Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Tasks

Using TU Features in BDT

search

Please Note:

printsuggest an edit

Using TU Features in BDT

copy link to clipboardSupported Algorithms

Supported in TUSupported in BDT
FPE/AES/CARD10"@type": "FPE_AES"

"characterSet": "digits"
FPE/AES/CARD62"@type": "FPE_AES"

"characterSet": "alphanumeric"
AES/CBC/PKCS5Padding"@type": "AES_CBC_PAD"
DESede/CBC/PKCS5Padding"@type": "DESede"

"Padding": "PKCSPADDING"

"mode": "CBC"
DESede/ECB/PKCS5Padding"@type": "DESede"

"Padding": "PKCSPADDING"

"mode": "ECB"
DESede/CBC/NoPadding"@type": "DESede"

"Padding": "PKCSPADDING"

"mode": "ECB"
DESede/ECB/NoPadding"@type": "DESede"

"Padding": "PKCSPADDING"

"mode": "CBC"

Note

  • The minimum data length required for the FPE_AES type in BDT is 4.

  • For FPE algorithms, BDT supports only UTF-8 encoding.

  • BDT does not support the FPE formats.

copy link to clipboardExample

TU Config

<Column>
<Name>CREDITCARD</Name>
<MaximumLength>16</MaximumLength>
    <Transformation>
    <Type>Encrypt</Type>
    <Key>KEY_NAME</Key>
    <Algorithm>FPE/AES/CARD10</Algorithm>
    <TweakAlgo>SHA1</TweakAlgo>
    <TweakData>12345</TweakData>
    <IVType>Column</IVType>
    <IV>0401030003040604090301030705020505030507040108080102020704020702010304070
    400090105020603000002020906070004010200</IV>
    <NewName>CREDITCARD_NEW</NewName>
    </Transformation>
</Column>

BDT Config

"columns": [
        {
          "name": "CREDITCARD",
          "targetColName":"CREDITCARD_NEW",
          "srcColumnAction":"empty",
          "action": "ENCRYPT",
          "config": [
            {
              "@type": "FPE_AES",
              "key": "KEY_NAME",
              "iv": "0401030003040604090301030705020505030507040108080102020704020702010304070400090105020603000002020906070004010200",
              "tweak":"12345",
              "tweakAlgo":"SHA1",
              "characterSet":"digits"
            }
          ]
        }
]

copy link to clipboardSupported Datatypes

The following table lists the datatypes supported by BDT corresponding to the databases supported by TU:

Database (TU)Datatypes (BDT)
SQL ServerCHAR
VARCHAR
DB2CHAR
NUMBER
RAWBINARY
VARCHAR
OracleCHAR
NUMBER
RAW
VARCHAR

copy link to clipboardStoring Output of Crypto Operations in a New Column

BDT allows you to store the output of the crypto operations (encrypt/decrypt/rekey) in a new column. To enable this feature, add the targetColName parameter to the BDT policy file. Click here for more information.

On this page