Mongo Client Side Field Level Encryption Key ID schema error

L_B · July 7, 2020, 7:28pm

Trying to follow the mongo client side field level encryption tutorials but I’m struggling to get the schema working with the keyID field.

See below for my JS command.

I’m receiving this error “Array elements must have type BinData, found object” with code 51088.

I’m interpreting this as the keyID is not an array of UUID but I can’t find any information on how to get around this.

db.createCollection("users", {
    validator: {
        $jsonSchema: {
            bsonType: "object",
            properties: {
                date_of_birth: {
                    encrypt: {
                        keyId: [{
                            "$binary": {
                                base64: "%s",
                                subType: "04"
                            }
                        }],
                        bsonType: "string",
                        algorithm: "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
                    }
                },
            }
        }
    }
});

wan · July 15, 2020, 4:38am

Hi @L_B,

This is because the value of keyId that is passed is in the form of object, or document. In this case it’s :

{
    "$binary": {
        base64: "%s",
        subType: "04"
  }
}

The value needs to be a Binary instance. If you would like to construct this from a base64 string you can utilise mongodb.Binary, i.e:

var Binary = require('mongodb').Binary;
var buffer = Buffer.from(base64KeyId, 'base64');
var keyIdBinary= new Binary(buffer, Binary.SUBTYPE_UUID);

Then you can use it as keyId: [keyIdBinary] , please note that it’s still in array format.

See also Client-Side Field Level Encryption Guide: Verify Data Encryption Key Creation for more information.

Regards,
Wan.