Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Tasks

Performing Initial Data Transformation for DPG Compatibility

search

Please Note:

Performing Initial Data Transformation for DPG Compatibility

Batch Data Transformation (BDT) is used for initial encryption of persistent plaintext data to make it compatible with the CipherTrust Data Protection Gateway (DPG). During intial encryption, the data is encrypted with the same protection properties that are later used by DPG.

Note

  • Initial encryption is needed only for the plaintext data.

  • Initial encryption is supported only via BDT policy file and not from BDT CM UI.

  • Your data can be processed by DPG without redefining the protection policies further.

Steps for Initial Transformation of Data

  1. Define your Protection Policy on the CipherTrust Manager (CM).
    Refer to the Managing Protection Policy page on the CipherTrust Manager to define your protection policy.

  2. Go to the Protection Policies page and view the details of the Protection Policy.
    Refer to the View Protection Policy page on the CipherTrust Manager to view the details of the Protection Policy.

    Below is the example for a DPG Protection Policy on the CM:

    CM Protection Profile

  3. Update BDT policy file with the values read in step 2. The supported algorithm for initial encryption is AES/CBC/PKCS5Padding only.

    Algorithm in Protection PolicyValue in BDT Policy
    AES/CBC/PKCS5PaddingAES_CBC_PAD

  4. Convert iv text (given in DPG Protection Policy) to hexadecimal, and set it in bdt.policy.

    You can either use ASCII Table or any online converter to convert iv text to hexadecimal e.g. ASCII Text to Hexdecimal Code Converter.

    The resulting hexdecimal for iv text (used in DPG Protection Policy) will be "31323334353637383132333435363738", and can be set in bdt.policy.

    In the example below, the corresponding values from step 2 are updated in BDT policy file.

    bdt.policy

        "config" : [ {
        "@type" : "AES/CBC/PKCS5Padding",                           
        "key" : "example_key",                         
        "iv" : "31323334353637383132333435363738",
        "policyVersion" : 1                         /* Version of protection policy on CM GUI to be used only for Initial Encryption of DPG. */
    } ]

    Note

    • BDT reads the encryption properties and protection policy version information from the policy file.

    • A policyVersion parameter is used in the policy file to get version information of the protection policy.

    • Refer to BDT Policy File Attributes for the attribute details and Sample BDT Policy for the sample policy file.

On this page