Protection Profiles
Protection Profiles contain all information needed to perform a cryptographic operation, and they can be used to specify the encryption information for a specific input column in a BDT policy.
Creating a Protection Profile
Log on to the CipherTrust Manager as an administrator.
On the app selection menu, click Batch Data Transformation and select Protection Profiles.
Click Create Protection Profile. The Create Protection Policy wizard is displayed.
Enter the following information:
Field Description Name A user defined name for this Protection Profile. The name must be unique. Description An optional description of the profile. Key Name Click Select and select the name of the key that you want to use. If you need to create a new key, you can click Create a New Key on the Select Key page. Tweak An optional 16-digit tweak for the encryption key. IV An optional 32-digit initialization vector for the encryption key. Algorithm The algorithm to use. This can be:
• FPE (also called FF3)
• FF1
• AES_CBC_PAD
• AES_CTR
• DESede (also called 3DES, Triple-DES, and DES-EDE)Mode Only applicable if the Algorithm is set to DESede. This can be:
• CBC (the default)
• ECBPadding Only applicable if the Algorithm is set to DESede. This can be:
• NoPadding
• PKCS5PaddingCharacter Set The character set that will be encrypted by this profile. Thales provides the following default character sets:
• Alphanumeric
• All printable ASCII
• All digits
You can also make as many custom character sets as you need. For details, see Creating a Character Set.Allow null or single character inputs If this option is enabled, null or single-character inputs will be passed through to the output without being encrypted. If this option is not selected, the row transformation will fail.
This option applies to FPE or FF1 algorithm encryption only. It is ignored if the Algorithm is set to Random.Review the Protection Profile settings and click Save when you are done.
Creating a Character Set
Log on to the CipherTrust Manager as an administrator.
In the left pane, expand Data Protection and select Character Sets.
Click Create Character Set and enter the following information:
Field Description Name A user defined name for this character set. The name must be unique. Unicode Character Range The Unicode characters included in this character set in HEX format. This field can contain a range of characters, a single Unicode character, or a comma-separated list consisting of any number of ranges and single characters.
Examples:
• Basic Latin:0000-007F
• Digits:0031-0039
• Greek:0370-03FF
• Greek and all digits:0E00-0E7F,0030-0039
• Greek and the single digit 9:0E00-0E7F,0039
As you specify the range, a check mark icon next to the field label indicates that the entry uses valid HEX format. An exclamation mark icon indicates that the value is not valid HEX. You cannot create the character set unless you have a valid HEX expression in this field.When you are done, click Create.