Crypto Operations
The CipherTrust Manager supports the following crypto operations:
Symmetric Encryption
Symmetric encryption uses AES, TDES, or AES-GCM (with or without authentication data).
A variety of modes and key sizes are supported. Operations can be chained to encrypt a stream of data, split over multiple requests.
Algorithm | Mode | Padding (* = default) |
---|---|---|
AES | GCM | |
AES | ECB, CBC | none, PKCS7* |
TDES | CBC | none, PKCS5* |
Asymmetric Encryption
Asymmetric encryption uses RSA keys. A variety of paddings are supported.
Algorithm | Mode | Padding (* = default) |
---|---|---|
RSA | OAEP, PKCS1* |
Asymmetric Sign and Verify
Algorithm |
---|
SHA1 |
SHA256 |
SHA384 |
SHA512 |
MAC and MAC Verify
Algorithm |
---|
SHA1 |
SHA256 |
SHA384 |
SHA512 |
Format Preserving Encryption
Format–Preserving Encryption is a special type of encryption that keeps the output of the algorithm in the same format and length as the input. This can be important when the result is stored in a database that expects a certain format. A common use case is for Credit Card Numbers, zip codes, telephone numbers, names, addresses etc.
Note
Using this service/api/product does not confer compliance with any regulation regarding the use, storage and processing of Credit Card data.
Normally FPE algorithms limit the size of the data that can be encrypted to a number based on the size of the alphabet. Selecting the "alphabet" determines two things - how long your input can be - and what characters will be encrypted and which ones will be left in place.
sample | alphabet | sample result |
---|---|---|
443-555-1055 | digit | 231-601-4293 |
443-555-1055 | alphabet | 443-555-1055 |
443-555-1055 | alphanumeric | ab4-56k-DG3e |
443-555-1055 | printable | &08yfh210f8$5 |
Hello World! | digit | Hello World! |
Hello World! | alphabet | djheF dkoRE! |
Hello World! | alphanumeric | 4JhR6 0e5w2! |
Hello World! | printable | 3J;e6#0e^1&d |
Alphabet | Maximum size |
---|---|
digit | 56 |
alphabet | 32 |
alphanumeric | 32 |
printable | 28 |
The algorithm only handles ASCII chars Ox20 through Ox7E. There is currently no support for other character sets.
The FPE implementation also supports inputs that are longer than the limits imposed above. However using the API this way is more complicated and additional parameters must be passed.