FPEFormatEncryption
This API encrypts data using FPE while preserving format of plaintext.
URL
<http/https>://<host-name>:<Port>/protectappws/services/rest/fpeFormat/encrypt
Input Parameters
Parameters | Description |
---|---|
userName | User name. |
password | Password associated with the user. |
format | The format in which some part of input data is to be kept intact, that is, the selected part of the input data is not encrypted Valid values are: — LAST_FOUR — FIRST_SIX — FIRST_SIX_LAST_FOUR — FIRST_TWO_LAST_FOUR — NONE — CUSTOM The CUSTOM format allows you to choose the starting and the ending characters to be preserved. It uses the following fields: For FPE/AES, the aforementioned formats are only supported with CARD10. |
keyName | Name of the key. |
charset | Charset range on which cryptographic operation is to be performed. This parameter is only required with Unicode. Multiple ranges separated by comma are allowed. For example, to specify Greek and digit range, use the following format: 0E00-0E7F, 0030-0039 . |
transformation | Transformation to be used. It overrides the standard padding. Supported options are: — FPE/XXX/CARD10 — FPE/XXX/CARD26 — FPE/XXX/CARD62 — FPE/XXX/UNICODE Here, XXX can be AES, FF1, FF1v2, FF3, or FF3-1. |
keyiv | This parameter is only applicable for FPE/AES transformation. — FPE/AES/CARD10: a 56 bytes IV when data size is >56 bytes. — FPE/AES/CARD26: a 40 bytes IV when data size is >40 bytes. — FPE/AES/CARD62: a 32 bytes IV when data size is >32 bytes. — FPE/AES/UNICODE: When cardinality is y, a x characters IV is used when data size is >x characters. Here, y is the number of characters in the unicode character set file, and corresponding value of x is derived using the following formula: double lg = Math.log10(Math.pow((double)2,(double)96))/Math.log10((double)CharacterSet_size); double block_len = 2 * Math.floor(lg); The table with cardinality and corresponding IV value based on the above formula is provided in here. If data size is less than |
plainText | Data to be encrypted. |
tweakData | Optional, If tweak data algorithm is "None" or not specified, the value must be HEX encoded string representing 64 bit long (hence HEX encoding will consume 16 characters). Tweak data is mandatory if Tweak Algo is given, else it is optional. |
tweakAlgo | Optional, default is none. |
certAlias | Client certificate alias for making SSL connections (optional). |
certPass | Password for the provided certificate alias (optional). |
encoding | Encoding method to be used. Currently, only UTF-8 is supported. |
Note
In case if tweak data algorithm represents any valid algorithm, the tweak data value can be any ASCII string (not necessarily HEX). Tweak Data is first processed using Tweak Hash Algorithm and the result is truncated to 64 bits for input to the FPE algorithm.
Sample REST call for cxf
request
{
"FPEFormatEncryptionRequest": {
"userName": "user",
"password": "password",
"format": "CUSTOM",
"numberOfElementsFromStart": 1,
"numberOfElementsBeforeEnd": 3,
"keyName": "test_key",
"keyiv": null,
"charset": "30-39",
"transformation": "FPE/AES/UNICODE",
"tweakAlgo": "SHA256",
"tweakData": "3700337003700337003370037003",
"plainText": "123-4567898765432123456-789",
"encoding":"UTF-8"
}
}
response
{
"FPEFormatEncryptionResponse": {
"encryptedData": "162-3843568388765263874-789"
}
}