Key Types and Input Sizes
User permissions (to encrypt, decrypt, sign, verify, hash, or tokenize/detokenize) must be tied to particular keys. The CipherTrust Key Management APIs provide an array of static key management functions, as well as the ability dynamically to create or import keys to the CipherTrust Manager.
Key Type
| Key Type | Description |
|---|---|
| Symmetric | Oct or octet sequence. Used to: • tokenize • detokenize • encrypt • decrypt Symmetric keys are also used for tokenization, and while the symmetric keys are typical AES keys with 128 or 256 bits of key material, the algorithms are FPE (FF3) and FF1. Note: Versioned keys may not be used for tokenization, only non-versioned keys. |
| Asymmetric | RSA key type used to encrypt, decrypt, sign, and verify. |
Key Input Sizes
For CBC and ECB modes of encryption, the input size should be a multiple of the block size.
Note
The AES block size is 16 bytes (128 bits). If you do not use an input length that is a multiple of the block size, use CTR or CBC-PAD encryption.
Refer to Creating Static and Dynamic Keys for keys creation.
