Couchbase C Client  3.3.10
Asynchronous C Client for Couchbase

Shows how to use field-encryption API to encrypt JSON values.

/* -*- Mode: C; tab-width: 4; c-basic-offset: 4; indent-tabs-mode: nil -*- */
* Copyright 2018-2020 Couchbase, Inc.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* See the License for the specific language governing permissions and
* limitations under the License.
#include <stdio.h>
#include <stdlib.h>
#include <string.h> /* strlen */
#ifdef _WIN32
#define PRIx64 "I64x"
#include <inttypes.h>
#include "openssl_symmetric_provider.h"
static void die(lcb_INSTANCE *instance, const char *msg, lcb_STATUS err)
fprintf(stderr, "%s. Received code 0x%X (%s)\n", msg, err, lcb_strerror_short(err));
static void op_callback(lcb_INSTANCE *instance, int cbtype, const lcb_RESPBASE *rb)
if (rb->rc == LCB_SUCCESS) {
fprintf(stderr, "CAS: 0x%" PRIx64 "\n", rb->cas);
} else {
die(instance, lcb_strcbtype(cbtype), rb->rc);
static void store_encrypted(lcb_INSTANCE *instance, const char *key, const char *val)
lcb_CMDSTORE cmd = {};
lcbcrypto_FIELDSPEC field = {};
printf("KEY: %s\n", key);
printf("PLAIN: %s\n", val);
ecmd.version = 0;
ecmd.prefix = NULL;
ecmd.doc = val;
ecmd.ndoc = strlen(val);
ecmd.out = NULL;
ecmd.nout = 0;
ecmd.nfields = 1;
ecmd.fields = &field; = "message";
field.alg = "AES-256-HMAC-SHA256";
err = lcbcrypto_encrypt_fields(instance, &ecmd);
if (err != LCB_SUCCESS) {
die(instance, "Couldn't encrypt field 'message'", err);
/* chop trailing LF for nicer look */
if (ecmd.out[ecmd.nout - 1] == '\n') {
ecmd.out[ecmd.nout - 1] = ' ';
printf("CIPHER: %s\n", ecmd.out);
LCB_CMD_SET_KEY(&cmd, key, strlen(key));
LCB_CMD_SET_VALUE(&cmd, ecmd.out, ecmd.nout);
cmd.operation = LCB_STORE_UPSERT;
cmd.datatype = LCB_DATATYPE_JSON;
err = lcb_store3(instance, NULL, &cmd);
free(ecmd.out); // NOTE: it should be compatible with what providers use to allocate memory
if (err != LCB_SUCCESS) {
die(instance, "Couldn't schedule storage operation", err);
int main(int argc, char *argv[])
lcb_INSTANCE *instance;
struct lcb_create_st create_options = {};
create_options.version = 3;
if (argc < 2) {
fprintf(stderr, "Usage: %s couchbase://host/bucket [ password [ username ] ]\n", argv[0]);
create_options.v.v3.connstr = argv[1];
if (argc > 2) {
create_options.v.v3.passwd = argv[2];
if (argc > 3) {
create_options.v.v3.username = argv[3];
err = lcb_create(&instance, &create_options);
if (err != LCB_SUCCESS) {
die(NULL, "Couldn't create couchbase handle", err);
err = lcb_connect(instance);
if (err != LCB_SUCCESS) {
die(instance, "Couldn't schedule connection", err);
err = lcb_get_bootstrap_status(instance);
if (err != LCB_SUCCESS) {
die(instance, "Couldn't bootstrap from cluster", err);
lcb_install_callback3(instance, LCB_CALLBACK_STORE, op_callback);
lcbcrypto_register(instance, "AES-256-HMAC-SHA256", osp_create());
store_encrypted(instance, "secret-1", "{\"message\":\"The old grey goose jumped over the wrickety gate.\"}");
store_encrypted(instance, "secret-2", "{\"message\":10}");
store_encrypted(instance, "secret-3", "{\"message\":\"10\"}");
instance, "secret-4",
store_encrypted(instance, "secret-5",
"{\"message\":{\"myValue\":\"The old grey goose jumped over the wrickety gate.\",\"myInt\":10}}");
return 0;
Main header file for Couchbase.
Definition: couchbase.h:2109
void lcb_destroy(lcb_INSTANCE *instance)
Destroy (and release all allocated resources) an instance of lcb.
Field encryption.
lcbcrypto_FIELDSPEC * fields
list of field specs
Definition: crypto.h:125
char * out
pointer to output JSON document.
Definition: crypto.h:123
size_t ndoc
size of the input JSON document
Definition: crypto.h:122
const char * doc
pointer to the input JSON document
Definition: crypto.h:121
const char * prefix
prefix to encrypted field.
Definition: crypto.h:120
const char * name
field name (NUL-terminated)
Definition: crypto.h:106
uint16_t version
version of the structure, currently valid value is 0
Definition: crypto.h:119
size_t nout
size of the output JSON document
Definition: crypto.h:124
const char * alg
crypto provider alias (NUL-terminated)
Definition: crypto.h:107
size_t nfields
number of field specs
Definition: crypto.h:126
lcb_STATUS lcbcrypto_encrypt_fields(lcb_INSTANCE *instance, lcbcrypto_CMDENCRYPT *cmd)
Encrypt all specified fields in the JSON encoded object.
void lcbcrypto_register(lcb_INSTANCE *instance, const char *name, lcbcrypto_PROVIDER *provider)
Register crypto-provider for specified alias.
Command to encrypt JSON fields.
Definition: crypto.h:118
Structure for JSON field specification for encrypt/decrypt API.
Definition: crypto.h:105
LCB_INTERNAL_API const char * lcb_strerror_short(lcb_STATUS error)
Get a shorter textual description of an error message.
Error codes returned by the library.
Definition: error.h:212
lcb_STATUS lcb_get_bootstrap_status(lcb_INSTANCE *instance)
Gets the initial bootstrap status.
lcb_STATUS lcb_create(lcb_INSTANCE **instance, const lcb_CREATEOPTS *options)
Create an instance of lcb.
struct lcb_st lcb_INSTANCE
Library handle representing a connection to a cluster and its data buckets.
Definition: couchbase.h:35
lcb_STATUS lcb_connect(lcb_INSTANCE *instance)
Schedule the initial connection This function will schedule the initial connection for the handle.
const char * lcb_strcbtype(int cbtype)
Returns the type of the callback as a string.
Definition: couchbase.h:472
The default storage mode.
Definition: couchbase.h:887
lcb_STATUS lcb_wait(lcb_INSTANCE *instance, lcb_WAITFLAGS flags)
Wait for completion of scheduled operations.
Behave like the old lcb_wait()
Definition: couchbase.h:1854
#define LCB_CMD_SET_KEY(cmd, keybuf, keylen)
Set the key for the command.
Definition: utils.h:52