Encryption Schemes
As background, refer to the definition of terms in the introduction to this guide.
System Encryption Schemes Enabled by Default
After encryption has been enabled, Privacera-supplied system encryption schemes are also enabled.
List of System Encryption Schemes
The following is a list of the Privacera-supplied system encryption schemes. The name of a scheme in general describes the type of data the scheme is designed to encrypt.
- SYSTEM_US_PHONE_FORMATTED
- SYSTEM_ACCOUNT
- SYSTEM_PERSON_NAME
- SYSTEM_SSN
- SYSTEM_EMAIL
- SYSTEM_ADDRESS
- SYSTEM_CREDITCARD
Viewing the Encryption Schemes
To see the schemes, navigate to Encryption & Masking and click Schemes.
You can import, export, define new encryption schemes or modify existing ones.
Formats, Algorithms, and Scopes
The formats, algorithms, and scopes associated with each scheme are described in Encryption formats, algorithms, and scopes.
Here is a general description of some of these constructs.
Formats
For Privacera Encryption, a format refers to the datatype and structure of the input data to be encrypted, such as numeric, date, or credit card.
Algorithms
In general, there are two types of algorithms:
- Two-way encryption/decryption.
- One-way hashes.
About LITERAL
One type of one-way transformation is the LITERAL
replacement of data. This option replaces the specified data with the name of the tag associated with the data. For example, if a database field is tagged as PERSON_NAME
, when an encryption transform is applied as LITERAL
, the field's value is replaced with PERSON_NAME
.
Using LITERAL
means that the original data cannot be recovered.
Scopes
The ALL scope is recommended as the most comprehensive treatment of the extent of the data. However, you can choose from other available scopes.
Record the Names of Schemes in Use and Do Not Delete Them
Make sure to:
- Keep a record of which schemes you use to encrypt or transform which data. You need to use the same scheme to decrypt that data.
- Protect your active schemes. Consider exporting them to a secure location.
- Do not delete your active schemes.
Otherwise, you cannot decrypt the data.