Privacera Custom Encryptor Setup Guide
1. Download the Encryption Package
Step 1: Copy the package from Self-Managed to local
SSH into your Self-Managed environment and copy the encryption package locally:
| Bash |
|---|
| scp -i /path/to/ssh-key \
<user-name>@<ip>:~/privacera/privacera-manager/output/pegv2/encryptor/privacera-encryption-native.zip \
<TARGET_PATH_IN_LOCAL>
|
| Bash |
|---|
| unzip privacera-encryption-native.zip
|
Step 3: Navigate to the configuration directory
2. Project Setup
2.1 Place the encryption JAR
Copy the encryption JAR into your project (for example, into a libs folder):
| Bash |
|---|
| cp privacera-encryption-native.jar sample-code/libs/privacera-encryption-native.jar
|
2.2 Move the required files into config/
Place the following files in your project's config/ folder:
| File | Description | Source |
crypto.properties | PEG URL, username, SSL/keystore settings, timeouts, FPE options | Root directory of the package (crypto.properties) |
global-truststore.p12 | SSL truststore for PEG | From crypto-config package |
feu-pegv2-secrets-keystore.jks | Keystore containing JWT, shared secret, truststore password (JCEKS) | From Privacera/PEG setup |
Final directory structure:
| Text Only |
|---|
| config/
├── crypto.properties
├── global-truststore.p12
└── feu-pegv2-secrets-keystore.jks
|
3. Maven Dependencies
Use the following complete pom.xml with all required dependencies.
| XML |
|---|
| <?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.privacera.encryption.example</groupId>
<artifactId>privacera-encryptor-sample</artifactId>
<version>1.0.0</version>
<packaging>jar</packaging>
<dependencies>
<!-- Privacera Encryption Native Library -->
<dependency>
<groupId>com.privacera</groupId>
<artifactId>encryption-native</artifactId>
<version>10.0.0.1</version>
<scope>system</scope>
<systemPath>${project.basedir}/libs/privacera-encryption-native.jar</systemPath>
</dependency>
<!-- SLF4J -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>2.0.6</version>
</dependency>
<!-- Logback -->
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>1.3.14</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.3.14</version>
</dependency>
</dependencies>
</project>
|
4. crypto.properties configuration
Below is the pre-generated crypto.properties file. Place it at config/crypto.properties.
| Properties |
|---|
| privacera.peg.base.url=<https://peg-host>
privacera.peg.native.jwtToken=jceks:peg_v2_feu_jwt_token
privacera.peg.username=<peg-integration-user>
privacera.peg.server.ssl.enabled=true
privacera.peg.server.signed.ssl.enabled=false
# When SSL is enabled, path to global-truststore.p12 (relative to config folder)
privacera.peg.server.trustStore=global-truststore.p12
privacera.peg.server.trustStorePass=jceks:peg_v2_feu_trustore_password
privacera.peg.native.shared.secret.enabled=true
privacera.peg.native.shared.secret=jceks:peg_v2_feu_shared_secret
#######################################
# Secure Password Configuration #
#######################################
privacera.peg.native.keystore.paths=feu-pegv2-secrets-keystore.jks
privacera.peg.native.keystore.passwords=<auto-generated>
privacera.peg.native.connection.timeout=180000
# flag enable/disable enc/dec single char
privacera.peg.native.fpe.skip.single.char=false
privacera.peg.native.fpe.skip.single.char.replace.with=ORIGINAL
# for invalid column-value
privacera.peg.native.fpe.invalid.ignore=false
privacera.peg.native.fpe.invalid.ignore.replace.with=EMPTY
# for custom error
privacera.peg.native.custom.error.code.enabled=true
|
Required properties
PEG base URL
Set privacera.peg.base.url to your PEG host URL (for example, replace <https://peg-host> with your actual PEG base URL).
PEG username
| Properties |
|---|
| privacera.peg.username=<user-with-protect-unprotect-permission>
|
SSL configuration (typical setup)
- If
privacera.peg.server.ssl.enabled is false, you do not need to specify the global-truststore.p12 path - If SSL is enabled, set the global-truststore.p12 path:
| Properties |
|---|
| privacera.peg.server.ssl.enabled=true
privacera.peg.server.trustStore=global-truststore.p12
|
If the global-truststore.p12 file is outside config/, use an absolute path.
5. action.properties
action.properties is not shipped with the encryption package. Create it manually and place it in your config/ folder when you are ready to define protect/unprotect operations.
Location: config/action.properties
Format: action, fieldName, fieldValue, schemeName
| Column | Description |
action | protect or unprotect |
fieldName | Logical field name (for output only) |
fieldValue | Plain text (protect) or encrypted text (unprotect) |
schemeName | Encryption scheme (e.g. SYSTEM_PERSON_NAME) |
Example:
| Properties |
|---|
| protect,name,John,SYSTEM_PERSON_NAME
|
After adding action.properties, your config/ directory will look like:
| Text Only |
|---|
| config/
├── crypto.properties
├── action.properties
├── global-truststore.p12
└── feu-pegv2-secrets-keystore.jks
|
6. Sample Java implementation
Below is a complete sample class that loads config/crypto.properties and config/action.properties, then runs protect/unprotect and prints results.
| Java |
|---|
| package com.privacera.encryption.example;
import com.privacera.custom.encryptor.Encryptor;
import java.io.*;
import java.nio.file.*;
import java.util.*;
public class PrivaceraEncryptor {
private static final String CONFIG_PATH =
Paths.get(System.getProperty("user.dir"), "config").toString() + File.separator;
public static void main(String[] args) throws Exception {
String username = loadUsername();
System.out.println("Loaded username: " + (username != null ? username : "not found"));
Encryptor encryptor = new Encryptor();
List<String[]> rows = loadActions();
rows.sort(Comparator.comparing(r -> r[3]) // scheme
.thenComparing(r -> r[0])); // action
for (String[] r : rows) {
String action = r[0]; // protect | unprotect
String field = r[1]; // field name
String data = r[2]; // field value (plain or encrypted)
String scheme = r[3]; // scheme name
System.out.println("\n=== Processing field: " + field + " ===");
System.out.println("Original: " + data);
if ("protect".equalsIgnoreCase(action)) {
System.out.println("Encrypted: " +
encryptor.protect(data, scheme));
} else if ("unprotect".equalsIgnoreCase(action)) {
System.out.println("Decrypted: " +
encryptor.unprotect(data, scheme));
}
}
encryptor.cleanup();
}
private static String loadUsername() throws IOException {
Properties p = new Properties();
try (FileInputStream fis = new FileInputStream(
Paths.get(CONFIG_PATH, "crypto.properties").toFile())) {
p.load(fis);
String u = p.getProperty("privacera.peg.username");
return (u != null && !u.trim().isEmpty()) ? u.trim() : null;
}
}
private static List<String[]> loadActions() throws IOException {
List<String[]> rows = new ArrayList<>();
Path file = Paths.get(CONFIG_PATH, "action.properties");
try (BufferedReader br = Files.newBufferedReader(file)) {
String line;
while ((line = br.readLine()) != null) {
line = line.trim();
if (line.isEmpty() || line.startsWith("#")) continue;
String[] parts = line.split(",", 4);
if (parts.length == 4) {
rows.add(new String[]{
parts[0].trim(), parts[1].trim(),
parts[2].trim(), parts[3].trim()
});
}
}
}
return rows;
}
}
|
7. Running the application
Run from the project root.
Option 1: Using Maven
| Bash |
|---|
| mvn compile
mvn exec:java -Dexec.mainClass="com.privacera.encryption.example.PrivaceraEncryptor"
|
Option 2: Using Java classpath
| Bash |
|---|
| java -cp ".:privacera-encryption-native.jar:slf4j-api-2.0.6.jar:logback-classic-1.3.14.jar:logback-core-1.3.14.jar" \
com.privacera.encryption.example.PrivaceraEncryptor
|
Adjust the classpath to include your config directory if required by your setup. The application will read config/action.properties and print the encrypted or decrypted output to the stream with logs, as specified by each action.