Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Planning Encryption

Format Preserving Encryption

search

Please Note:

Format Preserving Encryption

The FPE algorithm allows the user to perform encryption on well formatted data without affecting its format post encryption. The algorithm supports CARD10 cardinality for digits in range 0 - 9. The data to be encrypted must comprise of digits in the range 0-9. The table below provide details related to FPE.

Note

For local mode FPE, the input data length should be of minimum two characters.

The following table provides details of fields that are required for FPE.

KeyNon-versioned AES Keys. Key versions are not supported.
Block SizeMAXb
For CARD10 MAXb = 56 bytes
CardinalityCARD10
IVFPE accepts a HEX encoded MAXb integer. IV is always provided but is used only if the length of data exceeds MAXb. FPE breaks long data into MAXb integer blocks and uses block chaining algorithm similar to CBC mode to perform encryption.
— a 56 bytes IV in hex encoded form having a cardinality 10 when data size is > 56 bytes
— A valid value of IV for FPE can be a 112 characters hex encoded s-integers (0-9)
04010300030406040903010
30705020505030507040108
08010202070402070201030
40704000901050206030000
02020906070004010200
Key Size (in bits)— 128
— 192
— 256
Identifier StringsFPE/AES/CARD10
Tweak AlgorithmHashing algorithm to be applied to specified tweak data beforehand. Valid value:
— NONE
— SHA1
— SHA256
Tweak DataTweak data uses the tweakable cipher concept to protect against statistical attacks due to potentially small input/output space. It accepts any ASCII value for SHA1 and SHA 256 and any valid hex encoded value for “NONE” like "1111111111111111". If tweak data algorithm is “NONE”, the value must be HEX encoded string representing 64 bit long (hence, HEX encoding will consume 16 characters.). If tweak data algorithm represents a SHA1/SHA256 argument then the tweak data need not be hex encoded string but any ASCII string.
Additional NotesBase encoding of "B 16" is not recommended to be used with FPE as the output is always in readable format for which there is no need to perform B16 encoding.

Supported Data Types

The following table shows the supported data types. Data types that do not appear in this list cannot be encrypted with FPE.

Data TypeData Types
BIGINTSMALLINT
INTCHAR
VARCHAR

On this page