Protection Policy Versioning Details
Protection policy versioning is the process of assigning a version number to each iteration of a protection policy. This process helps track changes and updates made to a protection policy.
Whenever a protection policy is updated, a new version is generated to track the changes. The protection policy versioning starts with Version 1
.
The advantage of the versioned policies is that protection policy can be modified without worrying about data, which is protected with older protection policy versions. The protect operation always uses the latest protection policy version and the reveal operation reveals data based on the protection policy version passed with the ciphertext.
Version Header Structure
The version header is a 7-digit value. The permissible version header range is- 1001000
- 1999999
.
Version Header Example | Digit | Description |
---|---|---|
1001000 | 1 | Reserved for type digit. |
1001000 | 2-4 | Reserved for protection policy version. It will always start with 1 (001 ). |
1001000 | 5-7 | Preserved for key version. It will always start with 0 (000 ). |
Following are the supported versioning types:
Internal Version Protection Policy
It is a type of protection policy where the version header is prepended with the ciphertext. For example,
1001000B1E06A7C20585E0F5A13233953B4971D
, here1001000
is the version header andB1E06A7C20585E0F5A13233953B4971D
is the ciphertext.External Version Protection Policy
It is a type of protection policy where the version header is not part of the ciphertext. In external version protection policy, the version header details are stored in a different column/field based on the chosen connector type and its configurations.
Disable Version Protection Policy
A disabled version protection policy is the policy without the version header. If Disable Versioning is selected, the protection policy cannot be modified. In such cases, only
Version 0
of a key will be used to protect/reveal data. Use this option if you want ciphertext only and no information about the version header.
Note
If a set of data is already encrypted with a protection policy, ensure to decrypt the data with the same protection policy.
The versioning type selected during the protection policy creation cannot be modified.