Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Stateless APIs

FPEFormatDecryption

search

Please Note:

FPEFormatDecryption

This API decrypts data using FPE while preserving format of ciphertext.

URL

<http/https>://<host-name>:<Port>/protectappws/services/rest/fpeFormat/decrypt

Input Parameters

ParametersDescription
userNameUser name (optional).
passwordPassword associated with the user (optional).
formatThe format in which some part of input data is to be kept intact, that is, the selected part of the input data is not encrypted
Valid values are:
— LAST_FOUR
— FIRST_SIX
— FIRST_SIX_LAST_FOUR
— FIRST_TWO_LAST_FOUR
— NONE
— CUSTOM

The CUSTOM format allows you to choose the starting and the ending characters to be preserved. This format uses the following fields:
numberOfElementsFromStart - enter the number of starting characters to be preserved.
numberOfElementsBeforeEnd - enter the number of ending characters to be preserved.

For FPE/AES, the aforementioned formats are only supported with CARD10.

keyNameName of the key.
charsetCharset range on which cryptographic operation is to be performed. This parameter is only required with Unicode.
Multiple ranges separated by comma are allowed. For example, to specify Greek and digit range, use the following format: 0E00-0E7F, 0030-0039.
transformationTransformation to be used. It overrides the standard padding. Supported options are:
— FPE/XXX/CARD10
— FPE/XXX/CARD26
— FPE/XXX/CARD62
— FPE/XXX/UNICODE

Here, XXX can be AES, FF1, FF1v2, FF3, or FF3-1.

keyivThis parameter is only applicable for FPE/AES transformation.
FPE/AES/CARD10: a 56 bytes IV when data size is >56 bytes.
FPE/AES/CARD26: a 40 bytes IV when data size is >40 bytes.
FPE/AES/CARD62: a 32 bytes IV when data size is >32 bytes.
FPE/AES/UNICODE: When cardinality is y, a x characters IV is used when data size is >x characters.
Here, y is the number of characters in the unicode character set file, and corresponding value of x is derived using the following formula:
double lg = Math.log10(Math.pow((double)2,(double)96))/Math.log10((double)CharacterSet_size);
double block_len = 2 * Math.floor(lg);
The table with cardinality and corresponding IV value based on the above formula is provided in here.

If data size is less than lg and you want to skip IV, set ignoreIv to true.

dataData to be decrypted.
tweakDataOptional, If tweak data algorithm is "None" or absent, the value must be HEX encoded string representing 64 bit long (hence HEX encoding will consume 16 characters). Tweak data is mandatory if Tweak Algo is given, else it is optional.
tweakAlgoOptional, default is none.
certAliasClient certificate alias for making SSL connections (optional).
certPassPassword for the provided certificate alias (optional).
encodingEncoding method to be used. Currently, only UTF-8 is supported.

Sample REST call for cxf

request

    {
        "FPEFormatDecryptionRequest": {
            "userName": "user",
            "password": "password",
            "format": "CUSTOM",
            "numberOfElementsFromStart": 1,
            "numberOfElementsBeforeEnd": 3,
            "keyName": "test_key",
            "keyiv": null,
            "charset": "30-39",
            "transformation": "FPE/AES/UNICODE",
            "tweakData": "3700337003700337003370037003",
            "tweakAlgo": "SHA256",
            "data": "162-3843568388765263874-789",
            "encoding":"UTF-8"
        }
    }

response

    {
        "FPEFormatDecryptionRequest": {
            "data": "123-4567898765432123456-789"
        }
    }

On this page