Reveal Data
Overview
This API decrypts the encrypted text and returns the output as byte array to the user based on the reveal format defined in the access policy. The protection and access policies will be fetched from CipherTrust Manager once the reveal API is called.
Note
If data is already encrypted with a protection policy, ensure to decrypt the data with the same protection policy.
Prerequisites
CipherTrust Manager must be up and running. Refer to CipherTrust Manager Deployment for details.
CADP for Java must be up and running and the client must be registered. Refer to the Quick Start section for details.
Access Policy must be created. Refer to Creating Access Policy for details.
Protection policy must be created. Refer to Creating Protection Policy for details.
Request
| Argument | Description |
|---|---|
| cipherTextDataObject | Object of CipherTextData which holds the response of protect API. |
| protectionPolicyName | Protection policy to be used during the reveal operation. |
| userName | Name of the user for whom data will be revealed. The reveal format depends on the access policy. If username is null, blank, or not part of user set, the default reveal format will be used. |
The following code snippet shows how to reveal data.
byte[] revealedData = CryptoManager.reveal(cipherTextDataObject, protectionPolicyName,userName);
Response
The reveal API returns the byte[].
Examples
Reveal data as ciphertext using internal versioning protection policy
Protection Policy: Internal protection policy, named
internal-ppCipherTextData to be revealed: cipherTextDataObject (1001000GZhPph2dD3qJCrC9x2S7C2g)
UserName: user1
Reveal format: Ciphertext
Request
byte[] revealedData = CryptoManager.reveal(cipherTextDataObject, "internal-pp","user1");
Response
System.out.println("Revealed Data: " + new String(revealedData));
In response, CipherTextData (1001000GZhPph2dD3qJCrC9x2S7C2g) is returned to user1.
Reveal data as plaintext using external versioning protection policy
Protection Policy: External protection policy, named
external-ppCipherTextData to be revealed: cipherTextDataObject (GZhPph2dD3qJCrC9x2S7C2g)
UserName: user2
Reveal format: Plaintext
Request
byte[] revealedData = CryptoManager.reveal(cipherTextDataObject, "external-pp","user1");
Response
System.out.println("revealedData: " + new String(revealedData));
In response, Plaintext (1AX2345678vW12345678Pg5) is returned to user1.
The reveal operation reads the version header (1001000) details using the cipherTextDataObject.getVersion() method.
Reveal data as error replacement value using disabled versioning protection policy
Sample 1: Revealing data as null
Protection Policy: Disabled protection policy, named
disabled-ppCipherTextData to be revealed: cipherTextDataObject (
GZhPph2dD3qJCrC9x2S7C2g)UserName: user3
Reveal format: Error Replacement Value (null)
Request
byte[] revealedData = CryptoManager.reveal(cipherTextDataObject, "disabled-pp","user3");
Response
System.out.println("revealedData: " + revealedData);
In response, error replacement value (null) is returned to user3.
Sample 2: Revealing data as custom error replacement value
Protection Policy: Disabled protection policy, named
disabled-ppCipherTextData to be revealed: cipherTextDataObject (
GZhPph2dD3qJCrC9x2S7C2g)UserName: user4
Reveal format: Custom error replacement value (000000)
Request
byte[] revealedData = CryptoManager.reveal(cipherTextDataObject, "disabled-pp","user4");
Response
System.out.println("revealedData: " + new String(revealedData));
In response, custom error replacement value (000000) is returned to user4.
Reveal data as masked value using external versioning protection policy
Operation: Reveal
Protection Policy: External protection policy, named
external-ppCipherTextData to be revealed: cipherTextDataObject (
GZhPph2dD3qJCrC9x2S7C2g)UserName: user2
Dynamic masking format: SHOW_FIRST_TWO_LAST_FOUR
Reveal format: Masked value
Request
byte[] revealedData = CryptoManager.reveal(cipherTextDataObject, "external-pp","user2");
Response
System.out.println("revealedData: " + new String(revealedData));
The reveal operation will read the version header using the cipherTextDataObject.getVersion() method. In response, masked value (Doxxxxxxxxxxs0Oe) is returned to user2.
Reveal small input value
Protection Policy: Internal protection policy, named
internal-ppCipherTextData to be revealed: cipherTextDataObject (1001000CC-1)
UserName: user1
Reveal format: Ciphertext
Request
byte[] revealedData = CryptoManager.reveal(cipherTextDataObject, "internal-pp","user1");
Response
System.out.println("Revealed Data: " + new String(revealedData));
In response, CipherTextData (1) is returned to user1.
Reveal data as default format
Data is revealed as default format in the following scenarios:
When username is not part of any user set.
When null is passed as username.
When empty string ("") is passed as username.
Following are the samples where default reveal format is used:
byte[] revealedData = CryptoManager.reveal(cipherTextDataObject, "protectionPolicyName","userName");// here, username is not part of any user set.
Or
byte[] revealedData = CryptoManager.reveal(cipherTextDataObject, "protectionPolicyName","null");//here, null is passed as UserName in the API call.
Or
byte[] revealedData = CryptoManager.reveal(cipherTextDataObject, "protectionPolicyName","");//here empty string is passed in the API call.
Reference
The compiled sample for reveal is available on Github.
