Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Managing Protection Policy

Creating protection policy

search

Please Note:

Creating protection policy

To create a protection policy:

  1. Open Application Data Protection.

  2. In the left pane, click Protection Policies.

  3. On the Protection Policies screen, click Add Protection Policy.

  4. On the Create Protection Policy screen, enter/select the following fields.

    FieldDescription
    NameUnique name for protection policy.

    Do not use % in the protection policy name.

    AlgorithmAlgorithm to be used in the cryptographic operations. You can view the list supported algorithms here.
    KeyKey to be used in cryptographic operations.
    Character SetName of the character set. Refer to Creating Character Sets for details.
    Access PolicyAccess policy to be associated with the protection policy. Access policies are set of rules that define how the decrypted data will be revealed to the application users. For more details, click here.
    Masking FormatMasking format to be associated with the protection policy. For more details, click here.
    Tweak algorithmTweak algorithm to be used in cryptographic operations. It is only applicable for FPE algorithms.
    Possible options are:
    — SHA1
    — SHA256
    — NONE
    — NULL

    For FF3, Tweak Algorithm can't be NULL. For the remaining FPE algorithms, Tweak Algorithm can be NULL.

    TweakTweak data to be used in cryptographic operations.
    This field is mandatory if tweak algorithm is specified.
    If tweak algorithm is NONE, specify a 16-character HEX encoded string.
    If tweak algorithm is NULL, this field is not required.
    IVInitialization vector to be used in cryptographic operations. This field will appear on the UI if FPE/AES or AES/CBC algorithm is selected.
    — For FPE/AES, IV is derived based on the character set length. To know how to calculate the required IV, click here.
    — For AES/CBC modes, a 16-byte IV is required.
    The value must be a HEX encoded string.
    Disable VersioningIf selected, protection policy can't be updated and only ciphertext is returned in the response.
    Version HeaderDetermines the location of version bytes.
    Possible options are:
    — Internal: version bytes are prepended to the ciphertext.
    — External: version bytes are stored in a separate field. For details, click here.

  5. Click Create. A message stating, Protection policy created successfully is displayed and the newly created policy is listed on the Protection Policies page.

Important Notes

Note

  • When a protection policy is created, Version 1 is assigned to that policy. The version is incremented with each updation.

  • If versioning is disabled, protection policy can't be modified.

  • For disabled versioning, only version "0" of a key can be used in cryptographic operations.

  • The versioning type, selected while creating a protection policy can't be modified.

On this page