Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Administration

search

Please Note:

You are not viewing the most recent version of this page. 2.5.2 is the latest version available.

print

Administration

CipherTrust Batch Data Transformation (BDT) is a command line utility that is used to transform (encrypt/tokenize) data in files and databases. It is a policy-based tool and can efficiently transform bulk data. It can also be used for rekey operations.

copy link to clipboardBDT Architecture

The BDT utility works with CipherTrust Manager (CM) for key management, CipherTrust Application Data Protection (CADP) for encryption, and CipherTrust Vaultless Tokenization (CT-VL) for tokenization.

copy link to clipboardBDT Policy

The BDT utility's actions are based on a policy. For each action or group of actions that you want to perform with the utility, you need to define a policy.

The BDT policy defines the rules on how to perform a transformation of the data provided by the input files or databases. The policy can be configured in a file locally or on a CipherTrust Manager (CM) instance that is serving as a centralized manager for configuration, allowing for easier reuse and maintenance. Refer to Setting up BDT Policy for details.

copy link to clipboardSupported File Formats and Databases

BDT supports the following file formats:

  • CSV File

  • Fixed Length File

BDT is supported with the following databases. The table below lists the versions tested with.

DatabaseTested Version
MySQL8.0.15
Oracle12c
IBM DB210.5.0
SAP HANA2.0
Microsoft SQL Server2017

copy link to clipboardSupported Transformations

BDT supports the following transformations:

copy link to clipboardSupported Encryption Algorithms

BDT supports the following encryption algorithms:

copy link to clipboardFF1

Key Size (in bits)128 (default)
192
256
Tweak DataTweak data is optional but highly recommended. It uses the tweekable cipher concept to protect against statistical attacks due to potentially small input/output space. The value must be HEX encoded string.
Additional NotesFF1 supports only non-versioned AES Keys.
FF1 is supported when symmetric key cache is enabled.

copy link to clipboardFPE

Key Size (in bits)128 (default)
192
256
Tweak DataThe value must be 16 characters HEX encoded string.
Additional NotesFPE supports only non-versioned AES Keys.
FPE is supported when symmetric key cache is enabled.

copy link to clipboardDESede

Block Size8 bytes
Supported ModesECB
CBC
Padding SchemesPKCS5Padding
NoPadding
IVCBC mode requires an 8 byte IV.
IV is not allowed in ECB mode.
Key SizeSupported key sizes are 168 (default) and 112 bits.
Each key contains an extra 8 bits of parity. Thus, when you create a key of 112 bits, the actual key size is 128 bits; when you create a key of 168 bits, the actual key size is 192 bits.
Additional NotesWhen using DESede with NoPadding, then data for encryption must be in multiples of 8 bytes.
DESede is supported when symmetric key cache is enabled and disabled.

copy link to clipboardAES_CTR

Block Size16 bytes
Padding SchemesNoPadding - you must supply the cipher text in multiples of 16 bytes.
IVCTR mode requires a 16 byte IV.
Key Size (in bits)128 (default)
192
256
Additional NotesAES_CTR is supported when symmetric key cache is enabled and disabled.

copy link to clipboardAES_CBC_PAD

Block Size16 bytes
IVCBC mode requires a 16 byte IV.
Key Size (in bits)128 (default)
192
256
Additional NotesAES_CBC_PAD is supported when symmetric key cache is enabled and disabled.

On this page