Database Manual / Security / Encryption / In-Use Encryption / Client-Side Field Level Encryption / Reference
MongoDB encrypts all fields in Queryable Encryption and CSFLE with the AEAD AES-256-CBC encryption algorithm.MongoDB使用AEAD AES-256-CBC加密算法对可查询加密和CSFLE中的所有字段进行加密。
With Queryable Encryption, ciphertext is always non-deterministic.使用可查询加密,密文始终是非确定性的。With CSFLE, if you specify deterministic encryption for a field, your application passes a deterministic initialization vector to AEAD.使用CSFLE,如果为字段指定确定性加密,则应用程序会将确定性初始化向量传递给AEAD。With CSFLE, if you specify random encryption for a field, your application passes a random initialization vector to AEAD.使用CSFLE,如果为字段指定随机加密,则应用程序会将随机初始化向量传递给AEAD。
Note
Authenticated Encryption认证加密
MongoDB uses the encrypt-then-MAC approach to perform authenticated encryption. Both Queryable Encryption and CSFLE use the HMAC-SHA-512 algorithm to generate your MAC.MongoDB使用加密然后MAC的方法来执行经过身份验证的加密。可查询加密和CSFLE都使用HMAC-SHA-512算法来生成MAC。