Creating protection policy
To create a protection policy:
Open Application Data Protection.
In the left pane, click Protection Policies.
On the Protection Policies screen, click Add Protection Policy.
On the Create Protection Policy screen, enter/select the following fields.
Field Description Name Unique name for protection policy. Algorithm Algorithm to be used in the cryptographic operations. You can view the list supported algorithms here. Key Key to be used in cryptographic operations. Character Set Name of the character set. Refer to Creating Character Sets for details. Tweak algorithm Tweak algorithm to be used in cryptographic operations. It is only applicable for FPE algorithms.
Possible options
— SHA1
— SHA256
— NONE
— NULLTweak Tweak data to be used in cryptographic operations.
This field is mandatory if tweak algorithm is specified.
If tweak algorithm is NONE, specify a 16-character HEX encoded string.
If tweak algorithm is NULL, this field is not editable.IV Initialization vector to be used in cryptographic operations. This field will appear on the UI if FPE/AES or AES/CBC algorithm is selected.
— For FPE/AES, IV is derived based on the character set length. To know how to calculate the required IV, click here.
— For AES/CBC modes, a 16-byte IV is required.
The value must be a HEX encoded string.Disable Versioning If selected, protection policy can't be updated and only ciphertext is returned in the response. version header Determines the location of version bytes.
Possible options:
— Internal: version bytes are prepended to the ciphertext.
— External: version bytes are stored in a separate field. For details, click here.Click Create. A message stating, Protection policy created successfully is displayed and the newly created policy is listed on the Protection Policies page.
Important Notes
Note
When a protection policy is created, Version 1 is assigned to that policy. The version is incremented with each updation.
If versioning is disabled, protection policy can't be modified.
For disabled versioning, only version "0" of a key can be used in cryptographic operations.
The versioning type selected during the protection policy creation can't be modified.