollection(keyVaultNamespace.CollectionName); // Create the ClientEncryption instance var clientEncryptionSettings = new ClientEncryptionOptions( keyVaultClient, keyVaultNamespace, kmsProviders); using (var clientEncryption = new ClientEncryption(clientEncryptionSettings)) { var dataKeyId = clientEncryption.CreateDataKey( "local", new DataKeyOptions(), CancellationToken.None); var originalString = "123456789"; _output.WriteLine($"Original string {originalString}."); // Explicitly encrypt a field var encryptOptions = new EncryptOptions( EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic.ToString(), keyId: dataKeyId); var encryptedFieldValue = clientEncryption.Encrypt( originalString, encryptOptions, CancellationToken.None); _output.WriteLine($"Encrypted value {encryptedFieldValue}."); collection.InsertOne(new BsonDocument("encryptedField", encryptedFieldValue)); // Automatically decrypts the encrypted field. var decryptedValue = collection.Find(FilterDefinition <BsonDocument> .Empty).First(); _output.WriteLine($"Decrypted document {decryptedValue.ToJson()}."); } }
public void ClientSideEncryptionAutoEncryptionSettingsTour() { RequireServer.Check().Supports(Feature.ClientSideEncryption); var localMasterKey = Convert.FromBase64String(LocalMasterKey); var kmsProviders = new Dictionary <string, IReadOnlyDictionary <string, object> >(); var localKey = new Dictionary <string, object> { { "key", localMasterKey } }; kmsProviders.Add("local", localKey); var keyVaultNamespace = CollectionNamespace.FromFullName("admin.datakeys"); var keyVaultMongoClient = new MongoClient(); var clientEncryptionSettings = new ClientEncryptionOptions( keyVaultMongoClient, keyVaultNamespace, kmsProviders); var clientEncryption = new ClientEncryption(clientEncryptionSettings); var dataKeyId = clientEncryption.CreateDataKey("local", new DataKeyOptions(), CancellationToken.None); var base64DataKeyId = Convert.ToBase64String(GuidConverter.ToBytes(dataKeyId, GuidRepresentation.Standard)); clientEncryption.Dispose(); var collectionNamespace = CollectionNamespace.FromFullName("test.coll"); var schemaMap = $@"{{ properties: {{ encryptedField: {{ encrypt: {{ keyId: [{{ '$binary' : {{ 'base64' : '{base64DataKeyId}', 'subType' : '04' }} }}], bsonType: 'string', algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic' }} }} }}, 'bsonType': 'object' }}"; var autoEncryptionSettings = new AutoEncryptionOptions( keyVaultNamespace, kmsProviders, schemaMap: new Dictionary <string, BsonDocument>() { { collectionNamespace.ToString(), BsonDocument.Parse(schemaMap) } }); var clientSettings = new MongoClientSettings { AutoEncryptionOptions = autoEncryptionSettings }; var client = new MongoClient(clientSettings); var database = client.GetDatabase("test"); database.DropCollection("coll"); var collection = database.GetCollection <BsonDocument>("coll"); collection.InsertOne(new BsonDocument("encryptedField", "123456789")); var result = collection.Find(FilterDefinition <BsonDocument> .Empty).First(); _output.WriteLine(result.ToJson()); }