MDB FLE writeup at Ars

Ars Technica is a well-respected technology magazine. They’ve got a great writeup on MongoDB’s (MDB) Field Level Encryption (FLE).…

One of the greatest things about Ars is the community – very knowledgeable and very snarky comments! A couple of comments on the article seem to indicate that MDB’s FLE has some weaknesses:

From commenter Kapil T.

There’s a few issues in this article.

1. client side encryption can be done against any database, none of that is MongoDB specific
2. second, the enterprise edition of MongoDB is also using a key vault in the same server/database for the encryption, which seems a little sketch, in that a sysadmin with access to the databases would then have access to the keys.
3. amazon cloudfront is not a database its a CDN.

From commenter Brindles:

I don’t understand how this is doing anything special.

Any database can store data that is already encrypted on the client side - it is just storing an encrypted string. What am I missing?

I guess having encrypted data limits how you can query it: You can still query for an exact match on a field string, but a partial match LIKE query won’t work

1 Like

I think the “key” difference between this field level encryption and other implementations, like in Oracle, is that there are 2 keys - a master key which encrypts the data key. The data key is stored in MongoDB, but it can’t be used to encrypt/decrypt the data unless it is first decrypted using the master key. The master key is available only from the client, say your cell phone app or browser app. It can get it from a key service, or have it stored somewhere, like a cell phone keychain.

The other nice part of this implementation is all the encryption is done for you by the MongoDb driver on your client, so your average web developer (who is usually not a cryptography expert) doesn’t have to worry about getting the encryption right and not exposing the keys. They need to make the one call to get the master key (which could just be in the phone keychain which they are used to accessing) and then provide it to the driver, which takes care of all the encryption and decryption.

With this, unencrypted data is never anywhere but at the originating client - it is encrypted in transit, and since the database doesn’t know how to decrypt it (its data key won’t work without the master key which it should never have) it is always encrypted, even in memory.

Nice solution - Mongo has very good technology, and is staying ahead and working with clients, which I think is great. Now they just have to make sure they have the revenue growth and are working toward profitability…