Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Tasks

Performing Initial Data Transformation for DPG Compatibility

search

Please Note:

printsuggest an edit

Performing Initial Data Transformation for DPG Compatibility

Batch Data Transformation (BDT) is used for initial encryption of persistent plaintext data to make it compatible with the CipherTrust Data Protection Gateway (DPG). During intial encryption, the data is encrypted with the same protection properties that are later used by DPG.

Note

  • Initial encryption is needed only for the plaintext data.

  • Initial encryption is supported only via BDT policy file and not from BDT CM UI.

  • Your data can be processed by DPG without redefining the protection policies further.

copy link to clipboardSteps for Initial Transformation of Data

  1. Define your Protection Policy on the CipherTrust Manager (CM).
    Refer to the Managing Protection Policy page on the CipherTrust Manager to define your protection policy.

  2. Go to the Protection Policies page and view the details of the Protection Policy.
    Refer to the View Protection Policy page on the CipherTrust Manager to view the details of the Protection Policy.

    Below is the example for a DPG Protection Policy on the CM:

    CM Protection Profile

  3. Update BDT policy file with the values read in step 2. The supported algorithm for initial encryption is AES/CBC/PKCS5Padding only.

    Algorithm in Protection PolicyValue in BDT Policy
    AES/CBC/PKCS5PaddingAES_CBC_PAD

  4. Convert iv text (given in DPG Protection Policy) to hexadecimal, and set it in bdt.policy.

    You can either use ASCII Table or any online converter to convert iv text to hexadecimal e.g. ASCII Text to Hexdecimal Code Converter.

    The resulting hexdecimal for iv text (used in DPG Protection Policy) will be "31323334353637383132333435363738", and can be set in bdt.policy.

    In the example below, the corresponding values from step 2 are updated in BDT policy file.

    bdt.policy

    "config" : [ {
    "@type" : "AES/CBC/PKCS5Padding",
    "key" : "example_key",
    "iv" : "31323334353637383132333435363738",
    "policyVersion" : 1                         /* Version of protection policy on CM GUI to be used only for Initial Encryption of DPG. */
} ]

    Note

    • BDT reads the encryption properties and protection policy version information from the policy file.

    • A policyVersion parameter is used in the policy file to get version information of the protection policy.

    • Refer to BDT Policy File Attributes for the attribute details and Sample BDT Policy for the sample policy file.

On this page