Please Note:

Protect Data

Overview

This API protects the plaintext and returns the CipherTextData object based on the protection policy passed in the API. The protection policy provides different functionalities as described here. The API call for the protect operation for the aforementioned specifications remains the same; however, the output changes according to the protection policy used in the API call. The protection policy will be fetched from CipherTrust Manager once the protect API is called.

Prerequisites

CipherTrust Manager must be up and running. Refer to CipherTrust Manager Deployment for details.
CADP for Java must be up and running and the client must be registered. Refer to the Quick Start section for details.
Protection policy must be created. Refer to Creating Protection Policy for details.

Request

Argument	Description
plainText	Data to be protected.
protectionPolicyName	Protection policy to be used during the protect operation.

The following code snippet shows how to protect data:

    CipherTextData cipherTextDataObject = CryptoManager.protect(plainText.getBytes(), protectionPolicyName);

Response

The protect API returns the CipherTextData object.

Parameter	Description
CipherTextData	Holds response of protect operation such as cipherText and version header.

Structure of CipherTextData object

    CipherTextData {
    private byte[] cipherText;
    private byte[] version //only applicable when external versioned protection policy is used. In case of internal versioned protection policy, the version header is prepended to the cipherText.//
    private String errorMessage;//only applicable for reprotect API.
    private byte[] nonce; //only applicable when external protection policy is used. In case of internal versioned protection policy, the nonce is prepended to the cipherText.//
    }

Examples

Protect with internal versioning protection policy

Protection Policy: Internal, named internal-pp
Data to be protected: 1AX2345678vW12345678Pg5

Request

CipherTextData cipherTextDataObject = CryptoManager.protect("1AX2345678vW12345678Pg5".getBytes(), "internal-pp");

Response

To get the response, use the below snippet:

System.out.println("Protected Data: " + new String(cipherTextDataObject.getCipherText()));

In response, version header + ciphertext (1001000GZhPph2dD3qJCrC9x2S7C2g) is stored in the object, cipherTextDataObject.

Protect with external versioning protection policy

Protection Policy: External, named external-pp
Data to be protected: 1AX2345678vW12345678Pg5

Request

CipherTextData cipherTextDataObject = CryptoManager.protect("1AX2345678vW12345678Pg5".getBytes(), "external-pp");

Response

To get the response, use the below snippet:

System.out.println("Protected Data: " + new String(cipherTextDataObject.getCipherText()));// This will return ciphertext
System.out.println("Protected Data: " + new String(cipherTextDataObject.getVersion()));// This will have version header information

In response, ciphertext (GZhPph2dD3qJCrC9x2S7C2g) and version header (1001000) are stored in the object, cipherTextDataObject.

Protect with disabled versioning protection policy

Protection Policy: Disabled, named disabled-pp
Data to be protected: 1AX2345678vW12345678Pg5

Request

CipherTextData cipherTextDataObject = CryptoManager.protect("1AX2345678vW12345678Pg5".getBytes(), "disabled-pp");

Response

To get the response, use the below snippet:

System.out.println("Protected Data: " + new String(cipherTextDataObject.getCipherText()));

In response, only ciphertext (GZhPph2dD3qJCrC9x2S7C2g) is stored in the object, cipherTextDataObject.

Protect with static masking format

Protection Policy: Internal protection policy configured with static masking format, named static-pp
Algorithm: FPE/FF1v2
Static masking format: Preserve FIRST_SIX_LAST_FOUR characters
Character Set: All digits (0030-0039)
Data to be protected: 123abc456781wxy23456lmw78

Request

CipherTextData cipherTextDataObject = CryptoManager.protect("123abc456781wxy23456lmw78".getBytes(), "static-pp");

Response

To get the response, use the below snippet:

System.out.println("Protected Data: " + new String(cipherTextDataObject.getCipherText()));

In response, versionheader+ciphertext (1001001123abc456424wxy18356lmw78) is returned.

The first six and the last four characters of the input are preserved in the ciphertext.

Protect luhn compliant data

Protection Policy: External protection policy with luhn-check support, named luhn-pp
Algorithm: FPE/FF1v2
Character Set: All digits (0030-0039)
Data to be protected: 1234567812345670

Note

The input to be protected must be luhn compliant.
There must be at least 3 characters in the input.

Request

CipherTextData cipherTextDataObject = CryptoManager.protect("1234567812345670".getBytes(), "luhn-pp");

Response

To get the response, use the below snippet:

System.out.println("Protected Data: " + new String(cipherTextDataObject.getCipherText()));// This will return ciphertext
System.out.println("Protected Data: " + new String(cipherTextDataObject.getVersion()));// This will have version header information

In response, ciphertext (3484104497372564) is returned and version header (1001000) are stored in the object, cipherTextDataObject.

Protect data with prefix

Protection Policy: Internal protection policy configured with prefix, named prefix-pp
Prefix: CC-
Data to be protected: 1AX2345678vW12345678Pg5

Request

CipherTextData cipherTextDataObject = CryptoManager.protect("1AX2345678vW12345678Pg5".getBytes(), "prefix-pp");

Response

To get the response, use the below snippet:

System.out.println("Protected Data: " + new String(cipherTextDataObject.getCipherText()));

In response, versionheader+prefix+ciphertext (1001000CC-GZhPph2dD3qJCrC9x2S7C2g) is returned.

Protect small input value

Support available in CipherTrust Manager future releases. The exact CipherTrust Manager version will be specified once it is officially released and will also be reflected in the CipherTrust Manager release notes.

Protection Policy: Internal protection policy configured to protect small input value.
Prefix: CC-
Data to be protected: 1

Request

CipherTextData cipherTextDataObject = CryptoManager.protect("1".getBytes(), "internal-pp");

Response

To get the response, use the below snippet:

System.out.println("Protected Data: " + new String(cipherTextDataObject.getCipherText()));

In response, versionheader+prefix+ciphertext (1001000CC-1) is returned.

Note

Null or "" (empty) characters are always by passed, that is, the output is same as the input irrespective of any protection policy configurations.

Reference

The compiled sample for protect is available on Github.

Suggest A Change

Protect Data

Overview

Prerequisites

Request

Response

Structure of CipherTextData object

Examples

Protect with internal versioning protection policy

Protect with external versioning protection policy

Protect with disabled versioning protection policy

Protect with static masking format

Protect luhn compliant data

Protect data with prefix

Protect small input value

Reference

On this page