Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Operations

Rekeying Objects

search

Please Note:

Rekeying Objects

BDT can change the encryption key and re-encrypt the data using the new key. This can be done using Vormetric Tokenization Server (VTS) to tokenize the data, or by using Vormetric Application Encryption (VAE) to encrypt the data. The same policy can perform both types of rekey.

A REKEY policy consists of two parts. In fact, REKEY is really just a container for two other actions. First, the data is detokenized or decrypted using the existing key. Then, the data is tokenized or encrypted using the new key.

The two actions within each REKEY action are defined using DETOKENIZE, DECRYPT, TOKENIZE, and ENCRYPT with the same parameters as you would use with each of these actions alone. To know more about these parameters, refer to:

Rekey Examples

The following example shows a sample configuration for a column rekey through CT-VL:

{
"name" : "column6",
"action" : "REKEY",
"config" : [ {
  "@type" : "TOKENIZE",
  "tokenGroup" : "group1",
  "tokenTemplate" : "abcedf9876543210",
  "action" : "DETOKENIZE"
}, {
  "@type" : "TOKENIZE",
  "tokenGroup" : "group2",
  "tokenTemplate" : "abcedf9876543210",
  "action" : "TOKENIZE"
} ]
}

The following example shows a sample configuration for a column rekey through CADP-JCE:

{
"name" : "column6",
"action" : "REKEY",
"config" : [ {
  "@type" : "FPE",
  "key" : "rekey1",
  "characterSet":"digits",
  "tweak":"0102030405060708",
  "action" : "DECRYPT"
}, {
  "@type" : "FPE",
  "key" : "rekey2",
  "characterSet":"digits",
         "tweak":"0102030405060708",
  "action" : "ENCRYPT"
} ]
}

On this page