mongocrypt_decrypt_finish

Synopsis

#include <mongocrypt.h>

bool
mongocrypt_decrypt_finish (mongocrypt_t *crypt,
                           const mongocrypt_binary_t *encrypted_docs,
                           uint32_t num_docs,
                           const mongocrypt_binary_t *datakeys,
                           mongocrypt_binary_t **docs,
                           mongocrypt_error_t *error);

Parameters

• crypt: the mongocrypt_t handle.
• encrypted_docs: a C array pointing to BSON documents needing decryption. These should be documents returned by a MongoDB cursor.
• num_docs: the number of BSON documents in docs.
• datakeys: a BSON document containing data keys requested before.
• docs: points to a C array of length num_docs. Documents that are decrypted are set in this array. Documents not requiring decryption set the array index to NULL.
• error: set to an error. The caller must call mongocrypt_error_destroy after (even if no error occurred).

datakeys

datakeys is a BSON document mapping key vault aliases to arrays of data keys.

{
   "default": [
     {
        "_id" : UUID("148d6906-9648-4b32-ba08-8497ad838229"),
        "status" : 1,
        "masterKey" : { ... },
        "creationDate" : ISODate("2018-12-31T14:23:48.172Z"),
        "updatedDate" : ISODate("2018-12-31T14:23:48.172Z"),
        "keyMaterial" : BinData(0,"..."),
      }
      ...
   ],
   "alias": [
     { ... }
   ]
   ...
}

Returns

True on success, false on failure. On failure, error is populated.

See Also

• mongocrypt_decrypt_prepare: The previous call in the sequence to decrypt.