Class AesColumnEncryptionPolicy
Implementation of IColumnEncryptionPolicy using the system's implementation of System.Security.Cryptography.Aes.
Inheritance
Implements
Inherited Members
Namespace: Cassandra
Assembly: Cassandra.dll
Syntax
public class AesColumnEncryptionPolicy : BaseColumnEncryptionPolicy<AesColumnEncryptionPolicy.AesKeyAndIV>, IColumnEncryptionPolicyRemarks
You can provide a Key and IV for each encrypted column or a key ONLY. If no IV is provided then a random one will be generated every time a value is encrypted. The IV will be stored with the value so prior knowledge of the IV is not needed for decryption.
For columns that are used in WHERE clauses of SELECT statements you should always provide the same IV instead of relying on the randomly generated one because the value that is used for server side operations includes the IV.
This implementation does not encrypt NULL values. NULL values will be written as empty byte arrays (without any IV). Any serialized value that is an empty byte array (like empty strings) will technically not be encrypted even though an IV will be stored next to it.
Fields
IVLength
Declaration
public const int IVLength = 16Field Value
| Type | Description |
|---|---|
| int |
Methods
AddColumn(string, string, string, AesKeyAndIV, ColumnTypeCode, IColumnInfo)
Provide cryptography materials to be used when encrypted and/or decrypting data for the specified column.
Declaration
public override void AddColumn(string ks, string table, string col, AesColumnEncryptionPolicy.AesKeyAndIV key, ColumnTypeCode typeCode, IColumnInfo columnTypeInfo)Parameters
| Type | Name | Description |
|---|---|---|
| string | ks | |
| string | table | |
| string | col | |
| AesColumnEncryptionPolicy.AesKeyAndIV | key | |
| ColumnTypeCode | typeCode | |
| IColumnInfo | columnTypeInfo |
Overrides
Remarks
This overload has an extra parameter (columnTypeInfo) which is used if the typeCode refers to a type that requires extra type information.
E.g. collection types require information about the type of objects that the collection contains. This overload should only be used if the column is of type 'map', 'list', 'set', 'udt', 'tuple' or 'custom'.
AddColumn(string, string, string, AesKeyAndIV, ColumnTypeCode)
Provide cryptography materials to be used when encrypting and/or decrypting data for the specified column.
Declaration
public override void AddColumn(string ks, string table, string col, AesColumnEncryptionPolicy.AesKeyAndIV key, ColumnTypeCode typeCode)Parameters
| Type | Name | Description |
|---|---|---|
| string | ks | |
| string | table | |
| string | col | |
| AesColumnEncryptionPolicy.AesKeyAndIV | key | |
| ColumnTypeCode | typeCode |
Overrides
Remarks
If the typeCode is 'map','list','set','udt','tuple' or 'custom' then you have to use the other overload
(AddColumn(string, string, string, TKey, ColumnTypeCode, IColumnInfo)) so you can provide the IColumnInfo.
DecryptWithKey(AesKeyAndIV, byte[])
Decrypts the provided encrypted byte array with the provided key (which was previously added with the AddColumn(string, string, string, TKey, ColumnTypeCode) method).
Declaration
public override byte[] DecryptWithKey(AesColumnEncryptionPolicy.AesKeyAndIV key, byte[] encryptedBytes)Parameters
| Type | Name | Description |
|---|---|---|
| AesColumnEncryptionPolicy.AesKeyAndIV | key | |
| byte[] | encryptedBytes | Encrypted bytes read from the server. |
Returns
| Type | Description |
|---|---|
| byte[] | The decrypted bytes (i.e. serialized value) which will then be deserialized by the driver afterwards. |
Overrides
Remarks
Implement your column encryption policy decryption logic by overriding this method.
EncryptWithKey(AesKeyAndIV, byte[])
Encrypts the provided byte array (serialized value) with the provided key (which was previously added with the AddColumn(string, string, string, TKey, ColumnTypeCode) method).
Declaration
public override byte[] EncryptWithKey(AesColumnEncryptionPolicy.AesKeyAndIV key, byte[] objBytes)Parameters
| Type | Name | Description |
|---|---|---|
| AesColumnEncryptionPolicy.AesKeyAndIV | key | |
| byte[] | objBytes | Serialized value as a byte array. |
Returns
| Type | Description |
|---|---|
| byte[] | The encrypted bytes. |
Overrides
Remarks
Implement your column encryption policy encryption logic by overriding this method.