Class BaseColumnEncryptionPolicy<TKey>
This abstract class provides functionality to manage the column encryption metadata of encrypted columns. You can implement a custom ColumnEncryptionPolicy by inheriting this class and overriding EncryptWithKey(TKey, byte[]) and DecryptWithKey(TKey, byte[]).
Implements
Inherited Members
Namespace: Cassandra
Assembly: Cassandra.dll
Syntax
public abstract class BaseColumnEncryptionPolicy<TKey> : IColumnEncryptionPolicyType Parameters
| Name | Description |
|---|---|
| TKey | The type of the "key" object that is used by the implementations of this class. See an example of this in AesColumnEncryptionPolicy. This is only meant to provide some compile time type safety since the base interface works with the basic "object" type. |
Methods
AddColumn(string, string, string, TKey, ColumnTypeCode, IColumnInfo)
Provide cryptography materials to be used when encrypted and/or decrypting data for the specified column.
Declaration
public virtual void AddColumn(string ks, string table, string col, TKey key, ColumnTypeCode typeCode, IColumnInfo columnTypeInfo)Parameters
| Type | Name | Description |
|---|---|---|
| string | ks | |
| string | table | |
| string | col | |
| TKey | key | |
| ColumnTypeCode | typeCode | |
| IColumnInfo | columnTypeInfo |
Remarks
This overload has an extra parameter (columnTypeInfo) which is used if the typeCode refers to a type that requires extra type information.
E.g. collection types require information about the type of objects that the collection contains. This overload should only be used if the column is of type 'map', 'list', 'set', 'udt', 'tuple' or 'custom'.
AddColumn(string, string, string, TKey, ColumnTypeCode)
Provide cryptography materials to be used when encrypting and/or decrypting data for the specified column.
Declaration
public virtual void AddColumn(string ks, string table, string col, TKey key, ColumnTypeCode typeCode)Parameters
| Type | Name | Description |
|---|---|---|
| string | ks | |
| string | table | |
| string | col | |
| TKey | key | |
| ColumnTypeCode | typeCode |
Remarks
If the typeCode is 'map','list','set','udt','tuple' or 'custom' then you have to use the other overload
(AddColumn(string, string, string, TKey, ColumnTypeCode, IColumnInfo)) so you can provide the IColumnInfo.
Decrypt(object, byte[])
Decrypt the specified (encrypted) bytes using the cryptography materials. This method is used by the driver internally before providing the results to the application.
Declaration
public byte[] Decrypt(object key, byte[] encryptedBytes)Parameters
| Type | Name | Description |
|---|---|---|
| object | key | |
| byte[] | encryptedBytes |
Returns
| Type | Description |
|---|---|
| byte[] | Decrypted data in a byte array. |
DecryptWithKey(TKey, byte[])
Decrypts the provided encrypted byte array with the provided key (which was previously added with the AddColumn(string, string, string, TKey, ColumnTypeCode) method).
Declaration
public abstract byte[] DecryptWithKey(TKey key, byte[] encryptedBytes)Parameters
| Type | Name | Description |
|---|---|---|
| TKey | key | Key that was previously provided with AddColumn(string, string, string, TKey, ColumnTypeCode). |
| byte[] | encryptedBytes | Encrypted bytes read from the server. |
Returns
| Type | Description |
|---|---|
| byte[] | The decrypted bytes (i.e. serialized value) which will then be deserialized by the driver afterwards. |
Remarks
Implement your column encryption policy decryption logic by overriding this method.
Encrypt(object, byte[])
Encrypt the specified bytes using the cryptography materials. This method is used by the driver internally before sending the parameters to the server.
Declaration
public byte[] Encrypt(object key, byte[] objBytes)Parameters
| Type | Name | Description |
|---|---|---|
| object | key | |
| byte[] | objBytes |
Returns
| Type | Description |
|---|---|
| byte[] | Encrypted data in a byte array. The returned byte array can't be 'null' because 'blob' types don't allow 'null' values. |
EncryptWithKey(TKey, byte[])
Encrypts the provided byte array (serialized value) with the provided key (which was previously added with the AddColumn(string, string, string, TKey, ColumnTypeCode) method).
Declaration
public abstract byte[] EncryptWithKey(TKey key, byte[] objBytes)Parameters
| Type | Name | Description |
|---|---|---|
| TKey | key | Key that was previously provided with AddColumn(string, string, string, TKey, ColumnTypeCode). |
| byte[] | objBytes | Serialized value as a byte array. |
Returns
| Type | Description |
|---|---|
| byte[] | The encrypted bytes. |
Remarks
Implement your column encryption policy encryption logic by overriding this method.
GetColumnEncryptionMetadata(string, string, string)
Retrieves the cryptography materials for the specified column. If the column is not encrypted then it should return 'null'.
Declaration
public virtual ColumnEncryptionMetadata? GetColumnEncryptionMetadata(string ks, string table, string col)Parameters
| Type | Name | Description |
|---|---|---|
| string | ks | Keyspace of this encrypted column's table. |
| string | table | Table of this encrypted column. |
| string | col | Name of this encrypted column at schema level. |
Returns
| Type | Description |
|---|---|
| ColumnEncryptionMetadata? |