Skip to content

Encryption Schemes

As background, refer to the definition of terms in the introduction to this guide.

System Encryption Schemes Enabled by Default

After encryption has been enabled, Privacera-supplied system encryption schemes are also enabled.

List of System Encryption Schemes

The following is a list of the Privacera-supplied system encryption schemes. The name of a scheme in general describes the type of data the scheme is designed to encrypt.


Viewing the Encryption Schemes

To see the schemes, navigate to Encryption & Masking and click Schemes.

You can import, export, define new encryption schemes or modify existing ones.

Formats, Algorithms, and Scopes

The formats, algorithms, and scopes associated with each scheme are described in Encryption formats, algorithms, and scopes.

Here is a general description of some of these constructs.


For Privacera Encryption, a format refers to the datatype and structure of the input data to be encrypted, such as numeric, date, or credit card.


In general, there are two types of algorithms:

  • Two-way encryption/decryption.
  • One-way hashes.


One type of one-way transformation is the LITERAL replacement of data. This option replaces the specified data with the name of the tag associated with the data. For example, if a database field is tagged as PERSON_NAME, when an encryption transform is applied as LITERAL, the field's value is replaced with PERSON_NAME.

Using LITERAL means that the original data cannot be recovered.


The ALL scope is recommended as the most comprehensive treatment of the extent of the data. However, you can choose from other available scopes.

Record the Names of Schemes in Use and Do Not Delete Them

Make sure to:

  • Keep a record of which schemes you use to encrypt or transform which data. You need to use the same scheme to decrypt that data.
  • Protect your active schemes. Consider exporting them to a secure location.
  • Do not delete your active schemes.

Otherwise, you cannot decrypt the data.