Docs Menu

/

/

/

/

In-Use Encryption

/

Client-Side Field Level Encryption

/

CSFLE Cryptographic Primitives

This version of the documentation is archived and no longer supported. View the current documentation to learn how to upgrade your version of MongoDB server.

MongoDB's Queryable Encryption feature is available (GA) in MongoDB 7.0 and later. To learn more about Queryable Encryption and compare its benefits with Client-Side Field Level Encryption, see Queryable Encryption.

MongoDB encrypts all fields in CSFLE with the AEAD AES-256-CBC encryption algorithm.

If you specify deterministic encryption for a field, your application passes a deterministic initialization vector to AEAD.
If you specify random encryption for a field, your application passes a random initialization vector to AEAD.

Note

Authenticated Encryption

MongoDB CSFLE uses the encrypt-then-MAC approach to perform authenticated encryption. MongoDB CSFLE uses the HMAC-SHA-512 algorithm to generate your MAC.

Back

How CSFLE Decrypts Documents

Next

Automatic Encryption Shared Library for CSFLE