Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Managing Protection Policy

Protection Policy Versioning Details

search

Please Note:

printsuggest an editpdf paneldownload

Protection Policy Versioning Details

Protection policy versioning is the process of assigning a version number to each iteration of a protection policy. This process helps track changes and updates made to a protection policy.

Whenever a protection policy is updated, a new version is generated to track the changes. The protection policy versioning starts with Version 1.

The advantage of the versioned policies is that protection policy can be modified without worrying about data, which is protected with older protection policy versions. The protect operation always uses the latest protection policy version and the reveal operation reveals data based on the protection policy version passed with the ciphertext.

copy link to clipboardVersion Header Structure

The version header is a 7-digit value. The permissible version header range is- 1001000 - 1999999.

Version Header ExampleDigitDescription
10010001Reserved for type digit.
10010002-4Reserved for protection policy version. It will always start with 1 (001).
10010005-7Preserved for key version. It will always start with 0 (000).

Following are the supported versioning types:

  • Internal Version Protection Policy

    It is a type of protection policy where the version header is prepended with the ciphertext. For example, 1001000B1E06A7C20585E0F5A13233953B4971D, here 1001000 is the version header and B1E06A7C20585E0F5A13233953B4971D is the ciphertext.

  • External Version Protection Policy

    It is a type of protection policy where the version header is not part of the ciphertext. In external version protection policy, the version header details are stored in a different column/field based on the chosen connector type and its configurations.

  • Disable Version Protection Policy

    A disabled version protection policy is the policy without the version header. If Disable Versioning is selected, the protection policy cannot be modified. In such cases, only Version 0 of a key will be used to protect/reveal data. Use this option if you want ciphertext only and no information about the version header.

Note

  • If a set of data is already encrypted with a protection policy, ensure to decrypt the data with the same protection policy.

  • The versioning type selected during the protection policy creation cannot be modified.

On this page