Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

back

Application Data Protection Administration

Managing Protection Policy

search

Please Note:

Managing Protection Policy

Protection policy defines a set of rules that govern the cryptographic operations. The protection policy includes entities such as algorithm, key, and character set.

Protection policy specifications

Supported key types

  • For AES algorithm, both versioned and non-versioned symmetric keys are supported.

  • For FPE algorithms, both versioned and non-versioned symmetric keys are supported.

The key must be marked exportable on the CipherTrust Manager.

Supported algorithms

FPE/AES

  • FPE/AES/CARD10

  • FPE/AES/CARD26

  • FPE/AES/CARD62

  • FPE/AES/UNICODE

FPE/FF1

  • FPE/FF1v2/CARD10

  • FPE/FF1v2/CARD26

  • FPE/FF1v2/CARD62

  • FPE/FF1v2/ASCII

  • FPE/FF1v2/UNICODE

FPE/FF3

  • FPE/FF3/CARD10

  • FPE/FF3/CARD26

  • FPE/FF3/CARD62

  • FPE/FF3/ASCII

  • FPE/FF3/UNICODE

AES

  • AES/CBC/NoPadding

  • AES/CBC/PKCS5Padding

  • AES/ECB/NoPadding

  • AES/ECB/PKCS5Padding

  • AES/CTR/NoPadding

FPE requires minimumtwo characters from the character set to perform crypto operations.

Supported character set

Application Data Protection supports configurable character sets.

Protection Policy versioning

When the Application Data Protection Admin modifies an existing protection policy, a new protection policy with same name is created. This protection policy contains the updated fields and the incremented version. The active flag of the previous versions is set to false. Following fields can be modified:

  • Algorithm

  • Key

  • Character set

  • Tweak data

  • Initialization vector

If a set of data is already encrypted with a protection policy, ensure to decrypt the data with the same protection policy.

In this article you will learn how to: