Creating protection policy
To create a protection policy:
Open Application Data Protection.
In the left pane, click Protection Policies.
On the Protection Policies screen, click Add Protection Policy.
On the Create Protection Policy screen, enter/select the following fields.
Field Description Name Unique name for protection policy. Do not use % in the protection policy name.
Algorithm Algorithm to be used in the cryptographic operations. You can view the list supported algorithms here. Key Key to be used in cryptographic operations. Character Set Name of the character set. Refer to Creating Character Sets for details. Access Policy Access policy to be associated with the protection policy. Access policies are set of rules that define how the decrypted data will be revealed to the application users. For more details, click here. Masking Format Masking format to be associated with the protection policy. For more details, click here. Tweak algorithm Tweak algorithm to be used in cryptographic operations. It is only applicable for FPE algorithms.
Possible options are:
— SHA1
— SHA256
— NONE
— NULLFor FF3, Tweak Algorithm can't be NULL. For the remaining FPE algorithms, Tweak Algorithm can be NULL.
Tweak Tweak data to be used in cryptographic operations.
This field is mandatory if tweak algorithm is specified.
If tweak algorithm is NONE, specify a 16-character HEX encoded string.
If tweak algorithm is NULL, this field is not required.IV Initialization vector to be used in cryptographic operations. This field will appear on the UI if FPE/AES or AES/CBC algorithm is selected.
— For FPE/AES, IV is derived based on the character set length. To know how to calculate the required IV, click here.
— For AES/CBC modes, a 16-byte IV is required.
The value must be a HEX encoded string.Disable Versioning If selected, protection policy can't be updated and only ciphertext is returned in the response. Version Header Determines the location of version bytes.
Possible options are:
— Internal: version bytes are prepended to the ciphertext.
— External: version bytes are stored in a separate field. For details, click here.Click Create. A message stating, Protection policy created successfully is displayed and the newly created policy is listed on the Protection Policies page.
Important Notes
Note
When a protection policy is created, Version 1 is assigned to that policy. The version is incremented with each updation.
If versioning is disabled, protection policy can't be modified.
For disabled versioning, only version "0" of a key can be used in cryptographic operations.
The versioning type, selected while creating a protection policy can't be modified.