Protection Policy
A protection policy defines a set of rules that govern the cryptographic operation. The protection policy includes entities such as algorithm, access policy, key, mode, and character set. Refer to Managing Protection Policy for details.
Protection policy specifications
Internal versioning protection policy
It is a type of protection policy where the version header is prepended with the ciphertext. The protected text reserves 7 digits for version header.
The first digit is reserved for type
The next 3 digits are reserved for protection policy version
The last 3 digits are reserved for key version.
For example, 100100031323132313231232123.
| 1 | type |
| 001 | protection policy version |
| 000 | key version |
| 31323132313231232123 | ciphertext |
The permissible version header range is - 1001000 - 1999999.
External versioning protection policy
It is a type of protection policy where the version header is not part of the ciphertext. In external version protection policy, the version header details are stored in a different column/field based on the chosen connector type and its configurations.
Disable versioning protection policy
A disabled version protection policy is the policy without the version header. If Disable Versioning is selected, the protection policy cannot be modified. In such cases, only Version 0 of a key will be used to protect/reveal data.
Luhn check
A luhn check is a formula to validate identification of numbers. Protection policy is configured to protect or reveal luhn compliant data. This check is only compatible with All digits character set (0-9) and FPE algorithms. The luhn check requires minimum 3 characters to perform crypto operations.
Prefix
It is a user friendly name that helps user identify the type of data being protected.
Static masking format
Allows you to preserve starting and ending characters of the input data. The remaining characters will be protected based on the selected algorithm. It is only applicable for FPE algorithms.
Allow Small Input Value
Support available in CipherTrust Manager future releases
The exact CipherTrust Manager version will be specified once it is officially released and will also be reflected in the CipherTrust Manager release notes.
Format-preserving algorithms require a character set during cryptographic operations. When the effective input length does not meet the minimum length criteria supported by the underlying algorithm, an error is thrown. To handle this scenario, use the Allow Small Input parameter. This parameter allows CADP for Java to process small input. Refer to protect and reveal sections for details.
Conversely, if the Allow Small Input parameter is disabled and user attempts to protect a small input value, CADP for Java doesn't process it and returns the Input buffer is too short (len=1), it has to be at least 2 bytes long error.
This parameter is only supported with FPE and Random2 algorithms.
