Managing Protection Policy
Protection policy defines a set of rules that govern the cryptographic operations. The protection policy includes entities such as algorithm, key, and character set.
Protection policy specifications
Supported key types
For AES algorithm, both versioned and non-versioned symmetric keys are supported.
For FPE algorithms, both versioned and non-versioned symmetric keys are supported.
Note
The key must be marked exportable on the CipherTrust Manager.
Supported algorithms
??? "FPE/AES"
* FPE/AES/CARD10
* FPE/AES/CARD26
* FPE/AES/CARD62
* FPE/AES/UNICODE
??? "FPE/FF1"
* FPE/FF1v2/CARD10
* FPE/FF1v2/CARD26
* FPE/FF1v2/CARD62
* FPE/FF1v2/ASCII
* FPE/FF1v2/UNICODE
??? "FPE/FF3"
* FPE/FF3/CARD10
* FPE/FF3/CARD26
* FPE/FF3/CARD62
* FPE/FF3/ASCII
* FPE/FF3/UNICODE
??? "AES"
* AES/CBC/NoPadding
* AES/CBC/PKCS5Padding
* AES/ECB/NoPadding
* AES/ECB/PKCS5Padding
* AES/CTR/NoPadding
Note
FPE requires minimumtwo characters from the character set to perform crypto operations.
Supported character set
Application Data Protection supports configurable character sets.
Protection policy versioning
When the Application Data Protection Admin modifies an existing protection policy, a new protection policy with same name is created. This protection policy contains the updated fields and the incremented version. The active flag of the previous versions is set to false. Following fields can be modified:
Algorithm
Key
Character set
Tweak data
Initialization vector
Note
If a set of data is already encrypted with a protection policy, ensure to decrypt the data with the same protection policy.
In this article you will learn how to: