Database Manual / Security / Encryption / In-Use Encryption / Client-Side Field Level Encryption / Reference
MongoDB encrypts all fields in Queryable Encryption and CSFLE with the AEAD AES-256-CBC encryption algorithm.
- With Queryable Encryption, ciphertext is always non-deterministic.
With CSFLE, if you specify deterministic encryption for a field, your application passes a deterministic initialization vector to AEAD.
With CSFLE, if you specify random encryption for a field, your application passes a random initialization vector to AEAD.
Note
Authenticated Encryption
MongoDB uses the encrypt-then-MAC approach to perform authenticated encryption. Both Queryable Encryption and CSFLE use the HMAC-SHA-512 algorithm to generate your MAC.