Managing Protection Policy

Protection policy defines a set of rules that govern the cryptographic operations. The protection policy includes entities such as algorithm, key, and character set.

Protection policy specifications

Supported key types

For AES algorithm, both versioned and non-versioned symmetric keys are supported.
For FPE algorithms, both versioned and non-versioned symmetric keys are supported.

Note

The key must be marked exportable on the CipherTrust Manager.

Supported algorithms

??? "FPE/AES"

* FPE/AES/CARD10

* FPE/AES/CARD26

* FPE/AES/CARD62

* FPE/AES/UNICODE

??? " FPE/FF1"

* FPE/FF1v2/CARD10

* FPE/FF1v2/CARD26

* FPE/FF1v2/CARD62

* FPE/FF1v2/ASCII

* FPE/FF1v2/UNICODE

??? " FPE/FF3"

* FPE/FF3/CARD10

* FPE/FF3/CARD26

* FPE/FF3/CARD62

* FPE/FF3/ASCII

* FPE/FF3/UNICODE

??? " AES"

* AES/CBC/NoPadding

* AES/CBC/PKCS5Padding

* AES/ECB/NoPadding

* AES/ECB/PKCS5Padding

* AES/CTR/NoPadding

Note

FPE requires minimumtwo characters from the character set to perform crypto operations.

Supported character set

Application Data Protection supports configurable character sets.

Protection Policy versioning

When the Application Data Protection Admin modifies an existing protection policy, a new protection policy with same name is created. This protection policy contains the updated fields and the incremented version. The active flag of the previous versions is set to false. Following fields can be modified:

Algorithm
Key
Character set
Tweak data
Initialization vector

Note

If a set of data is already encrypted with a protection policy, ensure to decrypt the data with the same protection policy.

In this article you will learn how to:

Suggest A Change

Managing Protection Policy

Protection policy specifications

Supported key types

Supported algorithms

Supported character set

Protection Policy versioning

On this page