Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

BDT Administration

Protection Profiles

search

Please Note:

Protection Profiles

Protection Profiles contain all information needed to perform a cryptographic operation, and they can be used to specify the encryption information for a specific input column in a BDT policy.

Creating a Protection Profile

  1. Log on to the CipherTrust Manager as an administrator.

  2. On the app selection menu, click Batch Data Transformation and select Protection Profiles.

  3. Click Create Protection Profile. The Create Protection Policy wizard is displayed.

  4. Enter the following information:

    FieldDescription
    NameA user defined name for this Protection Profile. The name must be unique.
    DescriptionAn optional description of the profile.
    Key NameClick Select and select the name of the key that you want to use. If you need to create a new key, you can click Create a New Key on the Select Key page.
    TweakAn optional 16-digit tweak for the encryption key.
    IVAn optional 32-digit initialization vector for the encryption key.
    AlgorithmThe algorithm to use. This can be:
    • FPE (also called FF3)
    • FF1
    • AES_CBC_PAD
    • AES_CTR
    • DESede (also called 3DES, Triple-DES, and DES-EDE)
    ModeOnly applicable if the Algorithm is set to DESede. This can be:
    • CBC (the default)
    • ECB
    PaddingOnly applicable if the Algorithm is set to DESede. This can be:
    • NoPadding
    • PKCS5Padding
    Character SetThe character set that will be encrypted by this profile. Thales provides the following default character sets:
    • Alphanumeric
    • All printable ASCII
    • All digits
    You can also make as many custom character sets as you need. For details, see Creating a Character Set.
    Allow null or single character inputsIf this option is enabled, null or single-character inputs will be passed through to the output without being encrypted. If this option is not selected, the row transformation will fail.
    This option applies to FPE or FF1 algorithm encryption only. It is ignored if the Algorithm is set to Random.

  5. Review the Protection Profile settings and click Save when you are done.

Creating a Character Set

  1. Log on to the CipherTrust Manager as an administrator.

  2. In the left pane, expand Data Protection and select Character Sets.

  3. Click Create Character Set and enter the following information:

    FieldDescription
    NameA user defined name for this character set. The name must be unique.
    Unicode Character RangeThe Unicode characters included in this character set in HEX format. This field can contain a range of characters, a single Unicode character, or a comma-separated list consisting of any number of ranges and single characters.
    Examples:
    • Basic Latin: 0000-007F
    • Digits: 0031-0039
    • Greek: 0370-03FF
    • Greek and all digits: 0E00-0E7F,0030-0039
    • Greek and the single digit 9: 0E00-0E7F,0039
    As you specify the range, a check mark icon next to the field label indicates that the entry uses valid HEX format. An exclamation mark icon indicates that the value is not valid HEX. You cannot create the character set unless you have a valid HEX expression in this field.

  4. When you are done, click Create.

On this page