Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Using the LDT Encryption Method

Creating an LDT Policy for DFS(R)

search

Please Note:

printsuggest an editpdf paneldownload

Creating an LDT Policy for DFS(R)

  1. Log into the CipherTrust Manager Console and switch to the correct domain if required.

  2. If you do not know which versioned key you want to use to encrypt the data, or you want to create a new key to use for the DFS(R) namespace, launch the Keys & Access Management application and locate an existing versioned key, or create a new versioned key. For details on creating a versioned key for LDT, see Creating an Encryption key.

  3. Launch the Transparent Encryption application.

  4. In the left-hand menu bar, click Policies.

  5. Click Create Policy.

  6. Enter a name for the policy in the Name field.

  7. In the Policy Type field, select Live Data Transformation.

  8. Click Next.

  9. On the Security Rules page, make sure there is a security rule with the action key_op and the effect permit,applykey. If CipherTrust Manager does not ad this security rule automatically, go back to the General Info page and make sure that the policy type is set to Live Data Transformation.

  10. On the Security Rules page, click Create Security Rule and add the following security rule:

    • In the User Set field, select the user set you created that contains NT AUTHORITY. For details, see Creating Required DFS(R) Policy Components.

    • In the Process Set field, select the process set you created that contains the required DFS(R) processes dfsrs.exe and ntoskrnl.exe.

    • In the Action field, select all_ops.

    • In the Effect field, select Permit.

  11. When you are finished, click Add to save the security rule.

  12. Add any other security rules that you need to your policy. When you are finished, click Next.

  13. On the Key Rules page, click Create Key Rule and add the following key rule:

    • In the Current Key field, select clear_key.

      Caution

      In a DFS(R) environment, you must apply the LDT policy on unencrypted data ONLY (the current key must be set to clear_key). If your data is already encrypted, you must decrypt it and remove the existing GuardPoints before re-encrypting the data with a new key.

    • In the Transformation Key field, select the LDT versioned key that you want to use to encrypt the data.

  14. When you are finished, click Add to save the key rule.

  15. Click Next.

  16. Verify the policy information and click Save to save the LDT policy.

On this page