Class AesColumnEncryptionPolicy
Implementation of IColumnEncryptionPolicy using the system's implementation of Aes.
Inheritance
Implements
Inherited Members
Namespace: Cassandra
Assembly: Cassandra.dll
Syntax
public class AesColumnEncryptionPolicy : BaseColumnEncryptionPolicy<AesColumnEncryptionPolicy.AesKeyAndIV>, IColumnEncryptionPolicy
Remarks
You can provide a Key and IV for each encrypted column or a key ONLY. If no IV is provided then a random one will be generated every time a value is encrypted. The IV will be stored with the value so prior knowledge of the IV is not needed for decryption.
For columns that are used in WHERE clauses of SELECT statements you should always provide the same IV instead of relying on the randomly generated one because the value that is used for server side operations includes the IV.
This implementation does not encrypt NULL values. NULL values will be written as empty byte arrays (without any IV). Any serialized value that is an empty byte array (like empty strings) will technically not be encrypted even though an IV will be stored next to it.
Fields
IVLength
Declaration
public const int IVLength = 16
Field Value
Type | Description |
---|---|
int |
Methods
AddColumn(string, string, string, AesKeyAndIV, ColumnTypeCode)
Provide cryptography materials to be used when encrypting and/or decrypting data for the specified column.
Declaration
public override void AddColumn(string ks, string table, string col, AesColumnEncryptionPolicy.AesKeyAndIV key, ColumnTypeCode typeCode)
Parameters
Type | Name | Description |
---|---|---|
string | ks | |
string | table | |
string | col | |
AesColumnEncryptionPolicy.AesKeyAndIV | key | |
ColumnTypeCode | typeCode |
Overrides
Remarks
If the typeCode
is 'map','list','set','udt','tuple' or 'custom' then you have to use the other overload
(AddColumn(string, string, string, TKey, ColumnTypeCode, IColumnInfo)) so you can provide the IColumnInfo.
AddColumn(string, string, string, AesKeyAndIV, ColumnTypeCode, IColumnInfo)
Provide cryptography materials to be used when encrypted and/or decrypting data for the specified column.
Declaration
public override void AddColumn(string ks, string table, string col, AesColumnEncryptionPolicy.AesKeyAndIV key, ColumnTypeCode typeCode, IColumnInfo columnTypeInfo)
Parameters
Type | Name | Description |
---|---|---|
string | ks | |
string | table | |
string | col | |
AesColumnEncryptionPolicy.AesKeyAndIV | key | |
ColumnTypeCode | typeCode | |
IColumnInfo | columnTypeInfo |
Overrides
Remarks
This overload has an extra parameter (columnTypeInfo
) which is used if the typeCode
refers to a type that requires extra type information.
E.g. collection types require information about the type of objects that the collection contains. This overload should only be used if the column is of type 'map', 'list', 'set', 'udt', 'tuple' or 'custom'.
DecryptWithKey(AesKeyAndIV, byte[])
Decrypts the provided encrypted byte array with the provided key (which was previously added with the AddColumn(string, string, string, TKey, ColumnTypeCode) method).
Declaration
public override byte[] DecryptWithKey(AesColumnEncryptionPolicy.AesKeyAndIV key, byte[] encryptedBytes)
Parameters
Type | Name | Description |
---|---|---|
AesColumnEncryptionPolicy.AesKeyAndIV | key | Key that was previously provided with AddColumn(string, string, string, TKey, ColumnTypeCode). |
byte[] | encryptedBytes | Encrypted bytes read from the server. |
Returns
Type | Description |
---|---|
byte[] | The decrypted bytes (i.e. serialized value) which will then be deserialized by the driver afterwards. |
Overrides
Remarks
Implement your column encryption policy decryption logic by overriding this method.
EncryptWithKey(AesKeyAndIV, byte[])
Encrypts the provided byte array (serialized value) with the provided key (which was previously added with the AddColumn(string, string, string, TKey, ColumnTypeCode) method).
Declaration
public override byte[] EncryptWithKey(AesColumnEncryptionPolicy.AesKeyAndIV key, byte[] objBytes)
Parameters
Type | Name | Description |
---|---|---|
AesColumnEncryptionPolicy.AesKeyAndIV | key | Key that was previously provided with AddColumn(string, string, string, TKey, ColumnTypeCode). |
byte[] | objBytes | Serialized value as a byte array. |
Returns
Type | Description |
---|---|
byte[] | The encrypted bytes. |
Overrides
Remarks
Implement your column encryption policy encryption logic by overriding this method.