Creating a Policy for LDT Encryption with CipherTrust Manager
When you use LDT encryption, you only need to create one policy. This policy will be used for both the initial data encryption and guarding the data in production. LDT requires a versioned CBC or CBC_CS1 key in order to perform automatic key rotation. For details, see the CTE-Live Data Transformation with CipherTrust Manager guide for the version of CTE that you are using.
-
Log into CipherTrust Manager and launch the CTE application.
-
In the left-hand menu bar, click Policies.
-
Click Create Policy.
-
For Name, make sure you use a name that clearly designates this as an LDT policy. You will need to be able to find this policy name from the list of all available policies when you create the GuardPoint.
-
For Policy Type, select Live Data Transformation.
-
Click Next to go to the Security Rules page. CipherTrust Manager should have automatically added a security rule for Action:
key_op
, Effect:permit,applykey
. If this security rule is not there, click Back and make sure you have selected Live Data Transformation in the Policy Type field. -
Enter any other security rules you want to use based on your production environment requirements. You can add as many security rules as you need to define who should have access to the protected data.
For more information about the type of rules you may want to use, or ways to exclude some data from encryption, see the CTE-Live Data Transformation with CipherTrust Manager guide for the version of CTE that you are using.
-
When you are done specifying your security rules, click Next to go to the Key Rules page.
-
Click Create Key Rule and enter the following information:
-
In the Current Key Name field, click Select to specify the current encryption key used for the data. If the data is unencrypted, specify
clear_key
as the encryption key. -
In the Transformation Key Name field, click Select to specify the versioned encryption key you want to use to encrypt the data. When you are done, click Add.
Tip
You can also create a new key at this point if desired. For details on creating an encryption key, see your CipherTrust Manager documentation.
For example:
-
-
Click Next to go to the Confirmation page.
-
Verify your selections and click Save to save the policy.