FPE Formats
FPE supports the following formats. These formats help users to determine the structure of the output. It supports special character preservation.
| Format | Description |
|---|---|
| LAST_FOUR | This format allows the user to keep intact the last four digits of the plaintext value after encryption. So, after encryption the last four digits of the ciphertext value will remain same as the input plaintext and rest digits will be encrypted using FPE algorithm. |
| FIRST_SIX | This format allows the user to keep intact the first six digits of the plaintext value. So, after encryption the first six digits of the ciphertext value will remain same as input plaintext and rest digits will be encrypted using FPE. |
| FIRST_SIX_LAST_FOUR | This format allows the user to keep intact the first six and last four digits of the plaintext value. So, after encryption the first six and last four digits of the ciphertext value will remain same as input plaintext and rest digits will be encrypted using FPE. |
| FIRST_TWO_LAST_FOUR | This format allows the user to keep intact the first two and last four digits of the plaintext value. So, after encryption the first two and last four digits of the ciphertext value will remain same as input plaintext and rest digits will be encrypted using FPE. |
| NONE | No format is applied with FPE. In this case, complete plaintext value is encrypted. |
| CUSTOM | The CUSTOM format allows you to choose the starting and the ending characters to be preserved. This format uses the following fields: — numberOfElementsFromStart - enter the number of starting characters to be preserved.— numberOfElementsBeforeEnd - enter the number of ending characters to be preserved.Refer to the below sample for details. |
FPE sample with custom format
The following code snippet demonstrates how to encrypt data using CUSTOM formats.
Create an
NAESessionobject. Pass Key Manager username and password as arguments.Obtain an instance of the key you want to use for the encryption operation.
Create
FPEFormatto fetch the custom format. SetnumberOfElementsFromStartandnumberOfElementsBeforeEnd.Create
FPEParameterAndFormatSpecwith tweak parameters and format.Get an instance of a Cipher object.
Initializes cipher to encrypt.
Convert the data to byte array and invoke the
doFinalmethod of the Cipher object to perform the encryption.
Code sample
NAESession session = NAESession.getSession(username, password.toCharArray());
NAEKey key = NAEKey.getSecretKey(keyName, session);
String algorithm = "FPE/FF1v2/CARD10";
FPEFormat format = FPEFormat.getCustomFormat();
format.setNumberOfElementsBeforeEnd(0);
format.setNumberOfElementsFromStart(6);
FPEParameterAndFormatSpec paramSpec = new FPEParameterAndFormatBuilder(tweakData).set_tweakAlgorithm(tweakAlgo).setFpeFormat(format).build();
Cipher encryptCipher = Cipher.getInstance(algorithm, "IngrianProvider");
encryptCipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);
byte[] outbuf = encryptCipher.doFinal(dataToEncrypt.getBytes());
Important points
These formats are not supported when performing bulk operations.
While using the above formats in FPE/AES/CARD10, the effective input data length must be less than 56 bytes. These formats are not supported with FPE/AES/CARD26, FPE/AES/CARD62, and FPE/AES/Unicode.
