Format Preserving Encryption
CDP for Oracle for Oracle supports encryption of well formatted data and preserves the formatting even after encryption.
Overview
The FPE algorithm allows the user to perform encryption on well formatted data without affecting its format post encryption. The algorithm supports:
CARD10: To encrypt data consisting of digits (0-9). Special characters, including space, if present in input data, are retained as it is.
CARD62: To encrypt data containing digits (0-9), lower case (a-z), and upper case (A-Z). To encrypt data containing digits (0-9), lower case (a-z), and upper case (A-Z). Special characters, including space, if present in input data, are retained as it is.
Note
CARD62 is only supported in local mode and with the CipherTrust Manager.
To use CARD62, you must first migrate an empty table.
For FPE (CARD10 and 62), if input data contains characters other than the supported characters (including special characters and spaces), then during migration, the invalid input data error is encountered. Also, if the table is already migrated, then inserting such data gives the invalid input data error.
It is recommended that the input data length should be of minimum two characters.
FPE
| Key | Non-versioned AES Keys. Key versions not supported. |
| Block Size | MAXb For CARD10, MAXb = 56 bytes |
| Cardinality | CARD10 and CARD 62 |
| IV | — FPE accepts a HEX encoded MAXb integer. IV is always provided but is used only — if the length of data exceeds MAXb. FPE breaks long data into MAXb integer blocks and uses block chaining algorithm similar to CBC mode to perform encryption. A 56 bytes IV in hex encoded form having a cardinality 10 when data size is >56 bytes A valid value of IV can be a 112 characters s-integers(0-9) 0401030003040604090301030705020505030507040108080102020704020702010304070400090105020603000002020906070004010200.— For CARD10, the IV that you specify for operations must be hex encoded IV and should be s-integers(0-9) of length 112 characters s-integers(0-9). For example, 01080609..... This IV will be used for data length >56. — For CARD62, the IV that you specify for operations must be hex encoded and should be IV (s-integers(0-9), 64 characters for CARD62. For example, 01080609..... This IV will be used for data length >32. After encryption, this field displays the IV used. |
| Key Size (in bits) | — 128 — 192 — 256 |
| Identifier Strings | — FPE/AES/CARD10 — FPE/AES/CARD62 |
| FPE Encryption Format | The formats the user may use to determine the structure of the output. Following formats are supported for FPE: — NONE: No format is applied with FPE. In this case, complete plaintext will be considered as an input for crypto peration. — FIRST_SIX: This format allows the user to keep intact the first six digits of the plaintext input. So, after encryption the first six digits of the output ciphertext will remain same as input plaintext and rest digits will be encrypted using FPE. — FIRST_SIX_LAST_FOUR: This format allows the user to keep intact the first six and last four digits of the plaintext input. So, after encryption the first six and last four digits of the output ciphertext will remain same as input plaintext and rest digits will be encrypted using FPE. — FIRST_TWO_LAST_FOUR: This format allows the user to keep intact the first two and last four digits of the plaintext input. So, after encryption the first two and last four digits of the output ciphertext will remain same as input plaintext and rest digits will be encrypted using FPE. — LAST_FOUR: This format allows the user to keep intact the last four digits of the plaintext input. So, after encryption the last four digits of the output ciphertext will remain same as input plaintext and rest digits will be encrypted using FPE. Notes: — FPE formats are not supported with CARD62. — The effective data length (excluding special characters) of input plaintext to be encrypted must be greater than the selected format. For example, for the FIRST_SIX format, if the input plaintext is 12345678@#, then encryption will be performed on 78 after retaining the first six characters and the special characters @#. Suppose the input plaintext was 12345@#, then the encryption will not be performed on this, as the effective data to be encrypted is less than six even though the input plaintext has seven characters. |
| Tweak Algorithm | Used to let caller specify a hashing algorithm to be applied to specified tweak data beforehand. Valid value: — NONE — SHA1 — SHA256 If NONE is selected in the FPE Encryption Format field then NONE, SHA1, and SHA256 options are available for Tweak Algorithm. If any FPE encryption format is selected then only SHA1 and SHA256 options are available. |
| Tweak Data | Tweak data uses the tweakable cipher concept to protect against statistical attacks due to potentially small input/output space. It accepts any ASCII value for SHA1 and SHA 256 and any valid hex encoded value for NONE like "1111111111111111". If, tweak data algorithm is NONE, the value must be HEX encoded string representing 64 bit long (hence, HEX encoding will consume 16 characters.). If tweak data algorithm represents a SHA1/SHA256 argument then the tweak data need not be hex encoded string but any ASCII string. Note: These values can be entered when NONE is selected in the FPE Encryption Format field. |
| Additional Notes | — Base encoding of "B 16" is not recommended to be used with FPE as the output is always in readable format for which there is no need to perform B16 encoding. — It is not recommended to use decimal values in error replacement for FPE. |
Supported Data Types
The following table shows the data types supported by the migration process for Oracle 12c, 18c, and 19c. Data types that do not appear in this list cannot be encrypted with FPE.
| Data Type | Oracle 12c, 18c, and 19c | Remarks |
|---|---|---|
| SMALLINT | Yes | - |
| INT | Yes | - |
| CHAR | Yes | Maximum data length/column length should be of 1,999 characters. For data length/column length greater than 1,999 error message will be displayed. |
| VARCHAR2 | Yes | Maximum data length/column length should be of 1,999 characters. For data length/column length greater than 1,999 error message will be displayed. |
| NCHAR | Yes | Maximum data length/column length should be of 999 characters. For data length/column length greater than 999 error message will be displayed. |
| NVARCHAR2 | Yes | Maximum data length/column length should be of 999 characters. For data length/column length greater than 999 error message will be displayed. |
| NUMBER | Yes | Maximum 38 digits supported and no decimal values allowed. |
