Using TU Features in BDT
Supported Algorithms
| Supported in TU | Supported in BDT |
|---|---|
| FPE/AES/CARD10 | "@type": "FPE_AES""characterSet": "digits" |
| FPE/AES/CARD62 | "@type": "FPE_AES""characterSet": "alphanumeric" |
| AES/CBC/PKCS5Padding | "@type": "AES_CBC_PAD" |
| DESede/CBC/PKCS5Padding | "@type": "DESede""Padding": "PKCSPADDING""mode": "CBC" |
| DESede/ECB/PKCS5Padding | "@type": "DESede""Padding": "PKCSPADDING""mode": "ECB" |
| DESede/CBC/NoPadding | "@type": "DESede""Padding": "PKCSPADDING""mode": "ECB" |
| DESede/ECB/NoPadding | "@type": "DESede""Padding": "PKCSPADDING""mode": "CBC" |
Note
The minimum data length required for the
FPE_AEStype in BDT is 4.For FPE algorithms, BDT supports only UTF-8 encoding.
BDT does not support the FPE formats.
Example
TU Config
<Column>
<Name>CREDITCARD</Name>
<MaximumLength>16</MaximumLength>
<Transformation>
<Type>Encrypt</Type>
<Key>KEY_NAME</Key>
<Algorithm>FPE/AES/CARD10</Algorithm>
<TweakAlgo>SHA1</TweakAlgo>
<TweakData>12345</TweakData>
<IVType>Column</IVType>
<IV>0401030003040604090301030705020505030507040108080102020704020702010304070
400090105020603000002020906070004010200</IV>
<NewName>CREDITCARD_NEW</NewName>
</Transformation>
</Column>
BDT Config
"columns": [
{
"name": "CREDITCARD",
"targetColName":"CREDITCARD_NEW",
"srcColumnAction":"empty",
"action": "ENCRYPT",
"config": [
{
"@type": "FPE_AES",
"key": "KEY_NAME",
"iv": "0401030003040604090301030705020505030507040108080102020704020702010304070400090105020603000002020906070004010200",
"tweak":"12345",
"tweakAlgo":"SHA1",
"characterSet":"digits"
}
]
}
]
Supported Datatypes
The following table lists the datatypes supported by BDT corresponding to the databases supported by TU:
| Database (TU) | Datatypes (BDT) |
|---|---|
| SQL Server | CHAR VARCHAR |
| DB2 | CHAR NUMBER RAWBINARY VARCHAR |
| Oracle | CHAR NUMBER RAW VARCHAR |
Storing Output of Crypto Operations in a New Column
BDT allows you to store the output of the crypto operations (encrypt/decrypt/rekey) in a new column. To enable this feature, add the targetColName parameter to the BDT policy file. Click here for more information.
