Skip to main content

PrivaceraCloud Documentation

Encryption schemes

:

Encryption schemes are schemes that encrypt and decrypt your data.

Important

When using encryption schemes, make sure to:

  • Keep a record of which schemes you use to encrypt or transform which data. You need to use the same scheme to decrypt that data.

  • Protect your active schemes. Consider exporting them to a secure location.

  • Never delete your active schemes.

Otherwise, you will be unable to decrypt your data.

Privacera-supplied encryption schemes

After encryption has been enabled, the default Privacera-supplied system encryption schemes are also enabled.Privacera Encryption Gateway (PEG) and Cryptography with Ranger KMS

The following is a list of the Privacera-supplied system encryption schemes. The name of a scheme in general describes the type of data the scheme is designed to encrypt.

  • SYSTEM_US_PHONE_FORMATTED

  • SYSTEM_ACCOUNT

  • SYSTEM_PERSON_NAME

  • SYSTEM_SSN

  • SYSTEM_EMAIL

  • SYSTEM_ADDRESS

  • SYSTEM_CREDITCARD

View encryption schemes

To view your encryption schemes, select Encryption & Masking > Schemes from the Privacera Portal navigation menu.

Formats, algorithms, and scopes

In Privacera Encryption, a scheme is composed of formats, algorithms, and scopes. The formats, algorithms, and scopes associated with each scheme are described in Encryption formats, algorithms, and scopes.

The following sections explain formats, algorithms, and scopes.

Formats

A format is the data type and structure of the input data to be encrypted.

For example, the format of your input data could be:

  • Numeric

  • Date

  • Credit card

  • Social security number

Algorithms

Algorithms are the mathematics used to encrypt your data.

There are two types of algorithms:

  • Two-way encryption and decryption

  • One-way hashes

About LITERAL

One type of one-way transformation is the LITERAL replacement of data. This option replaces the specified data with the name of the tag associated with the data.

For example, if a database field is tagged as PERSON_NAME, when an encryption transform is applied as LITERAL, the field's value is replaced with PERSON_NAME.

Caution

If you use LITERAL, the original data cannot be recovered.

Scopes

Scopes define the extent of your data encryption, such as the first four digits, an IP domain, or all data.

The ALL scope is recommended as the most comprehensive treatment of the extent of the data. However, you can choose from other available scopes.