Managing Masking Formats
The masking format is the format in which the output of the protect and reveal operations is presented. Application Data Protection offers a set of predefined masking formats. To meet your specific requirement, the Application Data Protection Admins can easily create custom masking formats.
Application Data Protection supports following types of masking formats:
Static Masking Format: Creates masking format for the protect operation. This format is only applicable for FPE algorithms. It allows you to preserve some characters of the input data. While creating this format, you can choose the starting and the ending characters to be preserved. The remaining characters will be protected based on the algorithm.
Dynamic Masking Format: Creates masking format for the reveal operation. Dynamic masking format determines how the output of the reveal operation is displayed to the application users. While creating this format, you can choose to show or hide characters and the masking character that will be used mask the data. By default, X is masking character.
Examples of dynamic masking
Example 1
Plaintext: 12345678ABCDFRG
Masking Character: X
Masking Operation: Show first 3 characters and last 4 characters.
Masked Data: 123XXXXXXXXDFRG
Example 2
Plaintext: 12345678ABCDFRG
Masking Operation: Mask first 3 characters and last 4 characters.
Masked Data: YYY45678ABCYYYY
Examples of static masking
Example 1
Plaintext: 0123456789012345
Masking Operation: Preserve first 2 and last 4 characters and encrypt the remaining characters.
Output: 01bdJloPqwAq2345
Example 2
Plaintext: 0123456789012345
Masking Operation: Preserve first 4 and last 3 characters and encrypt the remaining characters.
Output: 0123WKNclKoIs345
Default Masking Formats
The following table describes the predefined static and dynamic masking formats along with their description. We have also added some examples to make you familiar with the masking operation:
Masking Format Name | Type | Description | Example |
---|---|---|---|
FIRST_SIX | Static | Preserves first six characters and encrypts the remaining characters. | 123456xboilkjt |
FIRST_SIX_LAST_FOUR | Static | Preserves first six and last four characters. The remaining character are encrypted. | 123456AqDfe9876 |
FIRST_TWO_LAST_FOUR | Static | Preserves first two and last four characters. The remaining characters are encrypted. | 12HgFtklor7654 |
LAST_FOUR | Static | Preserves last four characters and encrypts the remaining characters. | VyTKIDbdpqwy9876 |
SHOW_FIRST_SIX | Dynamic | Shows the first six characters of the plaintext value and masks the remaining characters. | 012345XXXXXXXXXX |
SHOW_FIRST_SIX_LAST_FOUR | Dynamic | Shows the first six and last four characters of the plaintext value and masks the remaining characters. | 012345XXXXXX2345 |
SHOW_FIRST_TWO_LAST_FOUR | Dynamic | Shows the first two and last four characters of the plaintext value and masks the remaining characters. | 01XXXXXXXXXX2345 |
SHOW_LAST_FOUR | Dynamic | Shows the last four characters of the plaintext value and masks the remaining characters. | XXXXXXXXXXXX2345 |
Important Points
Predefined masking formats can't be deleted.
Masking formats once created can't be modified.
Custom masking formats can be deleted.
In this article you will learn how to: