Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Managing Protection Policy

Creating protection policy

search

Please Note:

printsuggest an editpdf paneldownload

Creating protection policy

To create a protection policy:

  1. Open Application Data Protection.

  2. In the left pane, click Protection Policies.

  3. On the Protection Policies screen, click Add Protection Policy.

  4. On the Create Protection Policy screen, enter/select the following fields.

    FieldDescription
    NameUnique name for protection policy.
    LuhnIf enabled, protection policy is configured to protect luhn complaint data.
    note

    Note

    Luhn check is only compatible with All digits character set (0-9) and FPE algorithms. It requires minimum 3 characters to perform crypto operations.

    AlgorithmAlgorithm to be used in the cryptographic operations. You can view the list of supported algorithms here.
    KeyKey to be used in the cryptographic operations.
    Character SetName of the character set. Refer to Creating Character Sets for details.
    Access PolicyAccess policy to be associated with the protection policy. Access policies are set of rules that define how the decrypted data will be revealed to the application users. For more details, click here.
    Masking FormatStatic masking format to be associated with the protection policy. For more details, click here.
    Tweak AlgorithmTweak algorithm to be used in cryptographic operations. It is only applicable for FPE algorithms.
    Possible options are:
    — SHA1
    — SHA256
    — NONE
    — NULL
    note

    Note

    For FF3 variants, Tweak Algorithm can't be NULL. For the remaining FPE algorithms, Tweak Algorithm can be NULL.

    TweakTweak data to be used in cryptographic operations.
    To know the required size of tweak data for FPE and tweak algorithms, click here.
    IVInitialization vector to be used in cryptographic operations. IV is applicable and required for the following algorithms:
    — AES/CBC/NoPadding: 16-bytes (any UTF-8 character input) IV
    — AES/CBC/PKCS5Padding: 16-bytes (any UTF-8 character input) IV
    — FPE/AES: The IV should be specified as Hex-encoded value; where, each Hex value is represented by 2 characters. For FPE/AES, the IV length is dependent on the cardinality of the character set. To know the required IV length, click here.
    PrefixSpecify a user friendly name to help user identify the type of data being protected. The maximum allowed length for prefix is 7 characters and only All Printable ASCII characters are allowed.
    Disable VersioningIf selected, protection policy can't be updated and only ciphertext is returned in the response.
    Version HeaderDetermines the location where version header will be stored.
    Possible options are:
    — Internal: version header is prepended to the ciphertext.
    — External: version header is stored in a separate field. For details, click here.

  5. Click Create. A message stating, Protection Policy created successfully is displayed and the newly created policy is listed on the Protection Policies page.

copy link to clipboardImportant Notes

Note

  • When a protection policy is created, Version 1 is assigned to that policy. The version is incremented with each updation.

  • If versioning is disabled, protection policy can't be modified.

  • For disabled versioning, only version "0" of a key can be used in cryptographic operations.

  • The versioning type, selected while creating a protection policy can't be modified.

  • The name of the protection policy can't be modified.

On this page