This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Application Protector

Learn about the different Application Protectors.

1: Application Protector Java

1.1: Understanding the Architecture
1.2: System Requirements
1.3: Preparing the Environment
1.4: Installing the AP Java Protector
1.5: Configuring the Protector
1.6: Application Protector Java APIs

1.6.1: Using the AP Java APIs

1.7: Additional Topics

1.7.1: Memory Usage of the AP Java
1.7.2: DevOps Approach for Application Protector Java
1.7.3: Application Protector API Return Codes
1.7.4: Config.ini file for Application Protector
1.7.5: Multi-node Application Protector Architecture
1.7.6: Uninstalling the Application Protector

2: Application Protector Python

2.1: Understanding the Architecture
2.2: System Requirements
2.3: Preparing the Environment
2.4: Installing the AP Python Protector
2.5: Configuring the Protector
2.6: Application Protector Python APIs

2.6.1: Using the AP Python APIs

2.7: Additional Topics

2.7.1: Memory Usage of the AP Python
2.7.2: Setting Up AP Python on Linux in a Development Environment
2.7.3: DevOps Approach for Application Protector Python
2.7.4: Application Protector API Return Codes
2.7.5: Config.ini file for Application Protector
2.7.6: Multi-node Application Protector Architecture
2.7.7: Uninstalling the Application Protector

3: Application Protector .Net

3.1: Architecture and Workflow
3.2: System Requirements
3.3: Preparing the Environment
3.4: Installing the AP .Net Protector
3.5: Configuring the Protector
3.6: Using the AP .Net APIs

3.6.1: Application Protector .Net APIs

3.7: Additional Topics

3.7.1: Memory Usage of the AP .Net
3.7.2: Setting Up AP .Net Mock on Windows in a Development Environment
3.7.3: DevOps Approach for Application Protector
3.7.4: Application Protector API Return Codes
3.7.5: Config.ini file for Application Protector
3.7.6: Multi-node Application Protector Architecture
3.7.7: Uninstalling the Application Protector

The Protegrity Application Protector (AP) is a high-performance, versatile solution that provides a packaged interface to integrate comprehensive, granular security and auditing into enterprise applications. It eliminates the need for application developers to master the complexities of cryptography, while keeping the security team in control of sensitive data protection and access.

The Protegrity AP is available in multiple programming languages, each with its own installation and API usage guidelines:

AP Java
AP Python
AP .Net
AP C
AP Go

Note: The on-premises Immutable Application Protectors on the linux platform from previous versions are incompatible with ESA v10.0.x.
The protector must be upgraded to v10.0.x for immutable policy deployment.
For more information about immutable policy deployment using the REST API call, refer to DevOps Approach for Application Protector.

Features of Protegrity Application Protector

The Protegrity Application Protector (AP) is a robust, high-performance solution designed to integrate granular security and auditing into enterprise applications. It simplifies cryptographic complexity for developers while empowering security teams with centralized control.

Simple Programming Interface

AP offers a streamlined API accessible from multiple programming languages, allowing developers to implement data protection without needing deep cryptographic expertise.

Separation of Duties

To comply with security regulations, AP enforces a strict separation between application developers and security administrators. Developers do not author security policies; instead, AP encapsulates all security functions, granting full audit and control capabilities to administrators.

Centralized Security Policy Management

Security policies are centrally defined and managed via the Enterprise Security Administrator (ESA) Web UI. These policies are deployed to AP endpoints, enabling consistent enforcement, auditing, and reporting across applications.

Policy-Based Access Control

AP enforces role- and user-based access rights, including permissions for protecting, unprotecting, and reprotecting data. It validates both the calling application and user against the corporate policy, ensuring trusted access without requiring additional development effort.

Centralized Key Management

Encryption keys are centrally managed using Protegrity’s patented technology. This ensures secure key operations and disaster recovery readiness. Keys can be shared across environments, enabling secure data usage across locations, for example, encrypting POS data at a store and decrypting it at headquarters.

Encryption and Tokenization Support

AP supports a wide range of protection algorithms and token type, including:

Encryption: 3DES, AES-128 and AES-256, CUSP 3DES, CUSP AES-128 and CUSP AES-256, FPE-FF1
Hashing: HMAC-SHA1 and HMAC-SHA256
Tokenization: Various token elements
Monitoring: No Encryption

For more information about encryption and tokenization, refer to Encryption and Tokenization.

For more information about deprecated encryption algorithms and token types, refer to Deprecated Data Elements.

1 - Application Protector Java

Learn about the Application Protector (AP) Java.

Protegrity Application Protector (AP) Java Overview

AP Java provides a set of APIs that integrate with Java-based customer applications to perform data protection operations such as:

Protect
Unprotect
Reprotect
Get Product Version
Get Last Error

Key Features

Supported Java Distributions

Java by Oracle Corporation, versions 1.8 and later
Open JRE, versions 1.8 and later
IBM J9, versions 1.8 and later

Trusted Applications

The AP Java can be accessed only by the trusted applications. Any application that protects, unprotects, or reprotects data, must first be created as a trusted application in the ESA.

A trusted application name should be the name of the running application. For example, refer to the sample program in the section Running IAP - Example in the Protegrity Application Protector On-Premises Immutable Policy User Guide 9.1.0.0. Here, the trusted application name is “HelloWorld”. The trusted application user is the user who is running the program.

For AP Java, the logic is to determine the fully qualified name of the Main class. For console applications, the Main class is the one with the main method, while for web applications, the logic uses the JVM’s name represented by RuntimeMXBean (Java Platform SE 8).

For more information about how to make an application trusted, refer to Creating a Trusted Application.

Session Validity

A session is valid until the sessiontimeout is reached, which is passed as a parameter in the config.ini file. The default validity of a session is 15 minutes. An active session is renewed every time the session is used.

Audit Logs

Single Data Item Operations
- Each operation (protect/unprotect/reprotect) generates audit events.
- Example:
  - 1 protect on element a → 1 event
  - 1 5 protects on element b → 5 events
  - 1 1000 unprotects on element a → 1000 events
Bulk Data Item Operations
- Audit logs are generated per operation.
- Example:
  - 2 bulk protect operations with size 3 → 1 audit log with count 6
Initialization Logs
- Audit logs are created when an application initializes, indicating whether initialization was successful or not.
- Audits are available in ESA forensics after jcorelite.plm is loaded.

Protector Status Logs

While the protector is running, a status log is sent to Discover, which can be viewed using the pty_insight_analytics\*protector_status_* index on Discover.
For more information about viewing the status logs, refer to Protector Status Dashboard index.

The protector status dashboard displays the protector connectivity status through a pie chart and a table visualization. This dashboard uses status logs sent by the protector, so the protector which performed at least one security operation shows up on this dashboard.
For more information about the protector status dashboard, refer to Viewing the Protector Status Dashboard.

Error Handling

If the AP Java is used to perform a security operation on bulk data, then an exception appears for all errors except for the error codes 22, 23, and 44. Instead, an error list is returned for the individual items in the bulk data.

For more information about the log return codes, refer to Log return codes.

1.1 - Understanding the Architecture

The architecture and workflow of Application Protector.

This page describes the architecture, the individual components, and the workflow of the Protegrity Application Protector (AP) solution.

Architecture and Workflow

The following figure illustrates the deployment architecture of the Application Protector (AP).

Architecture and Workflow of Application Protector

The following table describes the components of the AP deployment architecture.

Component	Description
Customer Application	Built in supported programming languages and integrates with AP for data protection.
Application Protector	Core protection engine that enforces security policies and performs data protection operations.
Configuration File (config.ini)	Contains initialization parameters passed to AP during startup.
Native Interface	Native interface between AP and the C layer. Java: Java Native Interface (JNI) layer
Package Enforcement and Deployment	Downloads policy packages from the RP Agent and executes protection operations, such as, protect, unprotect, and reprotect.
Log Forwarder	Collects logs from AP and forwards them to the Audit Store for centralized auditing.
Resilient Package (RP) Agent	Standalone process that retrieves policy packages from ESA and shares them with AP processes using shared memory IPC.

The following steps describe the workflow of a sample AP deployment in the production environment.

The customer application initializes the SDK.
The configurations that are required configuration parameters are passed to the protector using the config.ini file.
Note: The configurations can be set through environment variables. ENV overrides values in the config.ini file, except for cadence and session timeout which must be set in the config file.
For more information about environment variables configuration, refer to Configuration Parameters for Protector.
The RP Agent regularly syncs with the RP Proxy or ESA to check for policy updates. If a change is detected, the updated policy package is securely downloaded over a TLS channel and stored in shared memory.
The protector synchronizes with shared memory based on the cadence value defined in config.ini file. If a new package is available, it is fetched into process memory. This updated package is then used to perform data protection operations such as, such as, protect, unprotect, and reprotect.
The audit logs generated during protection operations are forwarded to the Audit Store:
- Logs from the application are sent through the Log Forwarder
- Logs from the RP Agent are also forwarded using the Log Forwarder

Components of the Application Protector

The Protegrity Application Protector (AP) solution comprises several key components that work together to enforce data protection policies and ensure secure operations.

Application Protector

The core engine that integrates with customer applications to perform data protection operations:

Protect
Unprotect
Reprotect

AP is available in multiple language-specific variants. One of which is:

AP Java: For applications developed in Java

Resilient Package (RP) Agent

A standalone process responsible for policy synchronization:

To sync with the RP Proxy or ESA at regular intervals of 60 seconds
To detect policy changes and download updated packages over a secure TLS channel
To store the packages in shared memory for use by the protector

Log Forwarder

A log processing tool that handles audit and protection logs:

Collects logs generated by AP and RP Agent
Forwards logs to the Audit Store within ESA

Ports used to transport the protection and audit logs to the ESA:

15780: Configurable
15781: Non-configurable

Package Deployment

The different approaches for package deployment during the initialization process of the Application Protector are described in this section.

Dynamic Package Deployment

Use this approach when the protector needs to continuously check for policy updates after initialization.

Set the cadence parameter to a non-zero value in the config.ini file.
This value defines the interval in seconds at which the protector synchronizes with the RP Agent.
If a policy change is detected, the protector automatically fetches the updated package and applies it during protection operations.
Note: This method ensures that the protector always operates with the latest policy.

Immutable Package Deployment

Use this approach when the protector does not need to check for policy changes after initialization.

Add the [devops] parameter in the config.ini file before initializing the protector.
A REST API call is used to download an envelope-encrypted package from the ESA.
The protector uses this static package for all operations without further synchronization.
For more information about the DevOps approach, refer to DevOps Approach for Application Protector.

1.2 - System Requirements

Lists the recommended minimum system requirements

The following table lists the minimum hardware configurations.

Hardware Component	Configuration Details
CPU	Depends on the application.
Disk Space	Under 200 MB - including LogForwarder, RP Agent, and AP Java.
RAM	Memory usage depends on the AP flavor and application behavior. Refer to AP Java.

1.3 - Preparing the Environment

The prerequisites to install the AP Java Installation on Linux are described in the section.

Preparing the Environment for AP Java Installation on Linux

Before installing Protegrity Application Protector (AP) Java on a Linux platform, ensure the following prerequisites are met:

Prerequisites

The Enterprise Security Administrator (ESA) is installed, configured, and running.
The IP address or host name of the Load Balancer, Proxy, or ESA is noted.
The Policy Management (PIM) is initialized on the ESA. It creates cryptographic keys and the policy repository for data protection.
For more information about initializing the PIM, refer to Initializing the Policy Management.

1.4 - Installing the AP Java Protector

Steps to setup AP Java on Linux

Note: ARM64 support is available only from version 10.0.1 and requires the separate build ApplicationProtector_Linux-ALL-64_arm64_JRE-1.8-64_<version>.tgz.

Extracting the Setup Scripts and Package

To extract the setup scripts and package:

Download the ApplicationProtector_Linux-ALL-64_x86-64_JRE-1.8-64_<version>.tgz file to any location on the machine where you want to install the protector.
Extract the AP Java installation package using the following command.
```
tar –xvf ApplicationProtector_Linux-ALL-64_x86-64_JRE-1.8-64_<version>.tgz
```
The following setup files are extracted:
- ApplicationProtector_Linux-ALL-64_x86-64_JRE-1.8-64_<version>.tgz
- signatures/ApplicationProtector_Linux-ALL-64_x86-64_JRE-1.8-64_<version>.sig
Verify the digital signature of the signed AP Java build.
For more information about verifying the signed AP Java build, refer to Verification of Signed Protector Build.
Extract the AP Java installation package again using the following command.
```
tar –xvf ApplicationProtector_Linux-ALL-64_x86-64_JRE-1.8-64_<version>.tgz
```
The following setup files are extracted:
- LogforwarderSetup_Linux_x64_<version>.sh
- RPAgentSetup_Linux_x64_<version>.sh
- APJavaSetup_Linux_x64_<version>.sh

Installing Log Forwarder on Linux

The steps to install the Log Forwarder on a Linux platform using the Interactive mode or through the Silent mode are described in this section.

Note: To preserve all the configurations while upgrading the Log Forwarder, ensure that you backup all the files present under the /opt/protegrity/logforwarder/data/config.d directory.

For more information about installing Log Forwarder on Linux, refer to Installing Log Forwarder on Linux.

Using Interactive Mode

For more information about installing the Log Forwarder using Interactive Mode, refer to Installing Log Forwarder on Linux using Interactive Mode.

Using Silent Mode

For more information about installing Log Forwarder using the silent mode, refer to Installing Log Forwarder on Linux using Silent Mode.

Installing RP Agent on Linux

The steps to install the RP Agent on a Linux platform using the Interactive mode or through the Silent mode of installation are described in this section.

For more information about installing RP Agent, refer to Installing RP Agent on Linux or Unix.

Using Interactive Mode

For more information about installing RP Agent on Linux using Interactive Mode, refer to Installing RP Agent on Linux or Unix using Interactive Mode.

Using Silent Mode

For more information about installing RP Agent using Silent Mode, refer to Installing RP Agent on Linux or Unix using Silent Mode.

AP Java v10.0.1 only supports Linux ARM64.

The steps to install the RP Agent on a Linux platform using the Interactive mode or through the Silent mode of installation are described in this section.

RPA Secure Mode with ESA on Linux

Before proceeding with the RPA installation in secure mode, ensure that the required CA certificate is available and trusted on the system.

For ESA
Download the certificate from ESA.
For more information about downloading certificates from ESA, refer to Manage Certificates.

After obtaining the certificate, configure the environment variable:

Variable	Value
SSL_CERT_FILE	Full path to the certificate file (for example, /opt/ca.crt)

When prompted for the ESA hostname or IP during RPA installation, ensure it is included in the ESA TLS certificate (CN or SAN) and is resolvable from the RPAgent host.

After the CA certificate is available, proceed with the RPA installation.

For more information about installing RP Agent, refer to Installing RP Agent on Linux or Unix.

Using Interactive Mode

For more information about installing RP Agent on Linux using Interactive Mode, refer to Installing RP Agent on Linux or Unix using Interactive Mode.

Using Silent Mode

For more information about installing RP Agent using Silent Mode, refer to Installing RP Agent on Linux or Unix using Silent Mode.

Installing Application Protector Java on Linux

The steps to install the AP Java on a Linux platform using the Linux installer or through the Silent mode of installation, are described in this section.

Using Linux Installer

To install the AP Java on the Linux platform using the Linux installer:

Run the AP Java installer using the following command.

./APJavaSetup_Linux_x64_<version>.sh

The prompt to continue the installation appears.

*****************************************************
Welcome to the AP Java SDK Setup Wizard
*****************************************************

This will install AP Java SDK on your computer.

Do you want to continue? [yes or no]

If you want to continue with the installation of the AP Java SDK, then type yes else type no.
If you type yes, then the prompt to enter the installation directory appears.
```
Please enter installation directory
[/opt/protegrity]:
```
If you type no, then the installation of the AP Java aborts.

The AP Java is installed successfully.

The default installation directory for the AP Java on a Linux platform is /opt/protegrity/sdk/java.

The following folder structure is applicable only for v10.0.0.

Ensure that the following folder structure is maintained:

/lib and /data directories are located at the same directory level
ApplicationProtectorJava.jar and jcorelite.plm are located inside the /lib directory
config.ini file is located in the /data directory

AP Java folder structure

Using Silent Mode

You can also execute the AP Java installer without any manual intervention, which is also known as the Silent mode of installation. The following parameter must be provided to execute the installer in the Silent mode.

Parameter	Description
-dir	Optional install directory Default: `/opt/protegrity`

./APJavaSetup_Linux_x64_<version>.sh [-dir <directory>]

1.5 - Configuring the Protector

Configuring and Verifying AP Java Installation on different platforms

Configuring AP Java on Linux

To configure the AP Java on the Linux platform:

Setup the Java classpath.
Operating System Classpath
Linux /opt/protegrity/sdk/java/lib
Before the trusted application can successfully load the ApplicationProtectorJava.jar file, ensure that -
- The Java classpath is set accurately.
- The path to jcorelite.plm is configured properly.
Deploy a policy to test the application.
For more information about deploying a policy, refer to Deploying Policies.

Operating System	Classpath
Linux	`/opt/protegrity/sdk/java/lib`

For more information about configuring the various parameters for the AP Java using the config.ini file, refer to Config.ini file for Application Protector.

Verifying Installation of AP Java

The steps to verify the successful installation of the AP Java are described in this section.

Configure the application as a trusted application in the ESA.
For more information about trusted applications, refer to Working With Trusted Applications.
Initialize AP Java.
For more information about the AP Java initialization API, refer to getProtector.

Run the GetVersion method using the following command to check the version of the installed AP Java.

public java.lang.String getVersion()

The following is a sample code to check the version number of the installed AP Java.

/* Illustrates how to call getVersion() api to know the version of Application Protector
* Executing this for the first time creates a forensic entry that should be added to the authorized app
*
* Compiled as : javac -cp ApplicationProtectorJava.jar AP_Java_getVersion
* Run as : java -cp ApplicationProtectorJava.jar AP_Java_getVersion
*/
 import com.protegrity.ap.java.*;
 public class GetVersion {
     public static void main(String[] args) throws ProtectorException {

     Protector protector=null;
     try {
     protector=Protector.getProtector();
     System.out.println("Product version : "+protector.getVersion());
     } catch (ProtectorException e) {
     e.printStackTrace();
     throw e;
         }
     }
 }

1.6 - Application Protector Java APIs

The various APIs of the AP Java.

A session must be created to run the Application Protector (AP) Java. The session enables AP Java to access information about the Trusted Application from the policy stored in memory. If the application is trusted, then the protect, unprotect, or reprotect method is called, one or many times, depending on the data.

The AP Java can be initialized by an OS User who is registered and deployed as the Trusted Application User in the ESA. The OS User can also be a Policy User.

The following diagram represents the basic flow of a session.

AP Java APIs

Note: The AP Java only supports bytes converted from the string data type.
If any other data type is directly converted to bytes and passed as an input to the API that supports byte as an input and provides byte as an output, then data corruption might occur.

Supported data types for the AP Java

The AP Java supports the following data types:

Bytes
Double
Float
Integer
java.util.Date
Long
Short
String

The following are the various APIs provided by the AP Java.

getProtector

The getProtector method returns the Protector object associated with the AP Java APIs. After initialization, this object is used to create a session. The session is then passed as a parameter to protect, unprotect, or reprotect methods.

static Protector getProtector()

Parameters
None

Returns
Protector Object: An object associated with the Protegrity Application Protector API.

Exception
ProtectorException: If the configurations are invalid, then an exception is thrown indicating a failed initialization.

getVersion

The getVersion method returns the product version of the AP Java in use.

public java.lang.String getVersion()

Parameters
None

Returns
String: Product version

getVersionEx

The getVersionEx method returns the extended version of the AP Java in use. The extended version consists of the Product version number and the CORE version number.

Note: The Core version is a sub-module used for troubleshooting protector issues.

public java.lang.String getVersionEx()

Parameters
None

Returns
String: Product version and CORE version

getLastError

The getLastError method returns the last error and a description of why this error was returned. When the methods used for protecting, unprotecting, or reprotecting data return an exception or a Boolean false, the getLastError method is called that describes why the method failed.

public java.lang.String getLastError(SessionObject session)

Parameters
Session: Session ID that is obtained by calling the createSession method.

Returns
String: Error message

Exception
ProtectorException: If the SessionObject is null, then an exception is thrown
SessionTimeoutException: If the session is invalid or has timed out, then an exception is thrown

For more information about the return codes, refer to Application Protector API Return Codes.

createSession

The createSession method creates a new session. The sessions that have not been utilized for a while, are automatically removed according to the sessiontimeout parameter defined in the [protector] section of the config.ini file.

The methods in the Protector API that take the SessionObject as a parameter, might throw an exception SessionTimeoutException if the session is invalid or has timed out. The application developers can handle the SessionTimeoutException and create a new session with a new SessionObject.

public SessionObject createSession(java.lang.String policyUser)

Parameters
policyUser: User name defined in the policy, as a string value.

Returns
SessionObject: Object of the SessionObject class.

Exception
ProtectionException: If input is null or empty, then an exception is thrown.

protect - Short array data

It It protects the data provided as a short array that uses the preservation data type or No Encryption data element. It supports bulk protection. There is no maximum data limit. For more information about the data limit, refer to AES Encryption.

If the data type preservation methods are used for data protection, then the protected data can be stored in the same data type as used for the input data.

public boolean protect(SessionObject sessionObj, java.lang.String dataElementName, short[] input, short[] output, byte[] externalIv)

Result
True: The data is successfully protected.
False: The parameters passed are accurate, but the method failed when:

The protection methods failed to perform the required action
The data element is null or empty

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

Exception
Protector Exception: If the SessionObject is null or if policy is configured to throw an exception, then an exception is thrown.
SessionTimeoutException: If the session is invalid or has timed out, then an exception is thrown.

protect - Short array data for encryption

It protects the data provided as a short array that uses an encryption data element. It supports bulk protection. There is no maximum data limit.
For more information about the data limit, refer to AES Encryption.

When the encryption method is used to protect data, the output of data protection (protected data) should be stored in byte[].

public boolean protect(SessionObject sessionObj, java.lang.String dataElementName, short[] input, byte[][] output, byte[] externalIv)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with short format data.
output: Resultant output array with byte format data.
externalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Note: Encryption data elements do not support external IV.

Result
True: The data is successfully protected.
False: The parameters passed are accurate, but the method failed when:

The protection methods failed to perform the required action
The data element is null or empty

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

protect - Int array data

It It protects the data provided as an int array that uses the preservation data type or No Encryption data element. It supports bulk protection. However, you are recommended to pass not more than 1 MB of input data for each protection call.

If the data type preservation methods are used for data protection, then the protected data can be stored in the same data type as used for the input data.

public boolean protect(SessionObject sessionObj, java.lang.String dataElementName, int[] input, int[] output, byte[] externalIv)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with int data.
output: Resultant output array with int data.
externalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Result
True: The data is successfully protected.
False: The parameters passed are accurate, but the method failed when:

The protection methods failed to perform the required action
The data element is null or empty

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

protect - Int array data for encryption

It protects the data provided as an int array that uses an encryption data element. It supports bulk protection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each protection call.

Data protected by using encryption data elements with input as integers, long or short data types, and output as bytes, cannot move between platforms with different endianness.
For example, you cannot move the protected data from the AIX platform to Linux or Windows platform and vice versa while using encryption data elements in the following scenarios:

Input as integers and output as bytes
Input as short integers and output as bytes
Input as long integers and output as bytes

When the encryption method is used to protect data, the output of data protection (protected data) should be stored in byte[].

public boolean protect(SessionObject sessionObj, java.lang.String dataElementName, int[] input, byte[][] output, byte[] externalIv)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with int data.
output: Resultant output array with byte data.
externalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Note: Encryption data elements do not support external IV.

Result
True: The data is successfully protected.
False: The parameters passed are accurate, but the method failed when:

The protection methods failed to perform the required action
The data element is null or empty

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

protect - Long array data

It protects the data provided as a long array that uses the preservation data type or No Encryption data element. It supports bulk protection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each protection call.

If the data type preservation methods are used for data protection, then the protected data can be stored in the same data type as used for the input data.

public boolean protect(SessionObject sessionObj, java.lang.String dataElementName, long[] input, long[] output, byte[] externalIv)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with long format data.
output: Resultant output array with long format data.
externalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Result
True: The data is successfully protected.
False: The parameters passed are accurate, but the method failed when:

The protection methods failed to perform the required action
The data element is null or empty

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

protect - Long array data for encryption

It protects the data provided as a long array that uses an encryption data element. It supports bulk protection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each protection call.

When the encryption method is used to protect data, the output of data protection (protected data) should be stored in byte[].

protect(SessionObject sessionObj, java.lang.String dataElementName, long[] input, byte[][] output)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with long format data.
output: Resultant output array with byte format data.
externalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Note: Encryption data elements do not support external IV.

Result
True: The data is successfully protected.
False: The parameters passed are accurate, but the method failed when:

The protection methods failed to perform the required action
The data element is null or empty

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

protect - Float array data

It protects the data provided as a float array that uses the No Encryption data element. It supports bulk protection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each protection call.

If the data type preservation methods are used for data protection, then the protected data can be stored in the same data type as used for the input data.

public boolean protect(SessionObject sessionObj, java.lang.String dataElementName, float[] input, float[] output, byte[] externalIv)

Result
True: The data is successfully protected.
False: The parameters passed are accurate, but the method failed when:

The protection methods failed to perform the required action
The data element is null or empty

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

protect - Float array data for encryption

It protects the data provided as a float array that uses an encryption data element. It supports bulk protection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each protection call.

When the encryption method is used to protect data, the output of data protection (protected data) should be stored in byte[].

public boolean protect(SessionObject sessionObj, java.lang.String dataElementName, float[] input, byte[][] output)

Result
True: The data is successfully protected.
False: The parameters passed are accurate, but the method failed when:

The protection methods failed to perform the required action
The data element is null or empty

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

protect - Double array data

It protects the data provided as a double array that uses the No Encryption data element. It supports bulk protection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each protection call.

When the data type preservation methods are used to protect data, the output of data protection can be stored in the same data type that was used for the input data.

public boolean protect(SessionObject sessionObj, java.lang.String dataElementName, double[] input, double[] output)

Result
True: The data is successfully protected.
False: The parameters passed are accurate, but the method failed when:

The protection methods failed to perform the required action
The data element is null or empty

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

protect - Double array data for encryption

It protects the data provided as a double array that uses an encryption data element. It supports bulk protection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each protection call.

When the encryption method is used to protect data, the output of data protection (protected data) should be stored in byte[].

public boolean protect(SessionObject sessionObj, java.lang.String dataElementName, double[] input, byte[][] output)

Result
True: The data is successfully protected.
False: The parameters passed are accurate, but the method failed when:

The protection methods failed to perform the required action
The data element is null or empty

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

protect - Date array data

It protects the data provided as a java.util.Data array that uses a preservation data type. It supports bulk protection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each protection call.

If the data type preservation methods are used for data protection, then the protected data can be stored in the same data type as used for the input data.

If the protect and unprotect operations are performed in different time zones using the java.util.Date API, then the unprotected data does not match with the input data.
For example, if you perform the protect operation in EDT time zone using the java.util.Date API, then you must perform the unprotect operation only in EDT time zone. This ensures that the unprotect operation returns back the original data.

public boolean protect(SessionObject sessionObj, java.lang.String dataElementName, java.util.Date[] input, java.util.Date[] output)

Result
True: The data is successfully protected.
False: The parameters passed are accurate, but the method failed when:

The protection methods failed to perform the required action
The data element is null or empty

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

protect - String array data

It protects the data provided as a string array that uses a preservation data type or the No Encryption data element. It supports bulk protection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each protection call.

For String and Byte data types, the maximum length for tokenization is 4096 bytes, while for encryption there is no maximum length defined.

If the data type preservation methods are used for data protection, then the protected data can be stored in the same data type as used for the input data.

For Date and Datetime type of data elements, an invalid input data error is returned by the protect API if the input value falls between the non-existent date range. It ranges from 05-OCT-1582 to 14-OCT-1582 of the Gregorian Calendar.

For more information about the tokenization and de-tokenization of the cutover dates of the Proleptic Gregorian Calendar, refer to section Datetime Tokenization for Cutover Dates of the Proleptic Gregorian Calendar.

public boolean protect(SessionObject sessionObj, java.lang.String dataElementName, java.lang.String[] input, java.lang.String[] output, byte[] externalIv)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with string format data.
output: Resultant output array with string format data.
externalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Result
True: The data is successfully protected.
False: The parameters passed are accurate, but the method failed when:

The protection methods failed to perform the required action
The data element is null or empty

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

protect - String array data for encryption

It protects the data provided as s string array that uses an encryption data element. It supports bulk protection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each protection call.

For String and Byte data types, the maximum length for tokenization is 4096 bytes, while for encryption there is no maximum length defined.

The output of data protection is stored in byte[] when:

Encryption method is used to protect data
Format Preserving Encryption (FPE) method is used for Char and String APIs

The string as an input and byte as an output API is unsupported by Unicode Gen2 and FPE data elements for the AP Java.

public boolean protect(SessionObject sessionObj, java.lang.String dataElementName, java.lang.String[] input, byte[][] output, byte[] externalIv)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with string format data.
output: Resultant output array with byte format data.
externalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Note: Encryption data elements do not support external IV.

Result
True: The data is successfully protected.
False: The parameters passed are accurate, but the method failed when:

The protection methods failed to perform the required action
The data element is null or empty

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

protect - Char array data

It protects the data provided as a char array that uses a preservation data type or the No Encryption data element. It supports bulk protection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each protection call.

If the data type preservation methods are used for data protection, then the protected data can be stored in the same data type as used for the input data.

public boolean protect(SessionObject sessionObj, java.lang.String dataElementName, char[][] input, char[][] output, byte[] externalIv)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with char format data.
output: Resultant output array with char format data.
externalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Result
True: The data is successfully protected.
False: The parameters passed are accurate, but the method failed when:

The protection methods failed to perform the required action
The data element is null or empty

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

protect - Char array data for encryption

It protects the data provided as a char array that uses an encryption data element. It supports bulk protection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each protection call.

The output of data protection is stored in byte[] when:

Encryption method is used to protect data
Format Preserving Encryption (FPE) method is used for Char and String APIs

public boolean protect(SessionObject sessionObj, java.lang.String dataElementName, char[][] input, byte[][] output, byte[] externalIv)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with char format data.
output: Resultant output array with byte format data.
externalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Note: Encryption data elements do not support external IV.

Result
True: The data is successfully protected.
False: The parameters passed are accurate, but the method failed when:

The protection methods failed to perform the required action
The data element is null or empty

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

protect - Byte array data

It protects the data provided as a byte array that uses the encryption data element, No Encryption data element, and preservation data type. It supports bulk protection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each protection call.

For String and Byte data types, the maximum length for tokenization is 4096 bytes, while for encryption there is no maximum length defined.

The Protegrity AP Java protector only supports bytes converted from the string data type.
If any data type is converted to bytes and passed as input to the API supporting byte as input and providing byte as output, then data corruption might occur.

If the data type preservation methods are used for data protection, then the protected data can be stored in the same data type as used for the input data.

public boolean protect(SessionObject sessionObj, java.lang.String dataElementName, byte[][] input, byte[][] output, PTYCharset ...ptyCharsets)

PTYCharset ptyCharsets = PTYCharset.<encoding>;

The ptyCharsets parameter supports the following encodings:

UTF-8
UTF-16LE
UTF-16BE

The ptyCharsets parameter is mandatory for the data elements created with Unicode Gen2 tokenization method and the FPE encryption method for byte APIs. The encoding set for the ptyCharsets parameter must match the encoding of the input data passed.

The default value for the ptyCharsets parameter is UTF-8.

Result
True: The data is successfully protected.
False: The parameters passed are accurate, but the method failed when:

The protection methods failed to perform the required action
The data element is null or empty

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

protect - String array data with External Tweak

It protects the data provided as a string array using the FPE (FF1) that uses a preservation data type with FPE data elements. It supports bulk protection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each protection call.

When FPE method is used with FPE data elements for data protection, the protected data can be stored in the same data type that was used for input data.

public boolean protect(SessionObject sessionObj, java.lang.String dataElementName, java.lang.String[] input, java.lang.String[] output, byte[] externalIv, byte[] externalTweak)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with string format data.
output: Resultant output array with string format data.
externalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.
externalTweak: Optional parameter, which is a buffer containing data that will be used as Tweak, when externalTweak = null, the value is ignored.

Result
True: The data is successfully protected.
False: The parameters passed are accurate, but the method failed when:

The protection methods failed to perform the required action
The data element is null or empty

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

unprotect - Short array data

It unprotects the data provided as a short array that uses the preservation data type or the No Encryption data element. It supports the bulk unprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each unprotection call.

public boolean unprotect(SessionObject sessionObj, java.lang.String dataElementName, short[] input, short[] output, byte[] externalIv)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with short format data.
output: Resultant output array with short format data.
externalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Result
True: The data is successfully unprotected.
False: The parameters passed are accurate, but the method failed to perform the required action

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

unprotect - Short array data for encryption

It unprotects the data provided as a short array that uses an encryption data element. It supports the bulk unprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each unprotection call.

public boolean unprotect(SessionObject sessionObj, java.lang.String dataElementName, byte[][] input, short[] output, byte[] externalIv)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with byte format data.
output: Resultant output array with short format data.
externalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Note: Encryption data elements do not support external IV.

Result
True: The data is successfully unprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

unprotect - Int array data

It unprotects the data provided as an int array that uses a preservation data type or a No Encryption data element. It supports the bulk unprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each unprotection call.

public boolean unprotect(SessionObject sessionObj, java.lang.String dataElementName, int[] input, int[] output, byte[] externalIv)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with int format data.
output: Resultant output array with int format data.
externalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Result
True: The data is successfully unprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

unprotect - Int array data for encryption

It unprotects the data provided as an int array that uses an encryption data element. It supports the bulk unprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each unprotection call.

public boolean unprotect(SessionObject sessionObj, java.lang.String dataElementName, byte[][] input, int[] output, byte[] externalIv)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with byte format data.
output: Resultant output array with int format data.
externalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Note: Encryption data elements do not support external IV.

Result
True: The data is successfully unprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

unprotect - Long array data

It unprotects the data provided as a long array that uses the preservation data type or the No Encryption data element. It supports the bulk unprotection. However, you are recommended to pass not more than 1 MB of input data for each unprotection call.

public boolean unprotect(SessionObject sessionObj, java.lang.String dataElementName, long[] input, long[] output, byte[] externalIv)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with long format data.
output: Resultant output array with long format data.
externalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Result
True: The data is successfully unprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

unprotect - Long array data for encryption

It unprotects the data provided as a long array that uses an encryption data element. It supports the bulk unprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each unprotection call.

public boolean unprotect(SessionObject sessionObj, java.lang.String dataElementName, byte[][] input, long[] output, byte[] externalIv)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with byte format data.
output: Resultant output array with long format data.
externalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Note: Encryption data elements do not support external IV.

Result
True: The data is successfully unprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

unprotect - Float array data

It unprotects the data provided as a float array that uses a No Encryption data element. It supports the bulk unprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each unprotection call.

public boolean unprotect(SessionObject sessionObj, java.lang.String dataElementName, float[] input, float[] output)

Result
True: The data is successfully unprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

unprotect - Float array data for encryption

It unprotects the data provided as a float array that uses an encryption data element. It supports the bulk unprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each unprotection call.

public boolean unprotect(SessionObject sessionObj, java.lang.String dataElementName, byte[][] input, float[] output)

Result
True: The data is successfully unprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

unprotect - Double array data

It unprotects the data provided as a double array that uses the No Encryption data element. It supports the bulk unprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each unprotection call.

public boolean unprotect(SessionObject sessionObj, java.lang.String dataElementName, double[] input, double[] output)

Result
True: The data is successfully unprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

unprotect - Double array data for encryption

It unprotects the data provided as a double array that uses an encryption data element. It supports the bulk unprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each unprotection call.

public boolean unprotect(SessionObject sessionObj, java.lang.String dataElementName, byte[][] input, double[] output)

Result
True: The data is successfully unprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

unprotect - Date array data

It unprotects the data provided as a java.util.Date array using the preservation data type. It supports the bulk unprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each unprotection call.

public boolean unprotect(SessionObject sessionObj, java.lang.String dataElementName, java.util.Date[] input, java.util.Date[] output)

Result
True: The data is successfully unprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

unprotect - String array data

It unprotects the data provided as a string array that uses a preservation data type or a No Encryption data element. It supports the bulk unprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each unprotection call.

public boolean unprotect(SessionObject sessionObj, java.lang.String dataElementName, String[] input, String[] output, byte[] externalIv)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with string format data.
output: Resultant output array with string format data.
externalIv: This is optional. Buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Result
True: The data is successfully unprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

unprotect - String array data for encryption

It unprotects the data provided as a string array that uses an encryption data element. It supports the bulk unprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each unprotection call.

public boolean unprotect(SessionObject sessionObj, java.lang.String dataElementName, byte[][] input, String[] output, byte[] externalIv)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with byte format data.
output: Resultant output array with string format data.
externalIv: This is optional. Buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Note: Encryption data elements do not support external IV.

Result
True: The data is successfully unprotected
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

unprotect - Char array data

It unprotects the data provided as a char array that uses a preservation data type or a No Encryption data element. It supports the bulk unprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each unprotection call.

public boolean unprotect(SessionObject sessionObj, java.lang.String dataElementName, char[][] input, char[][] output, byte[] externalIv)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with char format data.
output: Resultant output array with char data.
externalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Result
True: The data is successfully unprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

unprotect - Char array data for encryption

It unprotects the data provided as a char array that uses an encryption data element. It supports the bulk unprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each unprotection call.

public boolean unprotect(SessionObject sessionObj, java.lang.String dataElementName, byte[][] input, char[][] output, byte[] externalIv)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with byte format data.
output: Resultant output array with char format data.
externalIv: This is optional. Buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Result
True: The data is successfully unprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

unprotect - Byte array data

It unprotects the data provided as a byte array that uses an encryption data element or a No Encryption data element, or a preservation data type. It supports the bulk unprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each unprotection call.

The Protegrity AP Java protector only supports bytes converted from the string data type.
If any data type is converted to bytes and passed as input to the API supporting byte as input and providing byte as output, then data corruption might occur.

public boolean unprotect(SessionObject sessionObj, java.lang.String dataElementName, byte[][] input, byte[][] output, byte[] externalIv, PTYCharset ...ptyCharsets)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with byte format data.
output: Resultant output array with byte format data.
externalIv: This is optional. Buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.
ptyCharsets: Encoding associated with the bytes of the input data.

PTYCharset ptyCharsets = PTYCharset.<encoding>;

The ptyCharsets parameter supports the following encodings:

UTF-8
UTF-16LE
UTF-16BE

The default value for the ptyCharsets parameter is UTF-8.

Result
True: The data is successfully unprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

unprotect - String array data with External Tweak

It unprotects the data provided as a string array using the FPE (FF1) that uses a preservation data type with FPE data elements. It supports the bulk unprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each unprotection call.

public boolean unprotect(SessionObject sessionObj, java.lang.String dataElementName, String[] input, String[] output, byte[] externalIv, byte[] externalTweak)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
dataElementName: String containing the data element name defined in policy.
input: Input array with byte format data.
output: Resultant output array with byte format data.
externalIv: This is optional. Buffer containing data that will be used as external IV, when externalIv = null, the value is ignored.

Result
True: The data is successfully unprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

reprotect - String array data

It reprotects the data provided as a string array that uses a preservation data type or a No Encryption data element. The protected data is first unprotected and then protected again with a new data element. It supports the bulk reprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each reprotection call.

For String and Byte data types, the maximum length for tokenization is 4096 bytes.

If you are using the reprotect API, then the old data element and the new data element must have the same data type. For example, if you have used Alpha-Numeric data element to protect the data, then you must use only Alpha-Numeric data element to reprotect the data.

public boolean reprotect(SessionObject sessionObj, String newDataElementName, String oldDataElementName, java.lang.String[] input, java.lang.String[] output, byte[] newExternalIv, byte[] oldExternalIv)

Result
True: The data is successfully reprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as a text explanation and reason for the failure, call getLastError(session).

Exception
ProtectorException: If the SessionObject is null or if policy is configured to throw an exception, then an exception is thrown.
SessionTimeoutException: If the session is invalid or has timed out, then an exception is thrown.

reprotect - Short array data

It reprotects the data provided as a short array that uses a preservation data type or a No Encryption data element. The protected data is first unprotected and then protected again with a new data element. It supports the bulk reprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each reprotection call.

If you are using the reprotect API, then the old data element and the new data element must have the same data type.
For example, if you have used Alpha-Numeric data element to protect the data, then you must use only Alpha-Numeric data element to reprotect the data.

public boolean reprotect(SessionObject sessionObj, String newDataElementName, String oldDataElementName, short[] input, short[] output, byte[] newExternalIv, byte[] oldExternalIv)

Result
True: The data is successfully reprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

reprotect - Int array data

It reprotects the data provided as an int array that uses a preservation data type or a No Encryption data element. The protected data is first unprotected and then protected again with a new data element. It supports the bulk reprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each reprotection call.

If you are using the reprotect API, then the old data element and the new data element must have the same data type.
For example, if you have used Alpha-Numeric data element to protect the data, then you must use only Alpha-Numeric data element to reprotect the data.

public boolean reprotect(SessionObject sessionObj, String newDataElementName, String oldDataElementName, int[] input, int[] output, byte[] newExternalIv, byte[] oldExternalIv)

Result
True: The data is successfully reprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

reprotect - Long array data

It reprotects the data provided as a long array that uses a preservation data type or a No Encryption data element. The protected data is first unprotected and then protected again with a new data element. It supports the bulk reprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each reprotection call.

If you are using the reprotect API, then the old data element and the new data element must have the same data type.
For example, if you have used Alpha-Numeric data element to protect the data, then you must use only Alpha-Numeric data element to reprotect the data.

public boolean reprotect(SessionObject sessionObj, String newDataElementName, String oldDataElementName, long[] input, long[] output, byte[] newExternalIv, byte[] oldExternalIv)

Result
True: The data is successfully reprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

reprotect - Float array data

It reprotects the data provided as a float array that uses a No Encryption data element. The protected data is first unprotected and then protected again with a new data element. It supports the bulk reprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each reprotection call.

If you are using the reprotect API, then the old data element and the new data element must have the same data type.
For example, if you have used Alpha-Numeric data element to protect the data, then you must use only Alpha-Numeric data element to reprotect the data.

public boolean reprotect(SessionObject sessionObj, String newDataElementName, String oldDataElementName, float[] input, float[] output)

Result
True: The data is successfully reprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

reprotect - Double array data

It reprotects the data provided as a double array that uses a No Encryption data element. The protected data is first unprotected and then protected again with a new data element. It supports the bulk reprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each reprotection call.

If you are using the reprotect API, then the old data element and the new data element must have the same data type.
For example, if you have used Alpha-Numeric data element to protect the data, then you must use only Alpha-Numeric data element to reprotect the data.

public boolean reprotect(SessionObject sessionObj, String newDataElementName, String oldDataElementName, double[] input, double[] output)

Result
True: The data is successfully reprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

reprotect - Date array data

It reprotects the data provided as a date array that uses a preservation data type. The protected data is first unprotected and then protected again with a new data element. It supports the bulk reprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each reprotection call.

If you are using the reprotect API, then the old data element and the new data element must have the same data type.
For example, if you have used Alpha-Numeric data element to protect the data, then you must use only Alpha-Numeric data element to reprotect the data.

public boolean reprotect(SessionObject sessionObj, String newDataElementName, String oldDataElementName, java.util.Date[] input, java.util.Date[] output)

Result
True: The data is successfully reprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

reprotect - Byte array data

It reprotects the data provided as a byte array that uses an encryption data element or a No Encryption data element, or a preservation data type. The protected data is first unprotected and then protected again with a new data element. However, you are recommended to pass not more than 1 MB of input data for each reprotection call.

When the data type preservation methods, such as, Tokenization and No Encryption are used to reprotect data, the output of data protection (protected data) can be stored in the same data type that was used for input data.

If you are using the reprotect API, then the old data element and the new data element must have the same data type.
For example, if you have used Alpha-Numeric data element to protect the data, then you must use only Alpha-Numeric data element to reprotect the data.

public boolean reprotect(SessionObject sessionObj, String newDataElementName, String oldDataElementName, byte[][] input, byte[][] output, byte[] newExternalIv, byte[] oldExternalIv, PTYCharset ...ptyCharsets)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
newdataElementName: String containing the data element name defined in policy to create the output data.
olddataElementName: String containing the data element name defined in policy for the input data.
input: Input array with byte format data.
output: Resultant output array with byte format data.
newexternalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when newExternalIv = null, the value is ignored.
oldexternalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when oldExternalIv = null, the value is ignored.
ptyCharsets: Encoding associated with the bytes of the input data.

PTYCharset ptyCharsets = PTYCharset.<encoding>;

The ptyCharsets parameter supports the following encodings:

UTF-8
UTF-16LE
UTF-16BE

The default value for the ptyCharsets parameter is UTF-8.

Result
True: The data is successfully reprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

reprotect - String array data with External Tweak

It reprotects the data provided as a string array using the FPE (FF1) that uses a preservation data type with FPE data elements. The protected data is first unprotected and then protected again with a new FPE data element. It supports the bulk reprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each reprotection call.

If you are using the reprotect API, then the old data element and the new data element must have the same data type.
For example, if you have used Alpha-Numeric data element to protect the data, then you must use only Alpha-Numeric data element to reprotect the data.

public boolean reprotect(SessionObject sessionObj, String newDataElementName, String oldDataElementName, String[] input, String[] output, byte[] newExternalIv, byte[] oldExternalIv, byte[] newExternalTweak, byte[] oldExternalTweak)

Parameters
sessionObj: SessionObject that is obtained by calling the createSession method.
newdataElementName: String containing the data element name defined in policy to create the output data.
olddataElementName: String containing the data element name defined in policy for the input data.
input: Input array with String format data.
output: Resultant output array with String format data.
newexternalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when newExternalIv = null, the value is ignored.
oldexternalIv: Optional parameter, which is a buffer containing data that will be used as external IV, when oldExternalIv = null, the value is ignored.
newExternalTweak: Optional parameter, which is a buffer containing data that will be used as Tweak, when newExternalTweak = null, the value is ignored.
oldExternalTweak: Optional parameter, which is a buffer containing data that will be used as Tweak, when oldExternalTweak = null, the value is ignored.

Result
True: The data is successfully reprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as, a text explanation and reason for the failure, call getLastError(session).

reprotect - Char array data

It reprotects the data provided as a char array that uses a preservation data type or a No Encryption data element. The protected data is first unprotected and then protected again with a new data element. It supports the bulk reprotection. There is no maximum data limit. However, you are recommended to pass not more than 1 MB of input data for each reprotection call.

public boolean reprotect(SessionObject sessionObj, String newDataElementName, String oldDataElementName, char[][] input, char[][] output, byte[] newExternalIv, byte[] oldExternalIv)

Result
True: The data is successfully reprotected.
False: The parameters passed are accurate, but the method failed to perform the required action.

For more information, such as a text explanation and reason for the failure, call getLastError(session).

1.6.1 - Using the AP Java APIs

Sample application for the AP Java.

The process to use the AP Java protect, unprotect, and reprotect methods are described on this page.

It is assumed that the ESA is already available.

The tasks can be divided in the following order.

Create the data elements and data store in the Policy Management on the ESA Web UI.
Create the member sources and roles.
Configure the policy.
Configure the trusted application.
Add a trusted application to the data store.
Install the AP Java.
Run the sample application.

Creating a data element and data store

Determine how the data needs to be protected either by using encryption or tokenization before running the application. Protection and unprotection methods are available for both.

Create a data element and data store in the ESA by performing the following.

To create a data element, from the ESA Web UI, navigate to Policy Management → Data Elements & Masks → Data Elements.
For more information about creating data elements, refer to Working With Data Elements.
To create a data store, navigate to Policy Management → Data Stores.
For more information about creating data stores, refer to Creating a Data Store.

Creating a member source and role

Create a member source and role in the ESA by performing the following.

To create a member source, from the ESA Web UI, navigate to Policy Management → Roles & Member Sources → Member Sources.
For more information about creating a member source, refer to Working With Member Sources.
To create a role, from the ESA Web UI, navigate to Policy Management → Roles & Member Sources → Roles.
For more information about creating a role, refer to Working with Roles.

Configuring a policy

Configure a policy in the ESA by performing the following.

From the ESA Web UI, navigate to Policy Management → Policies & Trusted Applications → Policies.
Click Add New Policy.
The New Policy screen appears.
After the policy is configured for the application user, add the permissions, data elements, roles, and data stores to the policy and then save it.
Deploy the policy using the Policy Management Web UI.

For more information about creating a data security policy, refer to Creating Policies.

Configuring a trusted application

Only the applications and users configured as trusted applications under the ESA security policy can access the AP APIs.
If a policy is deployed but the application or the user is not trusted, then the AP aborts with the following message while performing the protect or unprotect operations.
API consumer is not part of the trusted applications, please contact the Security Officer

Configure a trusted application in the ESA by performing the following.

From the ESA Web UI, navigate to Policy Management → Policies & Trusted Applications → Trusted Application.
Create a trusted application.
Deploy the trusted application using the Policy Management Web UI.

For more information about trusted applications, refer to Working With Trusted Applications.

Adding a trusted application to data store

Add a trusted application to data store by performing the following.

From the ESA Web UI, navigate to Policy Management → Data Stores.
The list of all the data stores appear.
Select the required data store.
The screen to edit the data store appears.
Under the Trusted Applications tab, click Add.
The screen to add the trusted application appears.
Select the required trusted application and click Add.
Select the required policy and deploy it using the Policy Management Web UI.

For more information about adding a trusted application to data store, refer to Linking Data Store to a Trusted Application.

Installing the AP Java

Install the AP Java by performing the following.

To install the AP Java, refer to Application Protector Java Installation.
Verify if the AP Java is successfully installed by performing the following.
a. Configure the application as a trusted application in the ESA.
For more information about trusted applications, refer to Working With Trusted Applications.
b. Initialize the AP Java.
For more information about the AP Java initialization API, refer to getProtector.
c. Run the GetVersion method using the following command to check the version of the installed AP Java.
```
public java.lang.String getVersion()
```
For more information about sample code to check the version number of the installed AP Java, refer to sample AP Java application for performing the protect, unprotect, and reprotect operations.

Running the AP Java APIs

After setting up the policy and trusted application, you can begin testing the AP Java APIs for protection, unprotection, and reprotection.

For more information about the AP Java APIs, refer to Application Protector Java APIs.

For more information about the AP Java return codes, refer to Application Protector API Return Codes.

To run this sample application, ensure that the Application Name in the Trusted Application is set as HelloWorld.

The following represents a sample AP Java application for performing the protect, unprotect, and reprotect operations.

/* Save the file as: HelloWorld.java
*
* This is sample program demonstrating the usage of Java SDK API
*
* Configure Trusted Application policy in ESA with
* - Application name: HelloWorld
* - Application user: <SYSTEM USER>
*
* Compiled as : javac -cp .:<PATH_TO_INSTALL_DIR>/sdk/java/lib/ApplicationProtectorJava.jar HelloWorld.java
* Run as :
* java -cp .:<PATH_TO_INSTALL_DIR>/sdk/java/lib/ApplicationProtectorJava.jar HelloWorld policyUser dataElement inputData
* 
* Example: java -cp .:/opt/protegrity/sdk/java/lib/ApplicationProtectorJava.jar HelloWorld user1 TE_AN_SLT13_L0R0_N "This is data"
*
* Use either Token Elements or NoEncryption as dataElement while running this code.
*/

import com.protegrity.ap.java.Protector;
import com.protegrity.ap.java.ProtectorException;
import com.protegrity.ap.java.SessionObject;

public class HelloWorld {

  public static void performProtectionOperation(
      String policyUser, String dataElement, String inputData) throws ProtectorException {

    String[] input = {inputData};
    String[] protectedOutput = new String[input.length];
    String[] unprotectedOutput = new String[input.length];

    // Initialize Java SDK Protector
    Protector protector = Protector.getProtector();

    // Create a new protection operation session for policyUser
    SessionObject session = protector.createSession(policyUser);

    // Get Java SDK and Core Version
    System.out.println(protector.getVersionEx());

    // Perform Protect Operation
    boolean res = protector.protect(session, dataElement, input, protectedOutput);
    if (!res) {
      System.out.println(protector.getLastError(session));
    } else {
      System.out.println("Protected Data:");
      for (String out : protectedOutput) {
        System.out.print(out + " ");
      }
      System.out.println();
    }

    // Perform Unprotect Operation
    res = protector.unprotect(session, dataElement, protectedOutput, unprotectedOutput);
    if (!res) {
      System.out.println(protector.getLastError(session));
    } else {
      System.out.println("Unprotected Data:");
      for (String out : unprotectedOutput) {
        System.out.print(out + " ");
      }
      System.out.println();
    }
  }

  public static void main(String[] args) throws ProtectorException {

    if (args.length == 3) {
      System.out.println(
          "Testing input data "
              + args[2]
              + " "
              + "with dataElement "
              + args[1]
              + " "
              + "and policyUser "
              + args[0]);

      performProtectionOperation(args[0], args[1], args[2]);

    } else {
      System.out.println(
          " Usage : java -cp .:<PATH_TO_INSTALL_DIR>/sdk/java/lib/ApplicationProtectorJava.jar HelloWorld PolicyUser DataElement Data");
      System.out.println(
          " Example : java -cp .:<PATH_TO_INSTALL_DIR>/sdk/java/lib/ApplicationProtectorJava.jar HelloWorld user1 TE_AN_SLT13_L0R0_N Protegrity");
      System.exit(0);
    }
  }
}

1.7 - Additional Topics

Learn about the AP Java documentation with advanced operational insights and platform-specific guidance.

This section expands the core Application Protector (AP) Java documentation.

Uninstalling AP Java on Linux involves removing binaries, configuration files, and dependencies.
Understanding AP Java’s memory footprint is critical for performance tuning and resource allocation.

1.7.1 - Memory Usage of the AP Java

The memory usage in the AP Java for different policy sizes with a sample.

The memory used for the different policy sizes using a sample HelloWorld java application is described in this section. This is a sample memory usage. You can use this as a reference for memory usage in the AP Java for different policy sizes.

Sample application

The following is a sample HelloWorld.java application.

/* HelloWorld.java
*
* This is sample program demonstrating the usage of Java SDK API
*
* Configure Trusted Application policy in ESA with
* - Application name: lib.HelloWorld
* - Application user: <SYSTEM USER>
*
* Compiled as : javac -cp .:<PATH_TO_INSTALL_DIR>/sdk/java/lib/ApplicationProtectorJava.jar HelloWorld.java
* Run as :
* java -cp .:<PATH_TO_INSTALL_DIR>/sdk/java/lib/ApplicationProtectorJava.jar HelloWorld policyUser dataElement inputData
*
* Use either Token Elements or NoEncryption as dataElement while running this code.
*/

package lib;

import com.protegrity.ap.java.Protector;
import com.protegrity.ap.java.ProtectorException;
import com.protegrity.ap.java.SessionObject;

public class HelloWorld {

  public static void performProtectionOperation(
      String policyUser, String dataElement, String inputData) throws ProtectorException {

    String[] input = {inputData};
    String[] protectedOutput = new String[input.length];
    String[] unprotectedOutput = new String[input.length];

    // Initialize Java SDK Protector
    Protector protector = Protector.getProtector();

    // Create a new protection operation session for policyUser
    SessionObject session = protector.createSession(policyUser);
    // Get Java SDK Version
    System.out.println("Java SDK Version:" + protector.getVersion());

    // Perform Protect Operation
    boolean res = protector.protect(session, dataElement, input, protectedOutput);
    if (!res) {
      System.out.println(protector.getLastError(session));
    } else {
      System.out.println("Protected Data:");
      for (String out : protectedOutput) {
        System.out.print(out + " ");
      }
      System.out.println();
    }

    // Perform Unprotect Operation
    res = protector.unprotect(session, dataElement, protectedOutput, unprotectedOutput);
    if (!res) {
      System.out.println(protector.getLastError(session));
    } else {
      System.out.println("Unprotected Data:");
      for (String out : unprotectedOutput) {
        System.out.print(out + " ");
      }
      System.out.println();
    }
  }

  public static void main(String[] args) throws ProtectorException {

    if (args.length == 3) {
      System.out.println(
          "Testing input data "
              + args[2]
              + " "
              + "with dataElement "
              + args[1]
              + " "
              + "and policyUser "
              + args[0]);

      performProtectionOperation(args[0], args[1], args[2]);

    } else {
      System.out.println(
          " Usage : java -cp .:<PATH_TO_INSTALL_DIR>/sdk/java/lib/ApplicationProtectorJava.jar HelloWorld PolicyUser DataElement Data");
      System.out.println(
          " Example : java -cp .:<PATH_TO_INSTALL_DIR>/sdk/java/lib/ApplicationProtectorJava.jarr HelloWorld user1 TE_AN_SLT13_L0R0_N"
              + " Protegrity");
      System.exit(0);
    }
  }
}

Expected memory usage

The process to find the policy size and expected memory usage for different policy sizes used by the java application is described in this section.

To find the policy size:

On Insights dashboard, under the Discover section, navigate to the troubleshooting index.
Search using the process.module.keyword: coreprovider filter.
Navigate to the logs with description as Policy successfully loaded. The additional_info.memoryUsed field depicts the policy size.

Memory Usage

The following is the expected memory usage for different policy sizes used by the HelloWorld java application.

Policy size	Process memory consumption
13 MB	36.4 MB
34 MB	59.4 MB
536 MB	932.7 MB

The process memory increases substantially for a few milliseconds when the application is running in the following cases:
The policy is replaced with another policy
Changes are made in the current policy

Conclusion

The results for memory required by various policy sizes using the sample HelloWorld.java application can be used to determine the memory requirements of the Java application.

1.7.2 - DevOps Approach for Application Protector Java

The DevOps approach for package deployment.

The DevOps approach enables immutable package deployment. It uses a REST API call to download packages from the ESA in an encrypted format.

Note: The RP Agent should not be installed for immutable package deployments using DevOps.

For more information about package deployment approaches, refer to Resilient Package Deployment.

A REST API call is used to download the package on your local machine. Configure the package path in the config.ini file within the DevOps section and the decryptor class.

If a downloaded path is overwritten, a new package will be reflected in the running application at the set time interval. This occurs when another package with the same name overwrites the existing one. This changes the protector’s behaviour. The protector no longer functions as an immutable protector.

DevOps approach architecture

A REST API call is used to download the policy from the ESA in an envelop encrypted format. A public key is created using a Key Management System (KMS) or Hardware Security Module (HSM). This public key must be passed to the REST API.
The ESA generates a JSON file for the package with policy.
The encrypted DEK needs to be decrypted to perform the security operations. A Decryptor class is implemented using the Decryptor interface, to decrypt the Data Encryption Key (DEK) using a private key.

Before you begin

Ensure the following prerequisites are met:

The installation of the RP Agent is not required for immutable package deployment using the DevOps approach.
The decryptor parameter must have a fully qualified name of the decryptor class.
A Decryptor class needs to be implemented using the Decryptor interface, which decrypts the Data Encryption Key (DEK) using a private key. It returns the decrypted DEK in bytes.
For more information on the decryptor interface of AP Java, refer to Configuring the Decryptor interface.
For more information on the decryptor interface of AP Python, refer to Configuring the Decryptor interface.
The data store is properly configured before exporting your Application Protector policy. Define allowed servers for seamless policy deployment and secure access control.
For more information about configuring a data store, refer to -
- Creating a Data Store
- Adding Allowed Servers for the Data Store

AP Java

Using the DevOps approach

Perform the following steps to use the DevOps approach for immutable package deployment.

Add the [devops] parameter in the config.ini file.
Ensure the decryptor class has a fully qualified domain name.

[devops]
package.path = /path/to/policyFile
decryptor = packageName.DecryptorClassName

The following is an example for adding the [devops] parameter in the config.ini file.

[devops]
package.path = /opt/policies/policy1.json
decryptor = com.protegrity.apjava.test.RSADecryptor

Note: For ESA 10.2.0 and later, Application Protector DevOps must use the Encrypted Resilient Package REST APIs using GET method. The legacy Export API using POST method is deprecated and not supported for Teams (PPC). The deprecated API remains supported only for the Enterprise edition for backward compatibility.
For more information about exporting Resilient Package using POST method for 10.0.1 and 10.1.0 ESA, refer to Using the Encrypted Resilient Package REST APIs.

For more information about exporting Resilient Package using GET method for 10.2 ESA, refer to Using the Encrypted Resilient Package REST APIs.

For more information about exporting Resilient Package using GET method for PPC, refer to Using the Encrypted Resilient Package REST APIs.

Sample code for DevOps approach

The sample code for DevOps approach for various Application Protectors using different cloud platforms is provided in this section.

DevOps approach for AP Java

The sample code for DevOps approach for the AP Java using different cloud platforms is provided in this section.

Configuring the Decryptor interface

A Decryptor class must implement the DEKDecryptor interface to decrypt the DEK. This interface includes the decrypt method. The decrypt method provides keyLabel, algorithmId, and encDek parameters. The decrypted DEK must be returned in byte[] format.

The following is a sample code for implementing the DEKDecryptor interface.

package com.protegrity.jcorelite.decryptor;

import com.protegrity.jcorelite.constants.KEK_ALGO;
import com.protegrity.jcorelite.exceptions.PtyDecryptorException;

public interface DEKDecryptor {

    public byte[] decrypt(String keyLabel, KEK_ALGO algorithmId, byte[] encDek) throws PtyDecryptorException;
}

Using AWS

The following is a sample implementation using the private key from AWS KMS.

/* Sample Application for decrypting encrypted DEK using AWS KMS keys.
 *
 * [Protegrity Prerequisite]
 * Create an asymmetric KMS key in the AWS KMS.
 * Use the public key of the generated asymmetric key to download ESA policy using the curl request.
 *
 * [AWS Prerequisite]
 * Install AWS CLI.
 * Ensure that the AWS credentials and configurations are properly set before running the code that interacts with the AWS services.
 * There are multiple ways to configure the AWS credentials and configurations.
 * 1. AWS CLI configuration:
 *    Command: $aws configure
 *    A prompt appears to enter the following information:
 *     - AWS Access Key ID: The access key associated with the AWS account or IAM user.
 *     - AWS Secret Access Key: The secret key associated with the access key.
 *     - Default region name: The AWS region to use by default.
 *     - Default output format: The format for CLI command output.
 *    The AWS credentials and configuration settings are set up in the ~/.aws/credentials and ~/.aws/config files.
 *  
 * 2. Environment variables:
 *    The AWS credentials using environment variables can be set using the following commands.
 *       export AWS_ACCESS_KEY_ID = "your_access_key_id"
 *       export AWS_SECRET_ACCESS_KEY = "your_secret_access_key"
 *       export AWS_REGION= "your_aws_default_region"
 *
 * [Java Prerequisite]
 * Add AWS KMS Java SDK as part of your dependency:
 *      implementation 'com.amazonaws:aws-java-sdk-kms:1.12.423'
 */
 
import com.amazonaws.services.kms.AWSKMS;
import com.amazonaws.services.kms.AWSKMSClientBuilder;
import com.amazonaws.services.kms.model.DecryptRequest;
import com.amazonaws.services.kms.model.DecryptResult;
import com.protegrity.jcorelite.constants.KEK_ALGO;
import com.protegrity.jcorelite.decryptor.DEKDecryptor;
import com.protegrity.jcorelite.exceptions.PtyDecryptorException;
import java.nio.ByteBuffer;
import java.util.Base64;
 
public class AWSKMSDecryptor implements DEKDecryptor {
    private static final String KEY_ID  = "3068b3ef-4924-4be5-9e9a-440b418553b3";
    public byte[] decrypt(String keyLabel, KEK_ALGO algorithm, byte[] encDek) throws PtyDecryptorException {
        getEncoder().encodeToString(encDek));
        /* create an AWS KMS client */
        AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
        /* wrap byte array into buffer */
        ByteBuffer ciphertextBuffer = ByteBuffer.wrap(encDek);
        /* decrypt request */
        DecryptRequest decryptRequest =  new DecryptRequest().withCiphertextBlob(ciphertextBuffer).withEncryptionAlgorithm("RSAES_OAEP_SHA_256").withKeyId(KEY_ID);
        /* decrypt the ciphertext */
        DecryptResult decryptResult = kmsClient.decrypt(decryptRequest);
        /* get the decrypted data */
        ByteBuffer decryptedBuffer = decryptResult.getPlaintext();
        /* buffer to byte array */
        byte[] decryptedDek = decryptedBuffer.array();
       
        return decryptedDek;
       
    }    
}

Using Azure

The following is a sample implementation using the private key from Azure Key Vault.

/*
* Sample Application for decrypting encrypted DEK using Azure Key Vault
*
* [Azure Prerequisite]
* Install azure cli
* Login to azure :
  az login --use-device-code
*
* [Protegrity Prerequisite]
* For creating a key in Azure Key Vault using Azure CLI, refer :
  https://learn.microsoft.com/en-us/azure/key-vault/keys/quick-create-cli 
* Download the public key from the key vault : 
  az keyvault key download --vault-name test -n testkey -e PEM -f publickey.pem
* Replace all the new lines with \n in publickey.pem
* Public key is now ready to be used for downloading your ESA policy
* Azure supports RSA1_5, RSA_OAEP and RSA_OAEP_256 algorithms, 
  whose correspoding names in REST API call are RSA1_5, RSA-OAEP-SHA1 and RSA-OAEP-256 respectively
  Refer : https://learn.microsoft.com/en-us/java/api/com.azure.security.keyvault.keys.cryptography.models.encryptionalgorithm?view=azure-java-stable
* Make sure that decrypt permission is present for the key vault : 
  az keyvault set-policy -n "test" --key-permissions decrypt --object-id 7e821e4c-e0ad-4a6f-aa26-f445c7c7e3ea
* To get the private key URI from azure key vault, refer :
  https://learn.microsoft.com/en-us/azure/key-vault/keys/quick-create-cli
*
* [Java Prerequisite]
* Add Azure key vault and azure identity as part of your dependency
  artifactIds : azure-security-keyvault-keys, azure-identity
*
* The below code demonstrates decryption of encrypted DEK using private key URI received from Azure key vault
*/

import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.security.keyvault.keys.cryptography.CryptographyClient;
import com.azure.security.keyvault.keys.cryptography.CryptographyClientBuilder;
import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.EncryptResult;
import com.azure.security.keyvault.keys.cryptography.models.DecryptResult;

import com.protegrity.jcorelite.constants.KEK_ALGO;
import com.protegrity.jcorelite.decryptor.DEKDecryptor;
import com.protegrity.jcorelite.exceptions.PtyDecryptorException;

public class AzureDecryptor2 {
    private static final String KEY_ID  = "https://test.vault.azure.net/keys/testkey/aaf3861366a24b1bb4f6871eb11afafe";
    
    public byte[] decrypt(String keyLabel, KEK_ALGO algorithm, byte[] encDek) throws PtyDecryptorException {
        /*
         * Instantiate a CryptographyClient that will be used to call the service.
         * Notice that the client is using
         * default Azure credentials. For more information on this and other types of
         * credentials, see this document:
         * https://docs.microsoft.com/java/api/overview/azure/identity-readme?view=azure
         * -java-stable.
         * 
         * To get started, you'll need a key identifier for a key stored in a key vault.
         * See the README
         * (https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/keyvault/azure-
         * security-keyvault-keys/README.md)
         * for links and instructions.
         */
        CryptographyClient cryptoClient = new CryptographyClientBuilder()
                .credential(new DefaultAzureCredentialBuilder().build())
                .keyIdentifier(KEY_ID)
                .buildClient();
        
        DecryptResult decryptResult = cryptoClient.decrypt(EncryptionAlgorithm.RSA_OAEP, encDek);

        return decryptResult.getPlainText();
    }  
}

Using GCP

The following is a sample implementation using the private key from Google Cloud KMS.

/*
* Sample Application decrypting encrypted DEK using Google Cloud Key Management
*
* [Protegrity Prerequisite]
* Create an asymmetric key using Google Cloud Key Management with key purpose of ASYMMETRIC_DECRYPT.
* This example uses a key with algorithm 2048 bit RSA key OAEP Padding - SHA256 Digest
* Now use the public key of the generated asymmetric key to download your ESA policy
*
* Example curl command to download policy
* curl --location 'https://{ESA_IP}/pty/v1/rps/export?version=1&coreversion=1' \
       --header 'accept: application/json' \
       --header 'Content-Type: application/json' \
       --header 'Authorization: Basic' \
       --data '{
         "kek":{
         "publicKey":{
         "label": "LABEL_NAME",
         "algorithm": "ALGORITHM_NAME",
         "value": "-----BEGIN PUBLIC KEY-----
                   [asymmetric public key using Google Cloud Key Management]
                   -----END PUBLIC KEY-----"}
       }
       }'
*
* The below code demonstrates decrypting encrypted DEK using key generated using Google Cloud Key Management
*
* [Google Prerequisite]
* Google Cloud Account with Google Cloud Key Management enabled
* Install gcloud cli
  gcloud auth application-default command creates application_default_credentials.json
*
* [Java Prerequisite]
* Add Google Cloud KMS as part of your dependency
  implementation 'com.google.cloud:google-cloud-kms:<version_number>'
*
* Check Google Cloud API Documentation for more information
*/

package com.protegrity.test;

import com.google.cloud.kms.v1.AsymmetricDecryptResponse;
import com.google.cloud.kms.v1.CryptoKeyVersionName;
import com.google.cloud.kms.v1.KeyManagementServiceClient;
import com.google.protobuf.ByteString;
import com.protegrity.jcorelite.constants.KEK_ALGO;
import com.protegrity.jcorelite.exceptions.PtyDecryptorException;
import java.io.IOException;

public class GCPKMSDecryptor {

  public byte[] decryptAsymmetricKey(byte[] encDek) throws IOException {
    // Replace these variables before running the sample.
    String projectId = "your-project-id";
    String locationId = "us-east1";
    String keyRingId = "my-key-ring";
    String keyId = "my-key";
    String keyVersionId = "123";
    return decryptAsymmetricKey(projectId, locationId, keyRingId, keyId, keyVersionId, encDek);
  }

  // Decrypt data that was encrypted using the public key component of the given
  // key version.
  public byte[] decryptAsymmetricKey(
      String projectId,
      String locationId,
      String keyRingId,
      String keyId,
      String keyVersionId,
      byte[] ciphertext)
      throws IOException {
    // Initialize client that will be used to send requests. This client only
    // needs to be created once, and can be reused for multiple requests. After
    // completing all of your requests, call the "close" method on the client to
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
      // Build the key version name from the project, location, key ring, key,
      // and key version.
      CryptoKeyVersionName keyVersionName =
          CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
      // Decrypt the ciphertext.
      AsymmetricDecryptResponse response =
          client.asymmetricDecrypt(keyVersionName, ByteString.copyFrom(ciphertext));
      return response.getPlaintext().toByteArray();
    }
  }

  public byte[] decrypt(String keyLabel, KEK_ALGO algorithm, byte[] encDek)
      throws PtyDecryptorException, IOException {
    return decryptAsymmetricKey(encDek);
  }
}

1.7.3 - Application Protector API Return Codes

Learn about the Application Protector API Return Codes.

When an application is developed using the APIs of the Protegrity Application Protector Suite, you may encounter the Application Protector API Return Codes. For more information about log return codes, refer to Log return codes.

Sample Log for AP Return Codes

The following is a sample log generated in Discover on the Audit Store Dashboards in the ESA.

Sample log for AP return codes

Protection audit logs are stored in the Audit Store. Select the pty_insight_*audit* index to view the protection logs.

For more information about viewing the logs, refer to Working with Discover.

1.7.4 - Config.ini file for Application Protector

Sample config.ini file for Application Protector.

The Application Protector can be configured using the config.ini file. By default, this file is located in the <installation directory>/sdk/<protector>/data/ directory.

The various configurations required for setting up the Application Protector are described in this section.

Sample config.ini file

The following represents a sample config.ini file.

# -----------------------------
# Protector configuration
# ----------------------------- 
[protector]

# Cadence determines how often the protector connects with shared memory to fetch the policy updates in background.
# Default is 60 seconds. So by default, every 60 seconds protector tries to fetch the policy updates.
#
# Default 60.
cadence = 60

# The time during which an session object is valid. Default = 15 minutes.
session.sessiontimeout = 15

###############################################################################
# Log Provider Config
###############################################################################
[log]

# In case that connection to fluent-bit is lost, set how audits/logs are handled
# 
# drop  : (default) Protector throws logs away if connection to the fluentbit is lost
# error : Protector returns error without protecting/unprotecting 
#         data if connection to the fluentbit is lost
mode = drop

# Host/IP to fluent-bit where audits/logs will be forwarded from the protector
#
# Default localhost
host = localhost

Different configurations for Application Protector

The following are the various configurations:

Protector configurations

cadence: The interval at which the protector synchronizes with the shared memory for fetching the package with policy. The default value for cadence is 60 seconds. The maximum and minimum value that can be set for cadence are 86400 seconds (24 hours) and 1 respectively.
For more information about the policy deployment with different cadence configurations, refer to Policy Deployment.
For more information about the Resilient Package sync configuration parameters, refer to Resilient Package Sync Configuration Parameters.
For more information about changing protector status interval, refer to Resilient Package Status Configuration Parameter.
session.sessiontimeout: The time during which a session object is valid. The default value for session.sessiontimeout is 15 minutes.
Note: The session.sessiontimeout parameter is a feature of AP Java and not valid for AP Python and AP .Net.

Log Provider configurations

mode: This describes how the protector logs are handled if you lose connection to the Log Forwarder host, can be set to one of the following values:
- drop: The logs are dropped when the connection to the Log Forwarder is lost. The default mode is drop.
- error: The data security operations are stopped and an error is generated when the connection to the Log Forwarder is lost.
host: The Log Forwarder hostname or IP address where the logs will be forwarded from the protector. The default host for Log Forwarder is localhost.

For more information about the configuration parameters for forwarding the audits and logs, refer to Configuration Parameters for Forwarding Audits and Logs.

1.7.5 - Multi-node Application Protector Architecture

Architecture for multi-node Application Protector.

The multi-node Application Protector (AP) architecture, its individual components, and how logs are collected using the Log Forwarder are described in this section.

The following figure describes the multi-node AP architecture.

Multi-node AP architecture

For example, some AP nodes are connected to an ESA, which includes the Audit Store component. Each AP node contains a Log Forwarder, RP Agent, and AP instance for sending logs to the ESA.

Protector: The AP can be configured using the config.ini file.
For more information about the configurations, refer to Config.ini file for Application Protector.

RP Agent: The RP Agent downloads the package with policy from the ESA, which is used by the protector to perform the protect, unprotect, or reprotect operations. It checks for the updates in the policy at set intervals and downloads the latest policy package when an update is detected.

Log Forwarder: The Log Forwarder component collects the logs from the AP and forwards them to the Audit Store. The Log Forwarder uses the 15780 port which is configurable to transport protection and audit logs to the ESA. The ESA receives the logs and stores it in the Audit Store.

1.7.6 - Uninstalling the Application Protector

Uninstalling the AP Java Installation on different platforms

Uninstalling Application Protector (AP) Java from Linux

This section outlines the steps to uninstall the various components of AP Java from a Linux platform.

Uninstalling the Log Forwarder from Linux

Note: To preserve all the configurations while upgrading the Log Forwarder, ensure all the files present under the /opt/protegrity/logforwarder/data/config.d directory are backed up.

To uninstall the Log Forwarder from a Linux platform:

Navigate to the /opt/protegrity/logforwarder/bin directory.
Stop the Log Forwarder using the following command.
```
./logforwarderctrl stop
```
Delete the /opt/protegrity/logforwarder directory.
The Log Forwarder is uninstalled.

Uninstalling the RP Agent from Linux

Note: Before uninstalling the RP Agent, ensure that all the files present under the /opt/protegrity/rpagent/data directory are backed up.

To uninstall the RP Agent from a Linux platform:

Navigate to the /opt/protegrity/rpagent/bin directory.
Stop the RP Agent using the following command.
```
./rpagentctrl stop
```
Delete the /opt/protegrity/rpagent directory.
The RP Agent is uninstalled.

Uninstalling the AP Java from Linux

To uninstall the AP Java from a Linux platform:

Navigate to the /opt/protegrity/sdk directory.
Delete the /java directory.
The AP Java is uninstalled.

2 - Application Protector Python

Learn about the Application Protector (AP) Python.

Protegrity Application Protector (AP) Python Overview

The Protegrity Application Protector (AP) Python provides APIs that integrate with customer applications to protect, unprotect, and reprotect sensitive data.

The AP Python has the following protection and security access methods:

Get product version
Check access rights for users
Protect
Unprotect
Reprotect

Features of AP Python

The following are the various features of AP Python.

Supported Python distributions

AP Python supports the following distributions on Linux:

Python 3.7
Python 3.8
Python 3.9
Python 3.10
Python 3.11

Trusted applications

The AP Python can be accessed only by the trusted applications. Any application that protects, unprotects, or reprotects data must first be created as a trusted application.

For AP Python applications, the logis is to determine the fully qualified module name for invoking the APIs.

For more information about how to make an application trusted, refer to Creating a Trusted Application.

Session validity

A session is valid until the sessiontimeout that is passed as a parameter to the create_session API. The default validity of a session is 15 minutes. An active session is renewed every time the session is used.

Session Handling

Sessions are required for audit record generation. A session is valid for a specific time, and it is managed by the timeout value passed during the create_session() method. By default, the session timeout value is set to 15 minutes. For every call to the create_session() method, a new session object is created - a pool of session objects is not maintained. Python’s garbage collector is used for destroying the Session objects once they are out of scope. You can also use the session object as Python’s Context manager using the with statement.

A session is automatically renewed every time it is used. Thus, for each call to a data protection operation, such as, protect, unprotect, and reprotect, the time for the session to remain alive is renewed.

Audit logs

Each session generates audit records for every protection method call and data element.
Single Data Item Operations
- Examples:
  - 1 protect operation with data element a and count 1 → 1 audit log
  - 5 protect operations with data element b and count 5 → 5 audit logs
  - 1000 unprotect operations with data element a and count 1000 → 1000 audit logs
Bulk Data Item Operations
- 2 bulk protect operations with bulk size 3 and same data elements → 1 audit log with count 6
Trusted Application logs are also included in audit records.
Audits are generated in ESA forensics for Security Officer access.
For more information about Trusted Applications, refer to Working With Trusted Applications.

Error handling

If AP Python is used to perform a security operation on a single data item, then an exception appears in case of any error. Similarly, if AP Python is used to perform a security operation on bulk data, then an exception appears for all errors except the error codes 22, 23, and 44. Instead, an error list is returned for the individual items in the bulk data for error codes 22, 23, and 44.

For more information about the log return codes, refer to Log return codes.

Support for running AP Python in a Development Environment

The AP Python provides support for running it in a development environment. In this mode, the AP Python APIs along with a set of sample users and data elements are used to simulate the behavior of the APIs in production environment. This mode is also known as AP Python mock implementation. Customers can use this mode to test the integration of their applications with the AP Python.

For more information on how to run AP Python in a development environment, refer to Using AP Python in a development environment.

2.1 - Understanding the Architecture

The architecture and workflow of Application Protector.

This page describes the architecture, the individual components, and the workflow of the Protegrity Application Protector (AP) solution.

Architecture and Workflow

The following figure illustrates the deployment architecture of the Application Protector (AP).

Architecture and Workflow of Application Protector

The following table describes the components of the AP deployment architecture.

Component	Description
Customer Application	Built in supported programming languages and integrates with AP for data protection.
Application Protector	Core protection engine that enforces security policies and performs data protection operations.
Configuration File (config.ini)	Contains initialization parameters passed to AP during startup.
Native Interface	Native interface between AP and the C layer. Python: Python.h layer
Package Enforcement and Deployment	Downloads policy packages from the RP Agent and executes protection operations, such as, protect, unprotect, and reprotect.
Log Forwarder	Collects logs from AP and forwards them to the Audit Store for centralized auditing.
Resilient Package (RP) Agent	Standalone process that retrieves policy packages from ESA and shares them with AP processes using shared memory IPC.

The following steps describe the workflow of a sample AP deployment in the production environment.

The customer application initializes the SDK.
The configurations that are required configuration parameters are passed to the protector using the config.ini file.
Note: The configurations can be set through environment variables. ENV overrides values in the config.ini file, except for cadence and session timeout which must be set in the config file.
For more information about environment variables configuration, refer to Configuration Parameters for Protector.
The RP Agent regularly syncs with the RP Proxy or ESA to check for policy updates. If a change is detected, the updated policy package is securely downloaded over a TLS channel and stored in shared memory.
The protector synchronizes with shared memory based on the cadence value defined in config.ini file. If a new package is available, it is fetched into process memory. This updated package is then used to perform data protection operations such as, such as, protect, unprotect, and reprotect.
The audit logs generated during protection operations are forwarded to the Audit Store:
- Logs from the application are sent through the Log Forwarder
- Logs from the RP Agent are also forwarded using the Log Forwarder

Components of the Application Protector

The Protegrity Application Protector (AP) solution comprises several key components that work together to enforce data protection policies and ensure secure operations.

Application Protector

The core engine that integrates with customer applications to perform data protection operations:

Protect
Unprotect
Reprotect

AP is available in multiple language-specific variants. One of which is:

AP Python: For applications developed in Python

Resilient Package (RP) Agent

A standalone process responsible for policy synchronization:

To sync with the RP Proxy or ESA at regular intervals of 60 seconds
To detect policy changes and download updated packages over a secure TLS channel
To store the packages in shared memory for use by the protector

Log Forwarder

A log processing tool that handles audit and protection logs:

Collects logs generated by AP and RP Agent
Forwards logs to the Audit Store within ESA

Ports used to transport the protection and audit logs to the ESA:

15780: Configurable
15781: Non-configurable

Package Deployment

The different approaches for package deployment during the initialization process of the Application Protector are described in this section.

Dynamic Package Deployment

Use this approach when the protector needs to continuously check for policy updates after initialization.

Set the cadence parameter to a non-zero value in the config.ini file.
This value defines the interval in seconds at which the protector synchronizes with the RP Agent.
If a policy change is detected, the protector automatically fetches the updated package and applies it during protection operations.
Note: This method ensures that the protector always operates with the latest policy.

Immutable Package Deployment

Use this approach when the protector does not need to check for policy changes after initialization.

Add the [devops] parameter in the config.ini file before initializing the protector.
A REST API call is used to download an envelope-encrypted package from the ESA.
The protector uses this static package for all operations without further synchronization.
For more information about the DevOps approach, refer to DevOps Approach for Application Protector.

2.2 - System Requirements

Lists the recommended minimum system requirements

The following table lists the minimum hardware configurations.

Hardware Component	Configuration Details
CPU	Depends on the application.
Disk Space	Under 200 MB - including LogForwarder, RP Agent, and AP Python.
RAM	Memory usage depends on the AP flavor and application behavior. Refer to AP Python.

2.3 - Preparing the Environment

The prerequisites to install the AP Python Installation on Linux are described in the section.

Preparing the Environment for AP Python Installation on Linux

Before installing Protegrity Application Protector (AP) Python on a Linux platform, ensure the following prerequisites are met:

Prerequisites

The Enterprise Security Administrator (ESA) is installed, configured, and running.
The IP address or host name of the ESA is noted.
The Policy Management (PIM) is initialized on the ESA. It creates cryptographic keys and the policy repository for data protection.
For more information about initializing the PIM, refer to Initializing the Policy Management.
The Python 3, versions 3.7 to 3.11, is installed on the same machine.
The latest version of pip, the Python package manager, is installed on the same machine.

2.4 - Installing the AP Python Protector

Steps to setup AP Python on Linux

Note: ARM64 support is available only from version 10.0.1 and requires the separate build ApplicationProtector_Linux-ALL-64_arm64_PY-3.13_<version>.tgz.

Extracting the Setup Scripts and Package

To set up the AP Python on the Linux platform:

Download the ApplicationProtector_Linux-ALL-64_x86-64_PY-3.11_\<version>.tgz file to any location on the machine where you want to install the protector.
Extract the AP Python installation package using the following command.
```
tar –xvf ApplicationProtector_Linux-ALL-64_x86-64_PY-3.11_<version>.tgz
```
The following setup files are extracted:
- ApplicationProtector_Linux-ALL-64_x86-64_PY-3.11_\<version>.tgz
- signatures/ApplicationProtector_Linux-ALL-64_x86-64_PY-3.11_\<version>.sig
Verify the digital signature of the signed AP Python build.
For more information about verifying the signed AP Python build, refer to Verification of Signed Protector Build.
Extract the AP Python installation package again using the following command.
```
tar –xvf ApplicationProtector_Linux-ALL-64_x86-64_PY-3.11_<version>.tgz
```
The following setup files are extracted:
- LogforwarderSetup_Linux_x64_\<version>.sh
- RPAgentSetup_Linux_x64_\<version>.sh
- APPythonSetup_Linux_x64_\<version>.sh
- APPythonDevSetup_Linux_x64_\<version>.tar

Installing Log Forwarder on Linux

The steps to install the Log Forwarder on a Linux platform using the Interactive mode or through the Silent mode, are described in this section.

Note: To preserve all the configurations while upgrading the Log Forwarder, ensure that you backup all the files present under the /opt/protegrity/logforwarder/data/config.d directory.

For more information about installing Log Forwarder on Linux, refer to Installing Log Forwarder on Linux.

Using Interactive Mode

For more information about installing the Log Forwarder using Interactive Mode, refer to Installing Log Forwarder on Linux using Interactive Mode.

Using Silent Mode

For more information about installing Log Forwarder using the silent mode, refer to Installing Log Forwarder on Linux using Silent Mode.

Installing RP Agent on Linux

The steps to install the RP Agent on a Linux platform using the Interactive mode or through the Silent mode of installation are described in this section.

For more information about installing RP Agent, refer to Installing RP Agent on Linux or Unix.

Using Interactive Mode

For more information about installing RP Agent on Linux using Interactive Mode, refer to Installing RP Agent on Linux or Unix using Interactive Mode.

Using Silent Mode

For more information about installing RP Agent using Silent Mode, refer to Installing RP Agent on Linux or Unix using Silent Mode.

AP Python v10.0.1 only supports Linux ARM64.

The steps to install the RP Agent on a Linux platform using the Interactive mode or through the Silent mode of installation are described in this section.

RPA Secure Mode with ESA on Linux

Before proceeding with the RPA installation in secure mode, ensure that the required CA certificate is available and trusted on the system.

For ESA
Download the certificate from ESA.
For more information about downloading certificates from ESA, refer to Manage Certificates.

After obtaining the certificate, configure the environment variable:

Variable	Value
SSL_CERT_FILE	Full path to the certificate file (for example, /opt/ca.crt)

When prompted for the ESA hostname or IP during RPA installation, ensure it is included in the ESA TLS certificate (CN or SAN) and is resolvable from the RPAgent host.

After the CA certificate is available, proceed with the RPA installation.

For more information about installing RP Agent, refer to Installing RP Agent on Linux or Unix.

Using Interactive Mode

For more information about installing RP Agent on Linux using Interactive Mode, refer to Installing RP Agent on Linux or Unix using Interactive Mode.

Using Silent Mode

For more information about installing RP Agent using Silent Mode, refer to Installing RP Agent on Linux or Unix using Silent Mode.

Installing Application Protector Python on Linux

The steps to install the AP Python on a Linux platform using the Linux installer or through the Silent mode of installation, are describes in this section.

Using Linux Installer

To install the AP Python on the Linux platform in a production environment using the Linux installer:

Run the AP Python installer using the following command.

./APPythonSetup_Linux_x64_<version>.sh

The prompt to continue the installation appears.

*****************************************************
Welcome to the AP Python SDK Setup Wizard
*****************************************************

This will install AP Python SDK on your computer.

Do you want to continue? [yes or no]

If you want to continue with the installation of the AP Python SDK, then type yes else type no.
If you type yes, then the prompt to enter the installation directory appears.
```
Please enter installation directory
[/opt/protegrity]:
```
If you type no, then the installation of the AP Python aborts.

The AP Python is extracted in /opt/protegrity/sdk/python directory on a Linux platform.

Navigate to the /opt/protegrity/sdk/python/lib/ directory.
Run the following command to run the pip installer package.
```
pip install appython-<version>.tar.gz
```
Verify that the following directories are created in the AP Python site-packages installation directory:
- appython
- mocks
- pypepprovider
Perform the following steps to access the AP Python Pydoc, which contains the API documentation.
- Run the following command to extract the AP Python setup file:
```
tar –xvf /opt/protegrity/sdk/python/lib/<appython file.tar.gz>
```
  The appython-temp directory is extracted.
- Navigate to the appython-temp\docs\ directory.
- Open the index.html file in a browser to access the AP Python Pydoc.
If you are setting up the AP Python in a virtual Linux environment, then convert the appython-temp\docs directory to a zip file and download it locally. You can then open the index.html file in a browser to access the AP Python Pydoc.

Using Silent Mode

You can also execute the AP Python installer without any manual intervention, which is also known as the Silent mode of installation. The following parameter must be provided to execute the installer in the Silent mode.

Parameter	Description
-dir	Specifies the installation directory, which is an optional parameter. If the installation directory is not specified, then the installation path is the default directory, which is `/opt/protegrity`.

./APPythonSetup_Linux_x64_<version>.sh [-dir <directory>]

2.5 - Configuring the Protector

Configuring and Verifying AP Python Installation on different platforms

Verifying Installation of AP Python

To verify that the AP Python has been successfully installed:

Login to the machine where the AP Python is installed.
To verify the version of the AP Python, run the following command:
```
pip list
```
The name and version of the installed AP Python package are displayed on the console.
```
appython 10.0.0+x
```
Alternatively, run the get_version API.
To verify that the AP Python is ready to protect data, test some sample data with the protect method.
For more information about the get_version, refer to get_version.
For more information about the protect API, refer to protect.

2.6 - Application Protector Python APIs

The various APIs of the AP Python.

A session must be created to run the AP Python. Before creating the session, the AP Python verifies whether the application invoking the AP Python APIs is trusted. If it is trusted, then a new session is created, and the protect, unprotect, or reprotect methods can be called, one or many times, depending on the data. After the operation is complete, this session closes implicitly or the session times out if it is idle.

A session is valid for a specific time, which is managed by the timeout value passed during the create_session() method. By default, the session timeout value is set to 15 minutes. For every call to the create_session() method, a new session object is created - a pool of session objects is not maintained. Python’s garbage collector is used for destroying the session objects once they are out of scope. You can also use the session object as Python’s Context manager using the with statement. A session is automatically renewed every time it is used. Thus, for each call to a data protection operation, such as, protect, unprotect, and reprotect, the time for the session to remain alive is renewed.

For single data item calls, a total of three audit log events are generated if you perform the following operations:

1 protect operation with data element a → 1 audit log
5 protect operations with data element b → 5 audit logs
1000 unprotect operations with data element a → 1000 audit logs

For more information about audit logs information, refer to Audit logs.

The following figure explains a basic flow of a session.

AP Python APIs

The AP Python only supports bytes converted from the string data type. Data corruption might occur when a data type is directly converted to bytes and passed as an input to an API. This API supports byte as input and provides byte as output.

You do not have to explicitly close the session. The session is closed implicitly after the API protects, unprotects, or reprotects the data. The session object is implemented as a Python Context Manager and can be used with the with statement.

Supported data types for the AP Python

The AP Python supports the following data types:

Bytes
Date Object
Float
Integer
String

Note: The AP Python does not support the Datetime object.

Supported Modes for AP Python

You can use the AP Python APIs in the following modes:

Production Environment: Use the AP Python APIs to protect, unprotect, and reprotect the data using the data elements deployed on the ESA.
Development Environment: Use sample users and data elements with the AP Python Mock APIs to simulate the protect, unprotect, and reprotect operations. You do not require the Log Forwarder, the RP Agent, and the ESA to be installed on your machine.

Using AP Python in a Production Environment

The various APIs supported by the AP Python in a production environment are described in this section. It describes the syntax of the AP Python APIs and provides the sample use cases.

Initialize the protector

The Protector API returns the Protector object associated with the AP Python APIs. After instantiation, this object is used to create a session. The session object provides APIs to perform the protect, unprotect, or reprotect operations.

Protector(self)

Note: Do not pass the self parameter while invoking the API.

Parameters

None

Returns

Protector: Object associated with the AP Python APIs.

Exceptions

InitializationError: This exception is thrown if the protector fails to initialize.

Example

In the following example, the AP Python is initialized.

from appython import Protector
protector = Protector()

create_session

The create_session API creates a new session. The sessions that are created using this API, automatically time out after the session timeout value has been reached. The default session timeout value is 15 minutes. However, you can also pass the session timeout value as a parameter to this API.

Note: If the session is invalid or has timed out, then the AP Python APIs that are invoked using this session object, may throw an InvalidSessionError exception. Application developers can catch the InvalidSessionError exception and create a session by again by invoking the create_session API.

def create_session(self, policy_user, timeout=15)

Note: Do not pass the self parameter while invoking the API.

Parameters

policy_user: Username defined in the policy, as a string value.
timeout: Session timeout, specified in minutes. By default, the value of this parameter is set to 15. This parameter is optional.

Returns

session: Object of the Session class. A session object is required for calling the data protection operations, such as, protect, unprotect, and reprotect.

Exceptions

ProtectorError: This exception is thrown if a null or empty value is passed as the policy_user parameter.

Example

In the following example, User1 is passed as the policy_user parameter.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")

get_version

The get_version API returns the version of the AP Python in use. Ensure that the version number of the AP Python matches with the AP Python build package.

Note: You do not need to create a session for invoking the get_version API.

def get_version(self)

Note: Do not pass the self parameter while invoking the API.

Parameters

None

Returns

String: Product version of the installed AP Python.

Exceptions

None

Example

In the following example, the current version of the installed AP Python is retrieved.

from appython import Protector
protector = Protector()
print(protector.get_version())

Result

10.0.0+x

get_version_ex

The get_version_ex API returns the extended version of the AP Python in use. The extended version consists of the AP Python version number and the Core version.

Note:
You do not need to create a session for invoking the get_version_ex API.
The Core version is a sub-module which is required for troubleshooting protector issues.

def get_version_ex(self)

Note: Do not pass the self parameter while invoking the API.

Parameters

None

Returns

String: The product version of the installed AP Python and the Core version.

Exceptions

None

Example

In the following example, the current version of the AP Python and the Core version is retrieved.

from appython import Protector
protector = Protector()
print(protector.get_version_ex())

Result

SDK Version: 10.0.0+x, Core Version: 2.1.1+20.g78ac6ac.2.1

check_access

The check_access API returns the access permission status of the user for a specified data element.

For checking protect and unprotect access:

def check_access(self, DE, access_type)

For checking reprotect access:

def check_access(self, DE, access_type, newDE)

Note: Do not pass the self parameter while invoking the API.

Parameters

DE: String containing the data element name defined in the policy.
access_type: Type of the access permission of the user for the specified data element. You can specify a value for this parameter from the CheckAccessType enumeration.
The following are the different values for the CheckAccessType enumeration:

Access Type	Check Access Type
PROTECT	2
REPROTECT	4
UNPROTECT	8
newDE: String containing the new data element name defined in the policy.

Returns

True: The user has access to the data element.
False: The user does not have access to the data element.

Exceptions

ProtectorError: This exception is thrown if the API is unable to retrieve the default data element.
InvalidSessionError: This exception is thrown if the session is invalid or has timed out.

Example

In the following example, the check_access API is used to check whether the user has reprotect permissions for the TE_A_N_S23_L2R2_Y token data element with TE_A_N_S23_L3R3_Y as the new token data element.

from appython import Protector
from appython import CheckAccessType
protector = Protector()
session = protector.create_session("User1")
print(session.check_access("TE_A_N_S23_L2R2_Y", 
 CheckAccessType.REPROTECT, "TE_A_N_S23_L3R3_Y"))

Result

True

flush_audits

The flush_audits API is used for flushing the audit logs at any point within the application. This API is required for a short running process that lasts less than a second, to get the audit logs. It is recommended to invoke the API at the point where the application exits.

def flush_audits(self)

Note: Do not pass the self parameter while invoking the API.

Parameters

None

Returns

None

Exceptions

ProtectorError: This exception is thrown if the API is unable to flush the audit logs.

Example

In the following example, the flush_audits API is used to flush the audit logs.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("Protegrity1", "Alpha_Num")
print("Protected Data: %s" %output)
session.flush_audits()

protect

The protect API protects the data using tokenization, data type preserving encryption, No Encryption, or encryption data element. It supports both single and bulk protection without a maximum bulk size limit. However, you are recommended not to pass more than 1 MB of input data for each protection call.

For String and Byte data types, the maximum length for tokenization is 4096 bytes, while no maximum length is defined for encryption.

def protect(self, data, de, **kwargs)

Note: Do not pass the self parameter while invoking the API.

Parameters

data: Data to be protected. You can provide the data of any type that is supported by the AP Python. For example, you can specify data of type string, float, or integer. However, you cannot provide the data of multiple data types at the same time in a bulk call.
de: String containing the data element name defined in policy.
**kwargs: Specify one or more of the following keyword arguments: - external_iv: Specify the external initialization vector for Tokenization and FPE protection methods. This argument is optional.
- encrypt_to: Specify this argument for encrypting the data and set its value to bytes. This argument is Mandatory. It must not be used for Tokenization and FPE protection methods.
- external_tweak: Specify the external tweak value for FPE protection method. This argument is optional.
- charset: This is an optional argument. It indicates the byte order of the input buffer. You can specify a value for this argument from the charset constants, such as, UTF8, UTF16LE, or UTF16BE. The default value for the charset argument is UTF8. The charset argument is only applicable for the input data of byte type. The charset parameter is mandatory for the data elements created with Unicode Gen2 tokenization method and the FPE encryption method for byte APIs. The encoding set for the charset parameter must match the encoding of the input data passed.

Note: Keyword arguments are case sensitive.

Returns

For single data: Returns the protected data
For bulk data: Returns a tuple of the following data:
- List or tuple of the protected data
- Tuple of error codes

Exceptions

InvalidSessionError: This exception is thrown if the session is invalid or has timed out.
ProtectError: This exception is thrown if the API is unable to protect the data.

If the protect API is used with bulk data, then it does not throw any exception. Instead, it only returns an error code.
For more information about the return codes, refer to Application Protector Return Codes.

Example - Tokenizing String Data

The examples for using the protect API for tokenizing the string data are described in this section.

Example 1: Input string data
In the following example, the Protegrity1 string is used as the data, which is tokenized using the TE_A_N_S23_L2R2_Y Alpha Numeric data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("Protegrity1", "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %output)

Result

Protected Data: Pr9zdglWRy1

Example 2: Input string data using session as Context Manager
In the following example, the Protegrity1 string is used as the data, which is tokenized using the TE_A_N_S23_L2R2_Y Alpha Numeric data element.

from appython import Protector
protector = Protector()
with protector.create_session("User1") as session:
    output = session.protect("Protegrity1", "TE_A_N_S23_L2R2_Y")
    print("Protected Data: %s" %output)

Result

Protected Data: Pr9zdglWRy1

Example 3: Input date passed as a string
In the following example, the 29/05/1998 string is used as the data, which is tokenized using the TE_Date_DMY_S13 Date data element.
If a date string is provided as input, then the data element with the same tokenization type as the input date format must be used to protect the data. For example, if you have provided the input date string in DD/MM/YYYY format, then you must use only the Date (DD/MM/YYYY) data element to protect the data.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("29/05/1998", "TE_Date_DMY_S13")
print("Protected data: "+str(output))

Result

Protected data: 08/07/2443

Example 4: Input date and time passed as a string
In the following example, the 1998/05/29 10:54:47 string is used as the data, which is tokenized using the TE_Datetime_TN_DN_M Datetime data element.
If a date and time string is provided as input, then the data element with the same tokenization type as the input format must be used for data protection. For example, if the input date and time string in YYYY/MM/DD HH:MM:SS MMM format is provided, then only the Datetime (YYYY-MM-DD HH:MM:SS MMM) data element must be used to protect the data.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("1998/05/29 10:54:47", "TE_Datetime_TN_DN_M")
print("Protected data: "+str(output))

Result

Protected data: 3311/02/22 10:54:47

Example - Tokenizing String Data with External Initialization Vector (IV)

The example for using using the protect API for tokenizing string data using external initialization vector (IV) is described in this section.

If you want to pass the external IV as a keyword argument to the protect API, then you must first pass the external IV as bytes to the API.

Example
In this example, the Protegrity1 string is used as the data tokenized using the TE_A_N_S23_L2R2_Y data element, with the help of the external IV 1234 passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("Protegrity1", "TE_A_N_S23_L2R2_Y", 
external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: PrksvEshuy1

Example - Encrypting String Data

The example for using the protect API for encrypting the string data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

To avoid data corruption, do not convert the encrypted bytes data into the string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example
In the following example, the Protegrity1 string is used as the data, which is encrypted using the AES256_IV_CRC_KID data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("Protegrity1", "AES256_IV_CRC_KID", 
 encrypt_to=bytes)
print("Encrypted Data: %s" %output)

Result

Encrypted Data: b'#▒>▒gךڭm▒A΅,i=▒w▒▒▒▒'

Example - Protecting String Data Using Format Preserving Encryption (FPE)

The example for using the protect API to protect the string data using Format Preserving Encryption (FPE) (FF1) is described in this section.

Example
In the following example, the protegrity1234ÀÁÂÃÄÅÆÇÈÉ string is used as the data, which is protected using the FPE data element FPE_FF1_AES256_ID_AN_LnRn_ASTNE.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("protegrity1234ÀÁÂÃÄÅÆÇÈÉ", 
 "FPE_FF1_AES256_ID_AN_LnRn_ASTNE")
print("Protected Data: %s" %output)

Result

Protected Data: NRejBkN7LcBOT4ÀÁÂÃÄÅÆÇÈÉ

Example - Protecting String Data Using FPE with External IV and External Tweak

This section describes how to use the protect API for protecting string data using FPE (FF1), with external IV and external tweak is described in this section.

If the external IV and external tweak are passed as keyword arguments to the protect API, then the external IV and external tweak must be passed as bytes.

Example
In this example, the protegrity1234 string is used as the data, which is protected using the FPE data element FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2. It is used along with the external IV 1234 and external tweak abcdef that are passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("protegrity1234", 
 "FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2", external_iv=bytes("1234",
 encoding="utf-8"), 
 external_tweak=bytes("abcdef", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: prS6DaU5Dtd5g4

Example - Tokenizing Bulk String Data

The example for using the protect API for tokenizing bulk string data is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
(['prMLJsM8fZUp34', 'Pr9zdglWRy1', 'Pra9Ez5LPG56'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example 2: Input bulk string data
In Example 1, the protected output was a tuple of the tokenized data and the error list. This example shows how the code can be tweaked to ensure that the protected output and the error list are retrieved separately, and not as part of a tuple.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out, error_list = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)
print("Error List: ")
print(error_list)

Result

Protected Data: 
['prMLJsM8fZUp34', 'Pr9zdglWRy1', 'Pra9Ez5LPG56']
Error List: 
(6, 6, 6)

6 is the success return code for the protect operation of each element in the list.

Example 3: Input dates passed as bulk strings
In the following example, the 14/02/2019 and 11/03/2018 strings are stored in a list and used as bulk data, which is tokenized using the TE_Date_DMY_S13 Date data element.

If a date string is provided as input, then the data element with the same tokenization type as the input date format must be used to protect the data. For example, if you have provided the input date string in DD/MM/YYYY format, then you must use only the Date (DD/MM/YYYY) data element to protect the data.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["14/02/2019", "11/03/2018"]
output = session.protect(data, "TE_Date_DMY_S13")
print("Protected data: "+str(output))

Result

Protected data: (['08/07/2443', '17/08/1830'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Example 4: Input date and time passed as bulk strings
In the following example, the 2019/02/14 10:54:47 and 2019/11/03 11:01:32 strings is used as the data, which is tokenized using the TE_Datetime_TN_DN_M Datetime data element.

If a date and time string is provided as input, then the data element with the same tokenization type as the input format must be used for data protection. For example, if you have provided the input date and time string in YYYY/MM/DD HH:MM:SS MMM format, then you must use only the Datetime (YYYY-MM-DD HH:MM:SS MMM) data element to protect the data.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["2019/02/14 10:54:47", "2019/11/03 11:01:32"]
output = session.protect(data, "TE_Datetime_TN_DN_M")
print("Protected data: "+str(output))

Result

Protected data: (['3311/02/22 10:54:47', '3311/11/02 11:01:32'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Bulk String Data with External IV

The example for using the protect API for tokenizing bulk string data using external IV is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass external IV as bytes.

Example
In this example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data. This bulk data is tokenized using the TE_A_N_S23_L2R2_Y data element, with the help of external IV 123 that is passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y", 
 external_iv=bytes("123", encoding="utf-8"))
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
(['prv0WozsSjbS34', 'PrtigABOCy1', 'PrvjDdC2TD56'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Protecting Bulk String Data Using FPE

The example for using the protect API for protecting bulk string data using FPE (FF1) is described in this section. The bulk string data can be passed as a list or a tuple. Caution: The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234ÀÁ", "Protegrity1ÆÇÈ", "Protegrity56ÀÁÂÃÄÅ"]
p_out = session.protect(data, "FPE_FF1_AES256_APIP_AN_LnRn_ASTNE")
print("Protected Data: ")
print(p_out)

Result

Protected Data:
([u'MG01UHDQ8VyON3\xc0\xc1', u'8APfLh3W9TY\xc6\xc7\xc8', u'4XYdSFURF4bV\xc0\xc1\xc2\xc3\xc4\xc5'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Protecting Bulk String Data Using FPE with External IV and External Tweak

The example for using the protect API for protecting the bulk str ing data using FPE (FF1), with external IV and external tweak is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If the external IV and external tweak are passed as keyword arguments to the protect API, then the external IV and external tweak must be passed as bytes.

Example
In the following example, protegrity1234ÀÁ, Protegrity1ÆÇÈ, and Protegrity56ÀÁÂÃÄÅ strings are stored in a list and used as bulk data. This bulk data is protected using the FPE data element FPE_FF1_AES256_APIP_AN_LnRn_ASTNE, with the help of external IV 1234 and external tweak xyz that are passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234ÀÁ", "Protegrity1ÆÇÈ", "Protegrity56ÀÁÂÃÄÅ"]
p_out = session.protect(data, "FPE_FF1_AES256_APIP_AN_LnRn_ASTNE",
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("xyz",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)

Result

Protected Data:
([u'WwR5aK2BMoUlcz\xc0\xc1', u'nW6lqjd7NGR\xc6\xc7\xc8', u'o6eBUZDNuyWU\xc0\xc1\xc2\xc3\xc4\xc5'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Integer Data

The example for using the protect API for tokenizing integer data is described in this section.

Example
In the following example, 21 is used as the integer data, which is tokenized using the TE_INT_4 data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(21, "TE_INT_4")
print("Protected Data: %s" %output)

Result

Protected Data: -1926573911

Example - Tokenizing Integer Data with External IV

The example for using the protect API for tokenizing integer data using the external IV is described in this section.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass the external IV as bytes to the API.

Example
In this example, 21 is used as the integer data, which is tokenized using the TE_INT_4 data element, with the help of external IV 1234 passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(21, "TE_INT_4", external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: -2122057622

Example - Encrypting Integer Data

The example for using the protect API for encrypting integer data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example
In the following example, 21 is used as the integer data, which is encrypted using the AES256 data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(21, "AES256", encrypt_to=bytes)
print("Encrypted Data: %s" %output)

Result

Encrypted Data: b'@▒u▒▒▒p▒▒k▒N▒'

Example - Tokenizing Bulk Integer Data

The example for using the protect API for tokenizing bulk integer data is described in this section. The bulk integer data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is tokenized using the TE_INT_4 data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [21, 42, 55]
p_out = session.protect(data, "TE_INT_4")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([-1926573911, -1970496120, -814489753], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Bulk Integer Data with External IV

The example for using the protect API for tokenizing bulk integer data using external IV is described in this section. The bulk integer data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass the external IV as bytes to the API.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [21, 42, 55]
p_out = session.protect(data, "TE_INT_4", external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([-2122057622, 1795905968, 228587043], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Encrypting Bulk Integer Data

The example for using the protect API for encrypting bulk integer data is described in this section. The bulk integer data can be passed as a list or a tuple.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is encrypted using the AES256 data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [21, 42, 55]
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'@\x19\xccu\x04\xc7\xd8\xc1p\xad\xa7\x1fk\xe4N\xd0', b'"@\xec\x97(\x96\xab\x18\xd0\x99\xd4~\x1e\xf4\xba\xd1', b'y\xec\x9b+f\xa8\xb1I\xc2=[\x11\xfd\x06\xa1C'], (6,
 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Long Data

The example for using the protect API for tokenizing long data is described in this section.

Example
In the following example, 1376235139103947 is used as the long data, which is tokenized using the TE_INT_8 data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(1376235139103947, "TE_INT_8")
print("Protected Data: %s" %output)

Result

Protected Data: -1770169866845757900

Example - Tokenizing Long Data with External IV

The example for using the protect API for tokenizing long data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the protect API, then you must use bytes in the encrypt_to keyword.

Example
In this example, 1376235139103947 is used as the long data, which is tokenized using the TE_INT_8 data element, with the help of external IV 1234 passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(1376235139103947, "TE_INT_8",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: 5846214101577367207

Example - Encrypting Long Data

The example for using the protect API for encrypting long data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example
In the following example, 1376235139103947 is used as the long data, which is encrypted using the AES256 data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(1376235139103947, "AES256", encrypt_to=bytes)
print("Encrypted Data: %s" %output)

Result

Encrypted Data: b'#Ds####wp0Xl<\'

Example - Tokenizing Bulk Long Data

The example for using the protect API for tokenizing bulk long data is described in this section. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "TE_INT_8")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([-1770169866845757900L, -8142006510957348982L, -206876567049699669L], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Bulk Long Data with External IV

The example for using the protect API for tokenizing bulk long data using external IV is described in this section. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass the external IV and external tweak as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "TE_INT_8", external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([5846214101577367207L, 5661139619224336475L, 7806173497368534531L], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Encrypting Bulk Long Data

The example for using the protect API for encrypting bulk long data is described in this section. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example
In the following example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is encrypted using the AES256 data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'\xd5Ds\xb3\xfb\x95\xf2wp0Xl<\\\x1a\x07', b'\xaf\x05aq\xb6\xcd,L`JC4\x87\x87\t\x0b',
 b']j@*S\x96\xf5\xf5S<\x08M\xa6\x18\xbf\xda'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Protecting Float Data

The example for using the protect API for protecting float data using a No Encryption data element is described in this section. This API can be used for access control and auditing.

Example
In the following example, 22.5 is used as the float data, which is protected using the NoEncryption_1 data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(22.5, "NoEncryption_1")
print("Protected Data: %s" %output)

Result

Protected Data: 22.5

As we are using a No Encryption data element to protect the data, the protected output data is the same as the input data.

Example - Protecting Bulk Float Data

The example for using the protect API for protecting bulk float data using a No Encryption data element is described in this section. The bulk float data can be passed as a list or a tuple. This API can be used for access control and auditing.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is protected using the NoEncryption_1 data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "NoEncryption_1")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([22.5, 48.93, 94.31], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

As we are using a No Encryption data element to protect the data, the protected output data is the same as the input data.

Example - Encrypting Bulk Float Data

The example for using the protect API for encrypting bulk float data is described in this section. The bulk float data can be passed as a list or a tuple.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is encrypted using the AES256 data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'g.O\xd8\x8b\x12\x89\x15Vk\x88\xbe\xf4;\x18>', b'.\xb0Q\xb9\xc9\xca\xba\xc2\xcb8\xfe\xd8\xf4q\x00\xb8', b'\xb6x\xf4\x94l9\xe6uaN\x83\x8d\n\x98\n;'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Bytes Data

The example for using the protect API for tokenizing bytes data is described in this section.

Example
In the following example, “Protegrity1” string is first converted to bytes using the Python bytes() method. The bytes data is then tokenized using the TE_A_N_S23_L2R2_Y data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %p_out)

Result

Protected Data: b'Pr9zdglWRy1'

Example - Tokenizing Bytes Data with External IV

The example for using the protect API for tokenizing bytes data using external IV is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
output = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: b'PrksvEshuy1'

Example - Encrypting Bytes Data

The example for using the protect API for encrypting bytes data is described in this section.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example
In the following example, “Protegrity1” string is first converted to bytes using the Python bytes() method. The bytes data is then encrypted using the AES256 data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "AES256", encrypt_to = bytes)
print("Encrypted Data: %s" %p_out)

Result

Encrypted Data: b't####+4Lq##ۏx'

Example - Tokenizing Bulk Bytes Data

The example for using the protect API for tokenizing bulk bytes data. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234", encoding="UTF-8"), bytes("Protegrity1",
 encoding="UTF-8"), bytes("Protegrity56", encoding="UTF-8")]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([b'prMLJsM8fZUp34', b'Pr9zdglWRy1', b'Pra9Ez5LPG56'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Bulk Bytes Data with External IV

The example for using the protect API for r tokenizing bulk bytes data using external IV is described in this section. The bulk bytes data can be passed as a list or a tuple.
The individual elements of the list or tuple must be of the same data type.

Example - Encrypting Bulk Bytes Data

The example for using the protect API for encrypting bulk bytes data is described in this section. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234", encoding="UTF-8"), bytes("Protegrity1",
 encoding="UTF-8"), bytes("Protegrity56", encoding="UTF-8")]
p_out = session.protect(data, "AES256", encrypt_to = bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'\xc9^x\x02)\xcbB\x91}\x7fi\x8a\xce\x8d>H', b't\x80\xf5\x8d\x9e\x0b+4Lq\x8a\x97\xdb
\x8fx\x16', b'\x87\x08\x938\xf7o~\xab\xa3\xc2L\xa90>\x18_'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Bytes Data

The example for using the protect API for tokenizing bytes data is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %p_out)

In the following example, “Protegrity1” string is first converted to bytes using the Python bytes() method. The bytes data is then tokenized using the UnicodeGen2_BasicAlphaNum data element.

from appython import Protector
from appython import Charset
session = protector.create_session("User1")
data = bytes("Protegrity1", encoding="utf-16le")
p_out = session.protect(data, "UnicodeGen2_BasicAlphaNum", encrypt_to=bytes, charset=Charset.UTF16LE)
print("Protected Data: %s" %p_out)

Result

Protected Data: b'Pr9zdglWRy1'

Example - Tokenizing Bytes Data with External IV

The example for using the protect API for tokenizing bytes data using external IV is described in this section.

Example

In the following example, “Protegrity1” string is first converted to bytes using the Python bytes() method. The bytes data is then tokenized using the TE_A_N_S23_L2R2_Y data element, with the help of external IV 1234 that is passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
output = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: b'PrksvEshuy1'

Example - Tokenizing Bytes Data with External IV

The example for using the protect API for tokenizing bytes data using external IV is described in this section.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
output = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: b'PrksvEshuy1'

Example - Tokenizing Bulk Bytes Data

The example for using the protect API for tokenizing bulk bytes data is described in this section. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234", encoding="UTF-8"), bytes("Protegrity1",
 encoding="UTF-8"), bytes("Protegrity56", encoding="UTF-8")]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([b'prMLJsM8fZUp34', b'Pr9zdglWRy1', b'Pra9Ez5LPG56'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Bulk Bytes Data with External IV

The example for using the protect API for tokenizing bulk bytes data using external IV is described in this section. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234", encoding="UTF-8"), bytes("Protegrity1",
 encoding="UTF-8"), bytes("Protegrity56", encoding="UTF-8")]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([b'prbm147L5pc434', b'PrksvEshuy1', b'Prmx0hG8Nj56'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Encrypting Bulk Bytes Data

The example for using the protect API for encrypting bulk bytes data is described in this section. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example

In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are first converted to bytes using the Python bytes() method. The converted bytes are then stored in a list and used as bulk data, which is encrypted using the AES256 data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234", encoding="UTF-8"), bytes("Protegrity1",
 encoding="UTF-8"), bytes("Protegrity56", encoding="UTF-8")]
p_out = session.protect(data, "AES256", encrypt_to = bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'\xc9^x\x02)\xcbB\x91}\x7fi\x8a\xce\x8d>H', b't\x80\xf5\x8d\x9e\x0b+4Lq\x8a\x97\xdb
\x8fx\x16',  b'\x87\x08\x938\xf7o~\xab\xa3\xc2L\xa90>\x18_'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Date Objects

The examples for using the protect API for tokenizing the date objects are described in this section.

If a date string is provided as input, then the data element with the same tokenization type as the input format must be used for data protection. For example, if you have provided the input date object in DD/MM/YYYY format, then you must use only the Date (DD/MM/YYYY) data element to protect the data.

Example 1: Input date object in DD/MM/YYYY format
In the following example, the 29/05/1998 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is then tokenized using the TE_Date_DMY_S13 data element.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data = datetime.strptime("29/05/1998", "%d/%m/%Y").date()
print("Input date as a Date object : "+str(data))
p_out = session.protect(data, "TE_Date_DMY_S13")
print("Protected date: "+str(p_out))

Result

Input date as a Date object : 1998-05-29
Protected date: 1896-10-21

Example 2: Input date object in MM/DD/YYYY format

In the following example, the 05/29/1998 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is then tokenized using the TE_Date_MDY_S13 data element.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data = datetime.strptime("05/29/1998", "%m/%d/%Y").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "TE_Date_MDY_S13")
print("Protected date: "+str(p_out))

Result

Input date as a Date object : 1998-05-29
Protected date: 2037-06-12

Example 3: Input date object in YYYY/DD/MM format
In the following example, the 1998/05/29 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is then tokenized using the TE_Date_YMD_S13 data element.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data = datetime.strptime("1998/05/29", "%Y/%m/%d").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "TE_Date_YMD_S13")
print("Protected date: "+str(p_out))

Result

Input date as a Date object : 1998-05-29
Protected date: 2615-12-23

Example - Tokenizing Bulk Date Objects

The example for using the protect API for tokenizing bulk date objects is described in this section. The bulk date objects can passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If a date object is provided as input, then the data element with the same tokenization type as the input date format must be used to protect the data. For example, if you have provided the input date object in DD/MM/YYYY format, then you must use only the Date (DD/MM/YYYY) data element to protect the data.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data1 = datetime.strptime("12/02/2019", "%d/%m/%Y").date()
data2 = datetime.strptime("11/01/2018", "%d/%m/%Y").date()
data = [data1, data2]
print("Input data: ", str(data))
p_out = session.protect(data, "TE_Date_DMY_S13")
print("Protected data: "+str(p_out))

Result

Input data: [datetime.date(2019, 2, 12), datetime.date(2018, 1, 11)]
Protected data: ([datetime.date(1896, 10, 21), datetime.date(696, 3, 1)], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Unicode Data

The example for using the protect API for tokenizing unicode data is described in this section.

Example
In the following example, the u’protegrity1234ÀÁÂÃÄÅÆÇÈÉ’ unicode data is used as the input data, which is tokenized using the TE_A_N_S23_L2R2_Y data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %output)

Result

Protected Data:prZeslalwuQQy3ÀÁÂÃÄÅÆÇÈÉ

Example - Encrypting Unicode Data

The example for using the protect API for encrypting unicode data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example
In the following example, the u’protegrity1234ÀÁÂÃÄÅÆÇÈÉ’ unicode data is used as the input data, which is encrypted using the AES256_IV_CRC_KID data element.
Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', "AES256_IV_CRC_KID", 
 encrypt_to=bytes)
print("Encrypted Data: %s" %output)

Result

Encrypted Data: b' ##+###>##{4Az#V#O##K#c#######\1W#~&ng%-##'

Example - Tokenizing Bulk Unicode Data

The example for using the protect API for tokenizing bulk unicode data is described in this section. The bulk unicode data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', u'Protegrity1ÆÇÈÉÀÁÂÃÄÅ', u'Protegrity56ÇÅÆÈÉÂÃ']
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([u'prZeslalwuQQy3\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9',  u'PrVt6rfyW81\xc6\xc7\xc8\xc9\xc0\xc1\xc2\xc3\xc4\xc5', u'PrFgczleNkNG\xc7\xc5\xc6\xc8\xc9\xc2\xc3'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Encrypting Bulk Unicode Data

The example for using the protect API for encrypting bulk unicode data is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example
In the following example, u’protegrity1234ÀÁÂÃÄÅÆÇÈÉ’, u’Protegrity1ÆÇÈÉÀÁÂÃÄÅ’, and u’Protegrity56ÇÅÆÈÉÂÃ’ unicode data are stored in a list and used as bulk data, which is encrypted using the AES256 data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', u'Protegrity1ÆÇÈÉÀÁÂÃÄÅ', u'Protegrity56ÇÅÆÈÉÂÃ']
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'F2\xd2\xddR\xda\x9e7#\xfc\xe6\xe2Ore\x18>=\x87\xfc\xea\x9c\xb8\x94\x9e$M?\x9a\xec\xefO5\xc3\x8fjun\xe3\r4\x0f\xedD76\xe4\xfa', b'\x9f\xc0}G\x12\x1bu\x02\xfdMO\x8e\x01\xb6\x0f\xf5\xbbi\xbe\xc9\x11J\x1c\xa4\x12\x1e\xf0\xbeA\x19\xa4\xc3', b'G\xa3(\xee
\xb7\x81m\xfc\x96-I\xa2\x9eGt\xcc\x0b-\x97\xc73\x00O\xdc\xfb\t.\xfa=\x99:\xe7'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

unprotect

This function returns the data in its original form.

def unprotect(self, data, de, **kwargs)

Do not pass the self parameter while invoking the API.

Parameters

data: Data to be unprotected.
de: String containing the data element name defined in policy.
**kwargs: Specify one or more of the following keyword arguments: - external_iv: Specify the external initialization vector for Tokenization and FPE protection methods. This argument is optional.
- decrypt_to: Specify this argument for decrypting the data and set its value to the data type of the original data. For example, if you are unprotecting a string data, then you must specify the output data type as str. This argument is Mandatory. This argument must not be used for Tokenization and FPE protection methods. The possible values for the decrypt_to argument are: - str - int - long - float - bytes
- external_tweak: Specify the external tweak value for FPE protection method. This argument is optional.
- charset: This is an optional argument. It indicates the byte order of the input buffer. You can specify a value for this argument from the charset constants, such as, UTF8, UTF16LE, or UTF16BE. The default value for the charset argument is UTF8. The charset argument is only applicable for the input data of byte type. The charset parameter is mandatory for the data elements created with Unicode Gen2 tokenization method and the FPE encryption method for byte APIs. The encoding set for the charset parameter must match the encoding of the input data passed.

Keyword arguments are case sensitive.

Returns

For single data: Returns the unprotected data
For bulk data: Returns a tuple of the following data:
- List or tuple of the unprotected data
- Tuple of error codes

Exceptions

InvalidSessionError: This exception is thrown if the session is invalid or has timed out.
ProtectError: This exception is thrown if the API is unable to protect the data.

If the unprotect API is used with bulk data, then it does not throw any exception. Instead, it only returns an error code.
For more information about the return codes, refer to Application Protector API Return Codes.

Example - Detokenizing String Data

The examples for using the unprotect API for retrieving the original string data from the token data are described in this section.

Example 1: Input string data
In the following example, the Protegrity1 string that was tokenized using the TE_A_N_S23_L2R2_Y data element, is now detokenized using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("Protegrity1", "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %output)
org = session.unprotect(output, "TE_A_N_S23_L2R2_Y")
print("Unprotected Data: %s" %org)

Result

Protected Data: Pr9zdglWRy1
Unprotected Data: Protegrity1

Example 2: Input date passed as a string
In the following example, the 29/05/1998 string that was tokenized using the TE_Date_DMY_S13 Date data element, is now detokenized using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("29/05/1998", "TE_Date_DMY_S13")
print("Protected data: "+str(output))
org = session.unprotect(output, "TE_Date_DMY_S13")
print("Unprotected data: "+str(org))

Result

Protected data: 08/07/2443
Unprotected data: 29/05/1998

Example 3: Input date and time passed as a string
In the following example, the 1998/05/29 10:54:47 string that was tokenized using the TE_Datetime_TN_DN_M Datetime data element is now detokenized using the same data element.

If a date and time string is provided as input, then the data element with the same tokenization type as the input format must be used for data protection. For example, if the input date and time string in YYYY/MM/DD HH:MM:SS MMM format is provided, then only the Datetime (YYYY-MM-DD HH:MM:SS MMM) data element must be used to protect the data.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("1998/05/29 10:54:47", "TE_Datetime_TN_DN_M")
print("Protected data: "+str(output))
org = session.unprotect(output, "TE_Datetime_TN_DN_M")
print("Unprotected data: "+str(org))

Result

Protected data: 3311/02/22 10:54:47
Unprotected data: 1998/05/29 10:54:47

Example - Detokenizing String Data with External IV

The example for using the unprotect API for retrieving the original string data from token data, using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, the Protegrity1 string that was tokenized using the TE_A_N_S23_L2R2_Y data element and the external IV 1234 is now detokenized using the same data element and external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("Protegrity1", "TE_A_N_S23_L2R2_Y", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)
org = session.unprotect(output, "TE_A_N_S23_L2R2_Y", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Unprotected Data: %s" %org)

Result

Protected Data: PrksvEshuy1
Unprotected Data: Protegrity1

Example - Decrypting String Data

The example for using the unprotect API for decrypting string data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, the Protegrity1 string that was encrypted using the AES256_IV_CRC_KID data element is now decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to str.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("Protegrity1", "AES256_IV_CRC_KID", 
 encrypt_to=bytes)
print("Encrypted Data: %s" %output)
org = session.unprotect(output, "AES256_IV_CRC_KID", decrypt_to=str)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b'#▒>▒gךڭm▒A΅,i=▒w▒▒▒▒'
Decrypted Data: Protegrity1

Example - Unprotecting String Data Using FPE

The example for using the unprotect API for unprotecting string data using FPE (FF1) is described in this section.

Example
In the following example, the protegrity1234ÀÁÂÃÄÅÆÇÈÉ string that was protected using the FPE_FF1_AES256_ID_AN_LnRn_ASTNE data element, is now unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("protegrity1234ÀÁÂÃÄÅÆÇÈÉ", 
 "FPE_FF1_AES256_ID_AN_LnRn_ASTNE")
print("Protected Data: %s" %output)
org = session.unprotect(output, "FPE_FF1_AES256_ID_AN_LnRn_ASTNE")
print("Unprotected Data: %s" %org)

Result

Protected Data: NRejBkN7LcBOT4ÀÁÂÃÄÅÆÇÈÉ
Unprotected Data: protegrity1234ÀÁÂÃÄÅÆÇÈÉ

Example - Unprotecting String Data Using FPE with External IV and External Tweak

The example for using the unprotect API for unprotecting string data using FPE (FF1), with external IV and tweak is described in this section.

If the external IV and external tweak are passed as keyword arguments to the protect API, then the external IV and external tweak must be passed as bytes.

Example
In the following example, the protegrity1234 string that was protected using the FPE_FF1_AES256_ID_AN_LnRn_ASTNE data element, is now unprotected using the same data element, external IV, and external tweak.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("protegrity1234", 
 "FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2", external_iv=bytes("1234", encoding="utf-8"), 
 external_tweak=bytes("abcdef", encoding="utf-8"))
print("Protected Data: %s" %output)
org = session.unprotect(output, 
 "FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2", external_iv=bytes("1234", encoding="utf-8"), 
 external_tweak=bytes("abcdef", encoding="utf-8"))
print("Unprotected Data: %s" %org)

Result

Protected Data: prS6DaU5Dtd5g4
Unprotected Data: protegrity1234

Example - Detokenizing Bulk String Data

The examples for using the unprotect API for retrieving the original bulk string data from the token data are described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "TE_A_N_S23_L2R2_Y")
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
(['prMLJsM8fZUp34', 'Pr9zdglWRy1', 'Pra9Ez5LPG56'], (6, 6, 6))
Unprotected Data: 
(['protegrity1234', 'Protegrity1', 'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example 2: Input bulk string data
In Example 1, the unprotected output was a tuple of the detokenized data and the error list. This example shows how the code can be tweaked to ensure that the unprotected output and the error list are retrieved separately, and not as part of a tuple.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = protegrity1234
data = [data]*5
p_out, error_list = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)
print("Error List: ")
print(error_list)
org, error_list = session.unprotect(p_out, "TE_A_N_S23_L2R2_Y")
print("Unprotected Data: ")
print(org)
print("Error List: ")
print(error_list)

Result

Protected Data:
['prMLJsM8fZUp34', 'prMLJsM8fZUp34', 'prMLJsM8fZUp34', 'prMLJsM8fZUp34',
 'prMLJsM8fZUp34']
Error List:
(6, 6, 6, 6, 6)
Unprotected Data:
['protegrity1234', 'protegrity1234', 'protegrity1234', 'protegrity1234',
 'protegrity1234']
Error List:
(8, 8, 8, 8, 8)

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["14/02/2019", "11/03/2018"]
output = session.protect(data, "TE_Date_DMY_S13")
print("Protected data: "+str(output))
Confidential 165
Protegrity APIs, UDFs, Commands Reference Guide 9.1.0.0 Application Protector
org = session.unprotect(output[0], "TE_Date_DMY_S13")
print("Unprotected data: "+str(org))

Result

Protected data: (['08/07/2443', '17/08/1830'], (6, 6))
Unprotected data: (['14/02/2019', '11/03/2018'], (8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["2019/02/14 10:54:47", "2019/11/03 11:01:32"]
output = session.protect(data, "TE_Datetime_TN_DN_M")
print("Protected data: "+str(output))
org = session.unprotect(output[0], "TE_Datetime_TN_DN_M")
print("Unprotected data: "+str(org))

Result

Protected data: (['3311/02/22 10:54:47', '3311/11/02 11:01:32'], (6, 6))
Unprotected data: (['2019/02/14 10:54:47', '2019/11/03 11:01:32'], (8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Detokenizing Bulk String Data with External IV

The example for using the unprotect API for retrieving the original bulk string data from token data using the external IV is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("123", encoding="UTF-8"))
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("123", encoding="UTF-8"))
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
(['prv0WozsSjbS34', 'PrtigABOCy1', 'PrvjDdC2TD56'], (6, 6, 6))
Unprotected Data: 
(['protegrity1234', 'Protegrity1', 'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Decrypting Bulk String Data

The example for using the unprotect API for decrypting bulk string data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data, which is encrypted using the AES256 data element. The bulk string data is then decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to str.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
out = session.unprotect(p_out[0], "AES256", decrypt_to=str)
print("Decrypted Data: ")
print(out)

Result

Encrypted Data: 
([b'\xc9^x\x02)\xcbB\x91}\x7fi\x8a\xce\x8d>H', b't\x80\xf5\x8d\x9e\x0b+4Lq\x8a\x97\xdb\x8fx\x16',b'\x87\x08\x938\xf7o~\xab\xa3\xc2L\xa90>\x18_'], (6, 6, 6))
Decrypted Data: 
(['protegrity1234', 'Protegrity1', 'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.

8 is the success return code for the unprotect operation of each element in the list.

Example - Unprotecting Bulk String Data Using FPE

The example for using the unprotect API for retrieving the original bulk string data from token data using FPE (FF1) is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234ÀÁ", "Protegrity1ÆÇÈ", "Protegrity56ÀÁÂÃÄÅ"]
p_out = sessionr.protect(data, "FPE_FF1_AES256_APIP_AN_LnRn_ASTNE")
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "FPE_FF1_AES256_APIP_AN_LnRn_ASTNE")
print("Unprotected Data: ")
print(out)

Result

Protected Data:
([u'MG01UHDQ8VyON3\xc0\xc1', u'8APfLh3W9TY\xc6\xc7\xc8', u'4XYdSFURF4bV\xc0\xc1\xc2\xc3\xc4\xc5'], (6, 6, 6))
Unprotected Data:
([u'protegrity1234\xc0\xc1', u'Protegrity1\xc6\xc7\xc8',
 u'Protegrity56\xc0\xc1\xc2\xc3\xc4\xc5'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Unprotecting Bulk String Data Using FPE with External IV and External Tweak

This example describes using the unprotect API to retrieve the original bulk string from token data using FPE (FF1) using external IV and external tweak.

If the external IV and external tweak are passed as keyword arguments to the protect API, then the external IV and external tweak must be passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234ÀÁ", "Protegrity1ÆÇÈ", "Protegrity56ÀÁÂÃÄÅ"]
p_out = session.protect(data, "FPE_FF1_AES256_APIP_AN_LnRn_ASTNE",
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("xyz",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "FPE_FF1_AES256_APIP_AN_LnRn_ASTNE", 
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("xyz",
 encoding="utf-8"))
print("Unprotected Data: ")
print(out)

Result

Protected Data:
([u'WwR5aK2BMoUlcz\xc0\xc1', u'nW6lqjd7NGR\xc6\xc7\xc8', u'o6eBUZDNuyWU
\xc0\xc1\xc2\xc3\xc4\xc5'], (6, 6, 6))
Unprotected Data:
([u'protegrity1234\xc0\xc1', u'Protegrity1\xc6\xc7\xc8',
 u'Protegrity56\xc0\xc1\xc2\xc3\xc4\xc5'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Detokenizing Integer Data

The example for using the unprotect API for retrieving the original integer data from token data is described in this section.

Example
In the following example, the integer data 21 that was tokenized using the TE_INT_4 data element, is now detokenized using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(21, "TE_INT_4")
print("Protected Data: %s" %output)
org = session.unprotect(output, "TE_INT_4")
print("Unprotected Data: %s" %org)

Result

Protected Data: -2122057622
Unprotected Data: 21

Example - Detokenizing Integer Data with External IV

The example for using the unprotect API for retrieving the original integer data from token data, using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, the integer data 21 that was tokenized using the TE_INT_4 data element and the external IV 1234 is now detokenized using the same data element and external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(21, "TE_INT_4", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)
org = session.unprotect(output, "TE_INT_4", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Unprotected Data: %s" %org)

Result

Protected Data: -2122057622
Unprotected Data: 21

Example - Decrypting Integer Data

The example for using the unprotect API for decrypting integer data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, the integer data 21 that was encrypted using the AES256 data element is now decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to int.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(21, "AES256", encrypt_to=bytes)
print("Encrypted Data: %s" %output)
org = session.unprotect(output, "AES256", decrypt_to=int)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b'@▒u▒▒▒p▒▒k▒N▒'
Decrypted Data: 21

Example - Detokenizing Bulk Integer Data

The example for using the unprotect API for retrieving the original bulk integer data from token data is described in this section.

The AP Python APIs support integer values only between -2147483648 and 2147483648, both inclusive.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is tokenized using the TE_INT_4 data element. The bulk integer data is then detokenized using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [21, 42, 55]
p_out = session.protect(data, "TE_INT_4")
print("Protected Data: ")
print(p_out)
Confidential 170
Protegrity APIs, UDFs, Commands Reference Guide 9.1.0.0 Application Protector
out = session.unprotect(p_out[0], "TE_INT_4")
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
([-1926573911, -1970496120, -814489753], (6, 6, 6))
Unprotected Data: 
([21, 42, 55], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Detokenizing Bulk Integer Data with External IV

The example for using the unprotect API for retrieving the original bulk integer data from token data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In this example, 21, 42, and 55 integers are stored in a list and used as bulk data. This bulk data is tokenized using the TE_INT_4 data element, with the help of external IV 1234 that is passed as bytes.The bulk integer data is then detokenized using the same data element and external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [21, 42, 55]
p_out = session.protect(data, "TE_INT_4", external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "TE_INT_4", external_iv=bytes("1234",  encoding="utf-8"))
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
([-2122057622, 1795905968, 228587043], (6, 6, 6))
Unprotected Data: 
([21, 42, 55], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Decrypting Bulk Integer Data

The example for using the unprotect API for decrypting bulk integer data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is encrypted using the AES256 data element. The bulk integer data is then decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to int.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [21, 42, 55]
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
out = session.unprotect(p_out[0], "AES256", decrypt_to=int)
print("Decrypted Data: ")
print(out)

Result

Encrypted Data: 
([b'@\x19\xccu\x04\xc7\xd8\xc1p\xad\xa7\x1fk\xe4N\xd0', b'"@\xec\x97(\x96\xab\x18\xd0\x99\xd4~\x1e\xf4\xba\xd1', b'y\xec\x9b+f\xa8\xb1I\xc2=[\x11\xfd\x06\xa1C'], (6,
 6, 6))
Decrypted Data: 
([21, 42, 55], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Detokenizing Long Data

The example for using the unprotect API for retrieving the original long data from the token data is described in this section.

Example
In the following example, the long data 1376235139103947 that was tokenized using the TE_INT_8 data element, is now detokenized using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(1376235139103947, "TE_INT_8")
print("Protected Data: %s" %output)
org = session.unprotect(output, "TE_INT_8")
print("Unprotected Data: %s" %org)

Result

Protected Data: -1770169866845757900
Unprotected Data: 1376235139103947

Example - Detokenizing Long Data with External IV

The example for using the unprotect API for retrieving the original long data from the token data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In this example, the long data 1376235139103947 was tokenized using the TE_INT_8 data element and the external IV 1234. It is now detokenized using the same data element and external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(1376235139103947, "TE_INT_8", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)
org = session.unprotect(output, "TE_INT_8", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Unprotected Data: %s" %org)

Result

Protected Data: 5846214101577367207
Unprotected Data: 1376235139103947

Example - Decrypting Long Data

The example for using the unprotect API for decrypting long data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, the long data 1376235139103947 that was encrypted using the AES256 data element is now decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to long.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(1376235139103947, "AES256", encrypt_to=bytes)
print("Encrypted Data: %s" %output)
org = session.unprotect(output, "AES256", decrypt_to=int)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b'#Ds####wp0Xl<\'
Decrypted Data: 1376235139103947

Example - Detokenizing Bulk Long Data

The example for using the unprotect API for retrieving the original bulk long data from the token data is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "TE_INT_8")
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "TE_INT_8")
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
([-1770169866845757900L, -8142006510957348982L, -206876567049699669L], (6, 6, 6))
Unprotected Data: 
([1376235139103947L, 2396235839173981L, 9371234126176985L], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Detokenizing Bulk Long Data with External IV

The example for using the unprotect API for retrieving the original bulk long data from the token data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In this example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is tokenized using the TE_INT_8 data element, with the help of external IV 1234 passed as bytes. The bulk long data is then detokenized using the same data element and external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "TE_INT_8", external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "TE_INT_8", external_iv=bytes("1234",
 encoding="utf-8"))
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
([5846214101577367207L, 5661139619224336475L, 7806173497368534531L], (6, 6, 6))
Unprotected Data: 
([1376235139103947L, 2396235839173981L, 9371234126176985L], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Decrypting Bulk Long Data

The example for using the unprotect API for decrypting bulk long data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is encrypted using the AES256 data element. The bulk long data is then decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to long.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
out = session.unprotect(p_out[0], "AES256", decrypt_to=int)
print("Decrypted Data: ")
print(out)

Result

Encrypted Data: 
([b'\xd5Ds\xb3\xfb\x95\xf2wp0Xl<\\\x1a\x07', b'\xaf\x05aq\xb6\xcd,L`JC4\x87\x87\t\x0b', b']j@*S\x96\xf5\xf5S<\x08M\xa6\x18\xbf\xda'], (6, 6, 6))
Decrypted Data: 
([1376235139103947L, 2396235839173981L, 9371234126176985L], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Unprotecting Float Data

The example for using the unprotect API for unprotecting float data using a No Encryption data element. This API can be used for access control and auditing.

Example
In the following example, the long data 22.5 that was protected using the NoEncryption_1 data element, is now unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(22.5, "NoEncryption_1")
print("Protected Data: %s" %output)
org = session.unprotect(output, "NoEncryption_1")
print("Unprotected Data: %s" %org)

Result

Protected Data: 22.5
Unprotected Data: 22.5

The input data, the protected output data, and the unprotected data are the same, as we are using a No Encryption data element to protect and unprotect the data.

Example - Decrypting Float Data

The example for using the unprotect API for decrypting float data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, the float data 22.5 that was encrypted using the AES256 data element is now decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to float.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(22.5, "AES256", encrypt_to=bytes)
print("Encrypted Data: %s" %output)
org = session.unprotect(output, "AES256", decrypt_to=float)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b'g.O؋#Vk###;>'
Decrypted Data: 22.5

Example - Unprotecting Bulk Float Data

This section describes how to use the unprotect API for unprotecting bulk float data using a No Encryption data element. This API can be used for access control and auditing.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is protected using the NoEncryption_1 data element. The bulk float data is then unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "NoEncryption_1")
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "NoEncryption_1")
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
([22.5, 48.93, 94.31], (6, 6, 6))
Unprotected Data: 
([22.5, 48.93, 94.31], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

The input data, the protected output data, and the unprotected data are the same, as we are using a No Encryption data element to protect and unprotect the data.

Example - Decrypting Bulk Float Data

The example for using the unprotect API for decrypting bulk float data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is encrypted using the AES256 data element. The bulk float data is then decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to float.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
out = session.unprotect(p_out[0], "AES256", decrypt_to=float)
print("Decrypted Data: ")
print(out)

Result

Encrypted Data: 
([b'g.O\xd8\x8b\x12\x89\x15Vk\x88\xbe\xf4;\x18>', b'.\xb0Q\xb9\xc9\xca\xba\xc2\xcb8\xfe\xd8\xf4q\x00\xb8', b'\xb6x\xf4\x94l9\xe6uaN\x83\x8d\n\x98\n;'], (6, 6, 6))
Decrypted Data: 
([22.5, 48.93, 94.31], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Detokenizing Bytes Data

The example for using the unprotect API for retrieving the original bytes data from the token data is described in this section.

Example
In the following example, the bytes data ‘Protegrity1’ that was tokenized using the TE_A_N_S23_L2R2_Y data element, is now detokenized using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %p_out)
org = session.unprotect(p_out, "TE_A_N_S23_L2R2_Y")
print("Unprotected Data: %s" %org)

In the following example, the bytes data ‘Protegrity1’ that was tokenized using the UnicodeGen2_BasicAlphaNum data element, is now detokenized using the same data element.

from appython import Protector
from appython import Charset
session = protector.create_session("User1")
data = bytes("Protegrity1", encoding="utf-16le")
p_out = session.protect(data, "UnicodeGen2_BasicAlphaNum", encrypt_to=bytes, charset=Charset.UTF16LE)
print("Protected Data: %s" %p_out)
org = session.unprotect(p_out, "UnicodeGen2_BasicAlphaNum", decrypt_to=bytes, charset=Charset.UTF16LE)
print("Unprotected Data: %s" %org)

Result

Protected Data: b'Pr9zdglWRy1'
Unprotected Data: b'Protegrity1'

Example - Detokenizing Bytes Data with External IV

The example for using the unprotect API for retrieving the original bytes data from the token data using external IV is described in this section.

Example
In this example, the bytes data ‘Protegrity1’ was tokenized using the TE_A_N_S23_L2R2_Y data element and the external IV 1234. It is now detokenized using the same data element and external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %p_out)
org = session.unprotect(p_out, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234", encoding="utf-8"))
print("Unprotected Data: %s" %org)

Result

Protected Data: b'PrksvEshuy1'
Unprotected Data: b'Protegrity1'

Example - Decrypting Bytes Data

The example for using the unprotect API for decrypting bytes data is described in this section.

Example
In the following example, the bytes data b’Protegrity1’ that was encrypted using the AES256 data element, is now decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: %s" %p_out)
org = session.unprotect(p_out, "AES256", decrypt_to=bytes)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b't####+4Lq##ۏx'
Decrypted Data: b'Protegrity1'

Example - Detokenizing Bulk Bytes Data

The example for using the unprotect API for retrieving the original bulk bytes data from the token data is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234"), bytes("Protegrity1"), bytes("Protegrity56")]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)
org = session.unprotect(p_out[0], "TE_A_N_S23_L2R2_Y")
print("Unprotected Data: ")
print(org)

Result

Protected Data: 
([b'prMLJsM8fZUp34', b'Pr9zdglWRy1', b'Pra9Ez5LPG56'], (6, 6, 6))
Unprotected Data: 
([b'protegrity1234', b'Protegrity1', b'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Detokenizing Bulk Bytes Data with External IV

The example for using the unprotect API for retrieving the original bulk bytes data from the token data using external IV is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234"), bytes("Protegrity1"), bytes("Protegrity56")]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234"))
print("Protected Data: ")
print(p_out) 
org = session.unprotect(p_out[0], "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234"))
print("Unprotected Data: ")
print(org)

Result

Protected Data: 
([b'prbm147L5pc434', b'PrksvEshuy1', b'Prmx0hG8Nj56'], (6, 6, 6))
Unprotected Data: 
([b'protegrity1234', b'Protegrity1', b'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Decrypting Bulk Bytes Data

The example for using the unprotect API for decrypting bulk bytes data is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234", encoding ="UTF-8"), bytes("Protegrity1", encoding
 ="UTF-8"), bytes("Protegrity56", encoding ="UTF-8")]
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
org = session.unprotect(p_out[0], "AES256", decrypt_to=bytes)
print("Decrypted Data: ")
print(org)

Result

Encrypted Data: 
([b'\xc9^x\x02)\xcbB\x91}\x7fi\x8a\xce\x8d>H', b't\x80\xf5\x8d\x9e\x0b+4Lq\x8a\x97\xdb\x8fx\x16', b'\x87\x08\x938\xf7o~\xab\xa3\xc2L\xa90>\x18_'], (6, 6, 6))
Decrypted Data: 
([b'protegrity1234', b'Protegrity1', b'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Detokenizing Date Objects

The example for using the unprotect API for retrieving the original data objects from token data is described in this section.

Example 1: Input date object in DD/MM/YYYY format

In this example, the 12/02/2019 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.

The date object is then tokenized using the TE_Date_DMY_S13 data element, and then detokenized using the same data element.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data = datetime.strptime("12/02/2019", "%d/%m/%Y").date()
print("Input date as a Date object : "+str(data))
p_out = session.protect(data, "TE_Date_DMY_S13")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "TE_Date_DMY_S13")
print("Unprotected date: "+str(unprotected_output))

Result

Input date as a Date object : 2019-02-12
Protected date: 1896-10-21
Unprotected date: 2019-02-12

Example 2: Input date object in MM.DD.YYYY format

In this example, the 02/12/2019 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is then tokenized using the TE_Date_MDY_S13 data element, and then detokenized using the same data element.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data = datetime.strptime("02/12/2019", "%m/%d/%Y").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "TE_Date_MDY_S13")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "TE_Date_MDY_S13")
print("Unprotected date: "+str(unprotected_output))

Result

Input date as a Date object : 2019-02-12
Protected date: 2037-06-12
Unprotected date: 2019-02-12

Example 3: Input date object in YYYY-MM-DD format

In this example, the 2019/02/12 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is then tokenized using the TE_Date_YMD_S13 data element, and then detokenized using the same data element.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data = datetime.strptime("2019/02/12", "%Y/%m/%d").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "TE_Date_YMD_S13")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "TE_Date_YMD_S13")
print("Unprotected date: "+str(unprotected_output))

Result

Input date as a Date object : 2019-02-12
Protected date: 2615-12-23
Unprotected date: 2019-02-12

Example - Detokenizing Bulk Date Objects

The example for using the unprotect API for retrieving the original bulk date objects from the token data is described in this section.

Example: Input as a Date Object
In this example, the 12/02/2019 and 11/01/2018 date strings are used as the data, which are first converted to a date objects using the Python date method of the datetime module. The two date objects are then used to create a list, which is used as the input data.
The input list is then tokenized using the TE_Date_DMY_S13 data element, and then detokenized using the same data element.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data1 = datetime.strptime("12/02/2019", "%d/%m/%Y").date()
data2 = datetime.strptime("11/01/2018", "%d/%m/%Y").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "TE_Date_DMY_S13")
print("Protected data: "+str(p_out))
unprotected_output = session.unprotect(p_out[0], "TE_Date_DMY_S13")
print("Unprotected date: "+str(unprotected_output))

Result

Input data: [datetime.date(2019, 2, 12), datetime.date(2018, 1, 11)]
Protected data: ([datetime.date(1896, 10, 21), datetime.date(696, 3, 1)], (6, 6))
Unprotected date: ([datetime.date(2019, 2, 12), datetime.date(2018, 1, 11)], (8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Detokenizing Unicode Data

The example for using the unprotect API for retrieving the original unicode data from the token data is described in this section.

Example
In the following example, the u’protegrity1234ÀÁÂÃÄÅÆÇÈÉ’ unicode data that was tokenized using the TE_A_N_S23_L2R2_Y data element, is now detokenized using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %output)
org = session.unprotect(output, "TE_A_N_S23_L2R2_Y")
print("Unprotected Data: %s" %org)

Result

Protected Data: prZeslalwuQQy3ÀÁÂÃÄÅÆÇÈÉ
Unprotected Data: protegrity1234ÀÁÂÃÄÅÆÇÈÉ

Example - Decrypting Unicode Data

The example for using the unprotect API for decrypting unicode data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, the u’protegrity1234ÀÁÂÃÄÅÆÇÈÉ’ unicode data that was encrypted using the AES256_IV_CRC_KID data element is now decrypted using the same data element.

Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to unicode.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', "AES256_IV_CRC_KID", 
 encrypt_to=bytes)
print("Encrypted Data: %s" %output)
org = session.unprotect(output, "AES256_IV_CRC_KID", decrypt_to=unicode)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b' 8"+[/O##*#wɆ#M#aX#{#B[#u####|E#(R#1##!w#t?V6#Q###W###jG'
Decrypted Data: protegrity1234ÀÁÂÃÄÅÆÇÈÉ

Example - Detokenizing Bulk Unicode Data

The example for using the unprotect API for retrieving the original bulk unicode data from the token data is described in this section.

Example
In the following example, u’protegrity1234ÀÁÂÃÄÅÆÇÈÉ’, u’Protegrity1ÆÇÈÉÀÁÂÃÄÅ’, and u’Protegrity56ÇÅÆÈÉÂÃ’ unicode data are stored in a list and used as bulk data, which is tokenized using the TE_A_N_S23_L2R2_Y data element. The bulk unicode data is then detokenized using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', u'Protegrity1ÆÇÈÉÀÁÂÃÄÅ', u'Protegrity56ÇÅÆÈÉÂÃ']
Confidential 183
Protegrity APIs, UDFs, Commands Reference Guide 9.1.0.0 Application Protector
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "TE_A_N_S23_L2R2_Y")
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
([u'prZeslalwuQQy3\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9',  u'PrVt6rfyW81\xc6\xc7\xc8\xc9\xc0\xc1\xc2\xc3\xc4\xc5', u'PrFgczleNkNG\xc7\xc5\xc6\xc8\xc9\xc2\xc3'], (6, 6, 6))
Unprotected Data: 
([u'protegrity1234\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9',  u'Protegrity1\xc6\xc7\xc8\xc9\xc0\xc1\xc2\xc3\xc4\xc5',  u'Protegrity56\xc7\xc5\xc6\xc8\xc9\xc2\xc3'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Decrypting Bulk Unicode Data

The example for using the unprotect API for decrypting bulk unicode data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, u’protegrity1234ÀÁÂÃÄÅÆÇÈÉ’, u’Protegrity1ÆÇÈÉÀÁÂÃÄÅ’, and u’Protegrity56ÇÅÆÈÉÂÃ’ unicode data are stored in a list and used as bulk data, which is encrypted using the AES256 data element. The bulk unicode data is then decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to unicode.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', u'Protegrity1ÆÇÈÉÀÁÂÃÄÅ', u'Protegrity56ÇÅÆÈÉÂÃ']
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
out = session.unprotect(p_out[0], "AES256", decrypt_to=str)
print("Decrypted Data: ")
print(out)

Result

Encrypted Data: 
([b'F2\xd2\xddR\xda\x9e7#\xfc\xe6\xe2Ore\x18>=\x87\xfc\xea\x9c\xb8\x94\x9e$M?\x9a\xec\xefO5\xc3\x8fjun\xe3\r4\x0f\xedD76\xe4\xfa', b'\x9f\xc0}G\x12\x1bu\x02\xfdMO\x8e\x01\xb6\x0f\xf5\xbbi\xbe\xc9\x11J\x1c\xa4\x12\x1e\xf0\xbeA\x19\xa4\xc3', b'G\xa3(\xee\xb7\x81m\xfc\x96-I\xa2\x9eGt\xcc\x0b-\x97\xc73\x00O\xdc\xfb\t.\xfa=\x99:\xe7'], (6, 6, 6))
Decrypted Data: 
([u'protegrity1234\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9',  u'Protegrity1\xc6\xc7\xc8\xc9\xc0\xc1\xc2\xc3\xc4\xc5',  u'Protegrity56\xc7\xc5\xc6\xc8\xc9\xc2\xc3'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.

8 is the success return code for the unprotect operation of each element in the list.

reprotect

The reprotect API reprotects data using tokenization, data type preserving encryption, No Encryption, or encryption data element. The protected data is first unprotected and then protected again with a new data element. It supports bulk protection without a maximum data limit. However, you are recommended not to pass more than 1 MB of input data for each protection call.

For String and Byte data types, the maximum length for tokenization is 4096 bytes, while no maximum length is defined for encryption.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used Alpha-Numeric data element to protect the data, then you must use only Alpha-Numeric data element to reprotect the data.

def reprotect(self, data, old_de, new_de, **kwargs)

Do not pass the self parameter while invoking the API.

Parameters

data: Protected data to be reprotected. The data is first unprotected with the old data element and then protected with the new data element.
old_de: String containing the data element name defined in the policy for the input data. This data element is used to unprotect the protected data as part of the reprotect operation.
new_de: String containing the data element name defined in the policy to create the output data. This data element is used to protect the data as part of the reprotect operation.
**kwargs: Specify one or more of the following keyword arguments: - old_external_iv: Specify the old external IV in bytes for Tokenization and FPE protection methods. This old external IV is used to unprotect the protected data as part of the reprotect operation. This argument is optional.
- new_external_iv: Specify the new external IV in bytes for Tokenization and FPE protection methods. This new external IV is used to protect the data as part of the reprotect operation. This argument is optional.
- old_external_tweak: Specify the old external tweak value in bytes for the FPE protection method. This old external tweak is used to unprotect the protected data as part of the reprotect operation. This argument is optional.
- new_external_tweak: Specify the new external tweak value in bytes for the FPE protection method. This new external tweak is used to protect the data as part of the reprotect operation. This argument is optional.
- encrypt_to: Specify this argument for re-encrypting the bytes data and set its value to bytes. This argument is Mandatory. This argument must not be used for Tokenization and FPE protection methods.
- charset: This is an optional argument. It indicates the byte order of the input buffer. You can specify a value for this argument from the charset constants, such as, UTF8, UTF16LE, or UTF16BE. The default value for the charset argument is UTF8. The charset argument is only applicable for the input data of byte type. The charset parameter is mandatory for the data elements created with Unicode Gen2 tokenization method and the FPE encryption method for byte APIs. The encoding set for the charset parameter must match the encoding of the input data passed.

Keyword arguments are case sensitive.

Returns

For single data: Returns the reprotected data
For bulk data: Returns a tuple of the following data:
- List or tuple of the reprotected data
- Tuple of error codes

Exceptions

InvalidSessionError: This exception is thrown if the session is invalid or has timed out.
ProtectError: This exception is thrown if the API is unable to protect the data.

If the reprotect API is used with bulk data, then it does not throw any exception. Instead, it only returns an error code.
For more information about the return codes, refer to Application Protector API Return Codes.

Example - Retokenizing String Data

The examples for using the reprotect API for retokenizing string data are described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Alpha-Numeric data element to protect the data, then you must use only the Alpha-Numeric data element to reprotect the data.

Example 1: Input string data
In the following example, the Protegrity1 string is used as the input data, which is first tokenized using the TE_A_N_S23_L2R2_Y data element.
The tokenized input data, the old data element TE_A_N_S23_L2R2_Y, and a new data element TE_A_N_S23_L0R0_Y are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("Protegrity1", "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %output)
r_out = session.reprotect(output, "TE_A_N_S23_L2R2_Y", 
 "TE_A_N_S23_L0R0_Y")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: Pr9zdglWRy1
Reprotected Data: 7gD6aY1Aja9

Example 2: Input date passed as a string
In the following example, the 14/02/2019 string is used as the input data, which is first tokenized using the TE_Date_DMY_S13 Date data element.
If a date string is provided as input, then the data element with the same tokenization type as the input date format must be used to protect the data. For example, if you have provided the input date string in DD/MM/YYYY format, then you must use only the Date (DD/MM/YYYY) data element to protect the data.
The tokenized input data, the old data element TE_Date_DMY_S13, and a new data element TE_Date_DMY_S16 are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("14/02/2019", "TE_Date_DMY_S13")
print("Protected data: "+str(output))
r_out = session.reprotect(output, "TE_Date_DMY_S13", "TE_Date_DMY_S16")
print("Reprotected data: "+str(r_out))

Result

Protected data: 08/07/2443
Reprotected data: 19/10/1231

Example 3: Input date and time passed as a string
In the following example, the 2019/02/14 10:54:47 string is used as the input data, which is first tokenized using the TE_Datetime_TN_DN_M Datetime data element.
If a date and time string is provided as input, then the data element with the same tokenization type as the input format must be used for data protection. For example, if the input date and time string in YYYY/MM/DD HH:MM:SS MMM format is provided, then only the Datetime (YYYY-MM-DD HH:MM:SS MMM) data element must be used to protect the data. The tokenized input data, the old data element TE_Datetime_TN_DN_M, and a new data element TE_Datetime_TN_DN_Y are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("2019/02/14 10:54:47", "TE_Datetime_TN_DN_M")
print("Protected data: "+str(output))
r_out = session.reprotect(output, "TE_Datetime_TN_DN_M", "TE_Datetime_TN_DN_Y")
print("Reprotected data: "+str(r_out))

Result

Protected data: 3311/02/22 10:54:47
Reprotected data: 2019/09/25 10:54:47

Example - Retokenizing String Data with External IV

The example for using the reprotect API for retokenizing string data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, the Protegrity1 string is used as the input data, which is first tokenized using the TE_A_N_S23_L2R2_Y data element, with the help of external IV 1234 that is passed as bytes.
The tokenized input data, the TE_A_N_S23_L2R2_Y data element, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first detokenizes the protected input data using the given data element and old external IV. It then retokenizes the data using the same data element, but with the new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
p_out = session.protect("Protegrity1", "TE_A_N_S23_L2R2_Y", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "TE_A_N_S23_L2R2_Y", 
 "TE_A_N_S23_L2R2_Y", old_external_iv=bytes("1234", encoding="utf-8"), 
 new_external_iv=bytes("123456", encoding="utf-8"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: PrksvEshuy1
Reprotected Data: PrKxfmdTGy1

Example - Reprotecting String Data Using FPE

The example for using the reprotect API for reprotecting string data using FPE (FF1) is described in this section.

The ptyCharsets parameter is mandatory for data elements created with Unicode Gen2 tokenization method and the Format Preserving Encryption (FPE) method for byte APIs. The encoding set for the ptyCharsets parameter must match the encoding of the input data passed.

Example
In the following example, the protegrity1234ÀÁÂÃÄÅÆÇÈÉ string is used as the input data, which is first protected using the FPE data element FPE_FF1_AES256_ID_AN_LnRn_ASTNE.
The protected input data, the old data element FPE_FF1_AES256_ID_AN_LnRn_ASTNE, and a new data element FPE_FF1_AES256_ID_AN_LnRn_ASTNI are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
p_out = session.protect("protegrity1234ÀÁÂÃÄÅÆÇÈÉ", 
 "FPE_FF1_AES256_ID_AN_LnRn_ASTNE")
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "FPE_FF1_AES256_ID_AN_LnRn_ASTNE", 
 "FPE_FF1_AES256_ID_AN_LnRn_ASTNI")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: NRejBkN7LcBOT4ÀÁÂÃÄÅÆÇÈÉ
Reprotected Data: AdbY0XkXIW7MvHÀÁÂÃÄÅÆÇÈÉ

Example - Reprotecting String Data Using FPE with External IV and External Tweak

The example for using the reprotect API for reprotecting string data using FPE (FF1), with external IV and external tweak is described in this section.

If the external IV and external tweak are passed as keyword arguments to the reprotect API, then the external IV and external tweak must be passed as bytes.

Example
In the following example, the protegrity1234 string is used as the data, which is first protected using the FPE data element FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2, with the help of external IV 1234 and external tweak abcdef that are both passed as bytes.
The protected input data, the FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2 data element, the old external IV 1234 and external tweak abcdef in bytes, and a new external IV 123456 and external tweak xyz in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element, and old external IV and external tweak. It then reprotects it using the same data element, but with the new external IV and external tweak.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
p_out = session.protect("protegrity1234", 
 "FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2", external_iv=bytes("1234",
 encoding="utf-8"), 
 external_tweak=bytes("abcdef", encoding="utf-8"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, 
 "FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2", 
 "FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2", 
 old_external_iv=bytes("1234", encoding="utf-8"), new_external_iv=bytes("12345",
 encoding="utf-8"), 
 old_external_tweak=bytes("abcdef", encoding="utf-8"),
 new_external_tweak=bytes("xyz", encoding="utf-8"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: prS6DaU5Dtd5g4
Reprotected Data: pr7hzGvIWOZQf4

Example - Retokenizing Bulk String Data

The examples for using the reprotect API for retokenizing bulk string data are described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example 1: Input bulk string data
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data, which is tokenized using the TE_A_N_S13_L1R3_N data element.
The tokenized input data, the old data element TE_A_N_S13_L1R3_N, and a new data element TE_A_N_S23_L2R2_Y are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "TE_A_N_S13_L1R3_N")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "TE_A_N_S13_L1R3_N",
 "TE_A_N_S23_L2R2_Y")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
(['pLAvXYIAbp5234', 'P8PCmC8gty1', 'PHNjXrw7Iy56'], (6, 6, 6))
Reprotected Data: 
(['prMLJsM8fZUp34', 'Pr9zdglWRy1', 'Pra9Ez5LPG56'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example 2: Input dates passed as bulk strings
In the following example, the 14/02/2019 and 11/03/2018 strings are stored in a list and used as bulk data, which is tokenized using the TE_Date_DMY_S13 Date data element.

The tokenized input data, the old data element TE_Date_DMY_S13, and a new data element TE_Date_DMY_S16 are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["14/02/2019", "11/03/2018"]
output = session.protect(data, "TE_Date_DMY_S13")
print("Protected data: "+str(output))
r_out = session.reprotect(output[0], "TE_Date_DMY_S13", "TE_Date_DMY_S16")
print("Reprotected data: "+str(r_out))

Result

Protected data: (['08/07/2443', '17/08/1830'], (6, 6))
Reprotected data: (['19/10/1231', '25/09/2588'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Example 3: Input date and time passed as bulk strings
In the following example, the 2019/02/14 10:54:47 and 2019/11/03 11:01:32 strings is used as the data, which is tokenized using the TE_Datetime_TN_DN_M Datetime data element.
If a date and time string is provided as input, then the data element with the same tokenization type as the input format must be used for data protection. For example, if you have provided the input date and time string in YYYY-MM-DD HH:MM:SS MMM format, then you must use only the Datetime (YYYY-MM-DD HH:MM:SS MMM) data element to protect the data.
The tokenized input data, the old data element TE_Datetime_TN_DN_M, and a new data element TE_Datetime_TN_DN_Y are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["2019/02/14 10:54:47", "2019/11/03 11:01:32"]
output = session.protect(data, "TE_Datetime_TN_DN_M")
print("Protected data: "+str(output))
r_out = session.reprotect(output[0], "TE_Datetime_TN_DN_M", "TE_Datetime_TN_DN_Y")
print("Reprotected data: "+str(r_out))

Result

Protected data: (['3311/02/22 10:54:47', '3311/11/02 11:01:32'], (6, 6))
Reprotected data: (['2019/09/25 10:54:47', '2019/05/16 11:01:32'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Retokenizing Bulk String Data with External IV

The example for using the reprotect API for retokenizing bulk string data using external IV is described int his section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data, which is tokenized using the TE_A_N_S23_L2R2_Y data element, with the help of external IV 123 that is passed as bytes.
The tokenized input data, the TE_A_N_S23_L2R2_Y data element, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first detokenizes the protected input data using the given data element and old external IV, and then retokenizes it using the same data element, but with the new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "TE_A_N_S23_L2R2_Y","TE_A_N_S23_L2R2_Y",
 old_external_iv=bytes("1234", encoding="utf-8"),
new_external_iv=bytes("123456", encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
(['prbm147L5pc434', 'PrksvEshuy1', 'Prmx0hG8Nj56'], (6, 6, 6))
Reprotected Data: 
(['prFApvQWkhC934', 'PrKxfmdTGy1', 'PrKciFj8Ng56'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Reprotecting Bulk String Data Using FPE

The example for using the reprotect API for reprotecting bulk string data using FPE (FF1) is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, protegrity1234ÀÁ, Protegrity1ÆÇÈ, and Protegrity56ÀÁÂÃÄÅ strings are stored in a list and used as bulk data, which is protected using the FPE data element FPE_FF1_AES256_ID_AN_LnRn_ASTNE. The tokenized input data, the old data element FPE_FF1_AES256_ID_AN_LnRn_ASTNE, and a new data element FPE_FF1_AES256_ID_AN_LnRn_ASTNI are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234ÀÁ", "Protegrity1ÆÇÈ", "Protegrity56ÀÁÂÃÄÅ"]
p_out = session.protect(data, "FPE_FF1_AES256_ID_AN_LnRn_ASTNE")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "FPE_FF1_AES256_ID_AN_LnRn_ASTNE",
 "FPE_FF1_AES256_ID_AN_LnRn_ASTNI")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([u'NRejBkN7LcBOT4\xc0\xc1', u'8BT1NNNqnPZ\xc6\xc7\xc8', u'ecZslauY6iAl\xc0\xc1\xc2\xc3\xc4\xc5'], (6, 6, 6))
Reprotected Data: 
([u'AdbY0XkXIW7MvH\xc0\xc1', u'1sw4XpkXXn2\xc6\xc7\xc8', u'0dEqKSUy7OEX\xc0\xc1\xc2\xc3\xc4\xc5'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Reprotecting Bulk String Data Using FPE with External IV and External Tweak

The example for using the reprotect API for reprotecting bulk string data using FPE (FF1), with external IV and external tweak is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If the external IV and external tweak are passed as keyword arguments to the reprotect API, then the external IV and external tweak must be passed as bytes.

Example
In the following example, protegrity1234ÀÁ, Protegrity1ÆÇÈ, and Protegrity56ÀÁÂÃÄÅ strings are stored in a list and used as bulk data, which is first protected using the FPE data element FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2 data element, with the help of an external IV 1234 and external tweak abc that are both passed as bytes. The protected input data, the FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2 data element, the old external IV 1234 and external tweak abc in bytes, and a new external IV 123456 and external tweak xyz in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element, and old external IV and external tweak. It then reprotects it using the same data element, but with the new external IV and external tweak.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234ÀÁ", "Protegrity1ÆÇÈ", "Protegrity56ÀÁÂÃÄÅ"]
p_out = session.protect(data,
 "FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2", external_iv=bytes("1234",
 encoding="utf-8"),
 external_tweak=bytes("abc", encoding="utf-8"))
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0],
 "FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2",
 "FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2", 
 old_external_iv=bytes("1234", encoding="utf-8"), new_external_iv=bytes("123456",
 encoding="utf-8"), 
 old_external_tweak=bytes("abc", encoding="utf-8"),
 new_external_tweak=bytes("xyz", encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([u'prngoI74u6NZrY\xc0\xc1', u'PrFBtLOLDBJ\xc6\xc7\xc8', u'PrlIizsBZ8Bc\xc0\xc1\xc2\xc3\xc4\xc5'], (6, 6, 6))
Reprotected Data: 
([u'prvKwWyJiHTjtV\xc0\xc1', u'PrOjAc1YuIp\xc6\xc7\xc8', u'PrgiU5fdHGXE\xc0\xc1\xc2\xc3\xc4\xc5'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Retokenizing Integer Data

The example for using the reprotect API for retokenizing integer data is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used Integer data element to protect the data, then you must use only Integer data element to reprotect the data.

Example
In the following example, 21 is used as the input integer data, which is first tokenized using the TE_INT_4 data element.
The tokenized input data, the old data element TE_INT_4, and a new data element TE_INT_4_1 are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(21, "TE_INT_4")
print("Protected Data: %s" %output)
r_out = session.reprotect(output, "TE_INT_4", "TE_INT_4_1")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: -1926573911
Reprotected Data: 1673602066

Example - Retokenizing Integer Data with External IV

The example for using the reprotect API for retokenizing integer data using external IV is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Integer data element to protect the data, then you must use only the Integer data element to reprotect the data.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

The AP Python APIs support integer values only between -2147483648 and 2147483648, both inclusive.

Example
In the following example, 21 is used as the input integer data, which is first tokenized using the TE_INT_4 data element, with the help of external IV 1234 that is passed as bytes.
The tokenized input data, the TE_INT_4 data element, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first detokenizes the protected input data using the given data element and old external IV. It then retokenizes the data using the same data element, but with the new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
p_out = session.protect(21, "TE_INT_4", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "TE_INT_4", "TE_INT_4",
 old_external_iv=bytes("1234", encoding="utf-8"), new_external_iv=bytes("123456",
 encoding="utf-8"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: -2122057622
Reprotected Data: 342830163

Example - Retokenizing Bulk Integer Data

The example for using the reprotect API for retokenizing bulk integer data is described in this section. The bulk integer data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Integer data element to protect the data, then you must use only the Integer data element to reprotect the data.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is tokenized using the TE_INT_4 data element.
The tokenized input data, the old data element TE_INT_4, and a new data element TE_INT_4_1 are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [21, 42, 55]
p_out = session.protect(data, "TE_INT_4")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "TE_INT_4", "TE_INT_4_1")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([-1926573911, -1970496120, -814489753], (6, 6, 6))
Reprotected Data: 
([1673602066, -2106523868, 1683756976], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Retokenizing Bulk Integer Data with External IV

The example for using the reprotect API for retokenizing bulk integer data using external IV is described in this section. The bulk integer data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Integer data element to protect the data, then you must use only the Integer data element to reprotect the data.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is tokenized using the TE_INT_4 data element, with the help of external IV 1234 that is passed as bytes.
The tokenized input data, the TE_INT_4 data element, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first detokenizes the protected input data using the given data element and old external IV. It then retokenizes the data using the same data element, but with the new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [21, 42, 55]
p_out = session.protect(data, "TE_INT_4", external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "TE_INT_4", "TE_INT_4",
 old_external_iv=bytes("1234", encoding="utf-8"), new_external_iv=bytes("123456",
 encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([-2122057622, 1795905968, 228587043], (6, 6, 6))
Reprotected Data: 
([342830163, 1360764745, -1892139659], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Retokenizing Long Data

The example for using the reprotect API for retokenizing long data is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Integer data element to protect the data, then you must use only the Integer data element to reprotect the data.

Example
In the following example, 1376235139103947 is used as the input long data, which is first tokenized using the TE_INT_8 data element.
The tokenized input data, the old data element TE_INT_8, and a new data element TE_INT_8_1 are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(1376235139103947, "TE_INT_8")
print("Protected Data: %s" %output)
r_out = session.reprotect(output, "TE_INT_8", "TE_INT_8_1")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: -1770169866845757900
Reprotected Data: 1496033169477057599

Example - Retokenizing Long Data with External IV

The example for using the reprotect API for retokenizing long data using external IV is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Integer data element to protect the data, then you must use only the Integer data element to reprotect the data.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 1376235139103947 is used as the input long data, which is first tokenized using the TE_INT_8 data element, with the help of external IV 1234 that is passed as bytes.

The tokenized input data, the TE_INT_8 data element, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first detokenizes the protected input data using the given data element and old external IV, and then retokenizes it using the same data element, but with the new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
p_out = session.protect(1376235139103947, "TE_INT_8", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "TE_INT_8", "TE_INT_8",
 old_external_iv=bytes("1234", encoding="utf-8"), new_external_iv=bytes("123456",
 encoding="utf-8"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: 5846214101577367207
Reprotected Data: 2547273918835895593

Example - Retokenizing Bulk Long Data

The example for using the reprotect API for retokenizing bulk long data is described in this section. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Integer data element to protect the data, then you must use only the Integer data element to reprotect the data.

Example
In the following example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is tokenized using the TE_INT_8 data element.
The tokenized input data, the old data element TE_INT_8, and a new data element TE_INT_8_1 are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "TE_INT_8")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "TE_INT_8", "TE_INT_8_1")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([-1770169866845757900L, -8142006510957348982L, -206876567049699669L], (6, 6, 6))
Reprotected Data: 
([1496033169477057599L, -751706970736718821L, 6484885126927122847L], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Retokenizing Bulk Long Data with External IV

The example for using the reprotect API for retokenizing bulk long data using external IV is described in this section. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Integer data element to protect the data, then you must use only the Integer data element to reprotect the data.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is tokenized using the TE_INT_8 data element, with the help of external IV 1234 that is passed as bytes. The tokenized input data, the TE_INT_8 data element, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first detokenizes the protected input data using the given data element and old external IV. It then retokenizes the data using the same data element, but with the new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "TE_INT_8", external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "TE_INT_8", "TE_INT_8",
 old_external_iv=bytes("1234", encoding="utf-8"), new_external_iv=bytes("123456",
 encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([5846214101577367207L, 5661139619224336475L, 7806173497368534531L], (6, 6, 6))
Reprotected Data: 
([2547273918835895593L, 3484073575451507396L, 1789344813959912458L], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Reprotecting Float Data

The example for using the reprotect API for reprotecting float data using a No-Encryption data element is described in this section. This API can be used for access control and auditing.

If you are reprotecting the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the No Encryption data element to protect the data, then you must use only the No Encryption data element to reprotect the data.

Example
In the following example, 22.5 is used as the input float data, which is first protected using the NoEncryption_1 data element.
The protected input data, the old data element NoEncryption_1, and a new data element NoEncryption_2 are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(22.5, "NoEncryption_1")
print("Protected Data: %s" %output)
r_out = session.reprotect(output, "NoEncryption_1", "NoEncryption_2")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: 22.5
Reprotected Data: 22.5

As we are using a No-Encryption data element to protect and reprotect the data, the reprotected output data is the same as the protected data.

Example - Reprotecting Bulk Float Data

The example for using the reprotect API for reprotecting bulk float data using a No Encryption data element is described in this section. The bulk float data can be passed as a list or a tuple. This API can be used for access control and auditing.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is tokenized using the NoEncryption_1 data element.
The tokenized input data, the old data element NoEncryption_1, and a new data element NoEncryption_2 are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "NoEncryption_1")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "NoEncryption_1", "NoEncryption_2")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([22.5, 48.93, 94.31], (6, 6, 6))
Reprotected Data: 
([22.5, 48.93, 94.31], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.
As we are using a No Encryption data element to protect and reprotect the data, the reprotected output data is the same as the protected data.

Example - Retokenizing Bytes Data

The example for using the reprotect API for retokenizing bytes data is described in this section.

Example
In the following example, Protegrity1 string is first converted to bytes using the Python bytes() method. The bytes data is then tokenized using the TE_A_N_S23_L2R2_Y data element.
The tokenized input data, the old data element TE_A_N_S23_L2R2_Y, and a new data element TE_A_N_S13_L1R3_N are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "TE_A_N_S23_L2R2_Y",
 "TE_A_N_S13_L1R3_N")
print("Reprotected Data: %s" %r_out)

In the following example, Protegrity1 string is first converted to bytes using the Python bytes() method. The bytes data is then tokenized using the UnicodeGen2_BasicAlphaNum data element.
The tokenized input data, the old data element UnicodeGen2_BasicAlphaNum, and a new data element UnicodeGen2_BasicAlpha are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
from appython import Charset
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-1be")
p_out = session.protect(data, "UnicodeGen2_BasicAlphaNum", encrypt_to=bytes, charset=Charset.UTF16BE)
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "UnicodeGen2_BasicAlphaNum", "UnicodeGen2_BasicAlpha", encrypt_to=bytes, charset=Charset.UTF16BE)
print("Reprotected Data: %s" %r_out)

Result

Protected Data: b'Pr9zdglWRy1'
Reprotected Data: b'P8PCmC8gty1'

Example - Retokenizing Bytes Data with External IV

The example for using the reprotect API for retokenizing bytes data using external IV is described in this section.

Example
In the following example, Protegrity1 string is first converted to bytes using the Python bytes() method. The bytes data is then tokenized using the TE_A_N_S23_L2R2_Y data element, with the help of external IV 1234 that is passed as bytes.
The tokenized input data, the TE_A_N_S23_L2R2_Y data element, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first detokenizes the protected input data using the given data element and old external IV, and then retokenizes it using the same data element, but with the new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "TE_A_N_S23_L2R2_Y",
 "TE_A_N_S23_L2R2_Y", old_external_iv=bytes("1234", encoding="utf-8"),
 new_external_iv=bytes("123456", encoding="utf-8"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: b'PrksvEshuy1'
Reprotected Data: b'PrKxfmdTGy1'

Example - Re-Encrypting Bytes Data

The example for using the reprotect API for re-encrypting bytes data is described in this section.

If you are using the reprotect API, then the old data element and the new data element must be of the same protection method. For example, if you have used the AES256 data element to protect the data, then you must use only the AES256 data element to reprotect the data.

Example
In the following example, Protegrity1 string is first converted to bytes using the Python bytes() method. The bytes data is then encrypted using the AES256 data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes. The encrypted input data, the old data element AES256, and a new data element AES256_IV_CRC_KID are then passed as inputs to the reprotect API. The reprotect API first decrypts the protected input data using the old data element and then re-encrypts it using the new data element, as part of a single reprotect operation. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "AES256", encrypt_to = bytes)
print("Encrypted Data: %s" %p_out)
r_out = session.reprotect(p_out, "AES256", "AES256_IV_CRC_KID", encrypt_to = bytes)
print("Re-encrypted Data: %s" %r_out)

Result

Encrypted Data: b't####+4Lq##ۏx'
Re-encrypted Data: b' #,f#7d####l#:##s##D&#w]#Vd#y#-'

Example - Retokenizing Bulk Bytes Data

The example for using the reprotect API for retokenizing bulk bytes data is described in this section. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are first converted to bytes using the Python bytes() method. The converted bytes are then stored in a list and used as bulk data, which is tokenized using the TE_A_N_S23_L2R2_Y data element.
The tokenized input data, the old data element TE_A_N_S23_L2R2_Y, and a new data element TE_A_N_S13_L1R3_N are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234"), bytes("Protegrity1"), bytes("Protegrity56")]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "TE_A_N_S23_L2R2_Y",
 "TE_A_N_S13_L1R3_N")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([b'prMLJsM8fZUp34', b'Pr9zdglWRy1', b'Pra9Ez5LPG56'], (6, 6, 6))
Reprotected Data: 
([b'pLAvXYIAbp5234', b'P8PCmC8gty1', b'PHNjXrw7Iy56'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Retokenizing Bulk Bytes Data with External IV

The example for using the reprotect API for retokenizing bulk bytes data using external IV is described in this section. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are first converted to bytes using the Python bytes() method. The converted bytes are then stored in a list and used as bulk data, which is tokenized using the TE_A_N_S23_L2R2_Y data element, with the help of external IV 1234 that is passed as bytes.
The tokenized input data, the TE_A_N_S23_L2R2_Y data element, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first detokenizes the protected input data using the given data element and old external IV. It then retokenizes the data using the same data element, but with the new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234", encoding="utf-8"), bytes("Protegrity1",
 encoding="utf-8"), bytes("Protegrity56", encoding="utf-8")]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out) 
r_out = session.reprotect(p_out[0], "TE_A_N_S23_L2R2_Y",
 "TE_A_N_S23_L2R2_Y", old_external_iv=bytes("1234", encoding="utf-8"),
 new_external_iv=bytes("123456", encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([b'prbm147L5pc434', b'PrksvEshuy1', b'Prmx0hG8Nj56'], (6, 6, 6))
Reprotected Data: 
([b'prFApvQWkhC934', b'PrKxfmdTGy1', b'PrKciFj8Ng56'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Re-Encrypting Bulk Bytes Data

The example for using the reprotect API for re-encrypting bulk bytes data is described in this section. The bulk bytes data canbe passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended that you to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

The encrypted input data, the old data element AES256, and a new data element AES256_IV_CRC_KID are then passed as inputs to the reprotect API. The reprotect API first decrypts the protected input data using the old data element and then re-encrypts it using the new data element, as part of a single reprotect operation. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234", encoding ="UTF-8"), bytes("Protegrity1", encoding
 ="UTF-8"), bytes("Protegrity56", encoding ="UTF-8")]
p_out = session.protect(data, "AES256", encrypt_to = bytes)
print("Encrypted Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "AES256", "AES256_IV_CRC_KID", encrypt_to = bytes)
print("Re-encrypted Data: ")
print(r_out)

Result

Encrypted Data: 
([b'\xc9^x\x02)\xcbB\x91}\x7fi\x8a\xce\x8d>H', b't\x80\xf5\x8d\x9e\x0b+4Lq\x8a\x97\xdb\x8fx\x16', b'\x87\x08\x938\xf7o~\xab\xa3\xc2L\xa90>\x18_'], (6, 6, 6))
Re-encrypted Data: 
([b' \x08\xdfV2)A/\xc2\x96X\x86M\xbf&$P\xa1\xb9\x83o\xb4\x90\x9b\x8d\xf8\xf5\x976\x95\xcd\xf4\xea\xc7\xad\xedl\xbck\xd1\xf3@\xf7.\xfd\xe0\x13H\xe6\xb1', b'\x08\x11\x7f\xdf\x05\xf0I\xaa\xd1\xe2v`\xe9\x9dH\xa1\xa3\x025oW~\xc7\xf0KT\xd4\x1c\x05V\xaei\xee', b' \x08)\x84N&\xd4e(lq\xfa\x8d\x05\xa9\xe5\x8do(\xf2T\xe3l\xa9|V\xc2&X\x1d\x02yF[\xbfb(x\xe3\x1a/|x91K\xc2\xc8\xf2"\x89\xc3'], (6, 6, 6))

Example - Retokenizing Date Objects

The example for using the reprotect API for retokenizing date objects is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example: Input as a data object
In the following example, the 12/02/2019 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module. The date object is then tokenized using the TE_Date_DMY_S13 data element.
The tokenized input data, the old data element TE_Date_DMY_S13, and a new data element TE_Date_DMY_S16 are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data = datetime.strptime("12/02/2019", "%d/%m/%Y").date()
print("Input date as a Date object : "+str(data))
p_out = session.protect(data, "TE_Date_DMY_S13")
print("Protected date: "+str(p_out))
r_out = session.reprotect(p_out, "TE_Date_DMY_S13", "TE_Date_DMY_S16")
print("Reprotected date: "+str(r_out))

Result

Input date as a Date object : 2019-02-12
Protected date: 1896-10-21
Reprotected date: 2130-06-19

Example - Retokenizing Bulk Date Objects

The example for using the reprotect API for retokenizing bulk date objects is described in this section. The bulk date objects can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example: Input as a Date Object
In the following example, the 12/02/2019 and 11/01/2018 date strings are used as the data, which are first converted to a date objects using the Python date method of the datetime module. The two date objects are then used to create a list, which is used as the input data.
The input list is then tokenized using the TE_Date_DMY_S13 data element.
The tokenized input data, the old data element TE_Date_DMY_S13, and a new data element TE_Date_DMY_S16 are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data1 = datetime.strptime("12/02/2019", "%d/%m/%Y").date()
data2 = datetime.strptime("11/01/2018", "%d/%m/%Y").date()
data = [data1, data2]
print("Input data: ", str(data))
p_out = session.protect(data, "TE_Date_DMY_S13")
print("Protected data: "+str(p_out))
r_out = session.reprotect(p_out[0], "TE_Date_DMY_S13", "TE_Date_DMY_S16")
print("Reprotected date: "+str(r_out))

Result

Input data: [datetime.date(2019, 2, 12), datetime.date(2018, 1, 11)]
Protected data: ([datetime.date(1896, 10, 21), datetime.date(696, 3, 1)], (6, 6))
Reprotected date: ([datetime.date(2130, 6, 19), datetime.date(1339, 10, 10)], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Retokenizing Unicode Data

The example for using the reprotect API for retokenizing unicode data is described in this section.

Example
In the following example, the u’protegrity1234ÀÁÂÃÄÅÆÇÈÉ’ unicode data is used as the input data, which is first tokenized using the TE_A_N_S23_L2R2_Y data element.
The tokenized input data, the old data element TE_A_N_S23_L2R2_Y, and a new data element TE_AN_S23_L0R0_Y are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %output)
r_out = session.reprotect(output, "TE_A_N_S23_L2R2_Y", 
 "TE_AN_S23_L0R0_Y")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: prZeslalwuQQy3ÀÁÂÃÄÅÆÇÈÉ
Reprotected Data: Nw8MLVwbdcBMUaÀÁÂÃÄÅÆÇÈÉ

Example - Retokenizing Bulk Unicode Data

The example for using the reprotect API for retokenizing bulk unicode data is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example

In the following example, u’protegrity1234ÀÁÂÃÄÅÆÇÈÉ’, u’Protegrity1ÆÇÈÉÀÁÂÃÄÅ’, and u’Protegrity56ÇÅÆÈÉÂÃ’ unicode data are stored in a list and used as bulk data, which is tokenized using the TE_A_N_S23_L2R2_Y data element.
The tokenized input data, the old data element TE_A_N_S13_L1R3_N, and a new data element TE_A_N_S23_L2R2_Y are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', u'Protegrity1ÆÇÈÉÀÁÂÃÄÅ', u'Protegrity56ÇÅÆÈÉÂÃ']
p_out = session.protect(data, "TE_A_N_S13_L1R3_N")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "TE_A_N_S13_L1R3_N",
 "TE_A_N_S23_L2R2_Y")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([u'p3oZN1j1PF33hz\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9', u'P5fjL8vdBci\xc6\xc7\xc8\xc9\xc0\xc1\xc2\xc3\xc4\xc5', u'PIo45D7g73Sm\xc7\xc5\xc6\xc8\xc9\xc2\xc3'],  (6, 6, 6))
Reprotected Data: 
([u'prZeslalwuQQy3\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9',  u'PrVt6rfyW81\xc6\xc7\xc8\xc9\xc0\xc1\xc2\xc3\xc4\xc5', u'PrFgczleNkNG\xc7\xc5\xc6\xc8\xc9\xc2\xc3'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Using AP Python Mock in a Development Environment

The AP Python Mock can be used in a development environment. This is also known as mock implementation of AP Python APIs. In this mode, the AP Python Mock development package provides you with sample users and data elements that can be used to simulate the behavior of the actual APIs in production environment.

When the AP Python Mock APIs are used with the sample users and data elements provided with the development package, the output data is only a simulation of the protected or encrypted data. Do not use the AP Python APIs in the development environment to protect, unprotect, or reprotect sensitive data.

The examples on how to use the sample data elements for simulating the protect, unprotect, and reprotect scenarios are described in this section.

In the mock implementation, the ALL_USER user name must be passed as an argument to the create_session API for creating a session.

Mock example - protecting string

The example for using the protect API for protecting a string input data is described in this section.

Example: Input string data
In the following example, the Protegrity1 string is used as the input data, which is protected using the SUCCESS_STR data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("Protegrity1", "SUCCESS_STR")
print("Protected Data: %s" %output)

Result

Protected Data: 6JPqrjJEqLX

Mock Example - Protecting String Data with External IV

The example for using the protect API for protecting string input data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass the external IV as bytes to the API.

Example
In this example, the Protegrity1 string is used as the input data, which is tokenized using the SUCCESS_STR data element, with external IV 1234 passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("Protegrity1", "SUCCESS_STR", 
 external_iv=bytes("1234"))
print("Protected Data: %s" %output)

Result

Protected Data: Ho9bgXoebxa

Mock Example - Protecting String Data Using External IV and External Tweak

The example for using the protect API for protecting string input data using external IV and external tweak is described in this section.

If the external IV and external tweak are passed as keyword arguments to the protect API, then the external IV and external tweak must be passed as bytes.

Example
In this example, the protegrity1234 string is used as the input data protected using the data element SUCCESS_STR, with external IV 1234 and external tweak abcdef passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("protegrity1234", "SUCCESS_STR",
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("abcdef",
 encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: 9GsvVbGRvTQwxr

Mock Example - Protecting Bulk String Data

The examples for using the protect API for protecting bulk string input data are described in this section. The bulk string input data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example 1
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data, which is protected using the SUCCESS_STR data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "SUCCESS_STR")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
(['pJPqrjJEqLXHaO', '6JPqrjJEqLX', '6JPqrjJEqLl5'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example 2
In Example 1, the protected output was a tuple of the tokenized data and the error list. This example shows how the code can be tweaked to ensure that you retrieve the protected output and the error list separately, and not as part of a tuple.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = "protegrity1234"
data = [data]*5
p_out, error_list = session.protect(data, "SUCCESS_STR")
print("Protected Data: ", end="")
print(p_out)
print("Error List: ", end="")
print(error_list)

Result

Protected Data: ['pJPqrjJEqLXHaO', 'pJPqrjJEqLXHaO', 'pJPqrjJEqLXHaO', 'pJPqrjJEqLXHaO', 'pJPqrjJEqLXHaO']
Error List: (6, 6, 6, 6, 6)

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Bulk String Data with External IV

The example for using the protect API for protecting bulk string input data using external IV is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass the external IV as bytes to the API.

Example
In this example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk input data. This bulk data is protected using the SUCCESS_STR data element, with external IV 123 passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "SUCCESS_STR", 
 external_iv=bytes("123"))
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
(['nx8mEaxwmR2VSq', '1x8mEaxwmR2', '1x8mEaxwmRdF'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Bulk String Data Using External IV and External Tweak

The example for using the protect API for protecting bulk string input data using external IV and external tweak is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV and external tweak as keyword arguments to the protect API, then you must pass the external IV and external tweak as bytes.

Example
In the following example, protegrity1234ÀÁ, Protegrity1ÆÇÈ, and Protegrity56ÀÁÂÃÄÅ strings are stored in a list and used as bulk input data. This bulk data is protected using the SUCCESS_STR data element, with the help of external IV 1234 and external tweak xyz that are both passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234ÀÁ", "Protegrity1ÆÇÈ", "Protegrity56ÀÁÂÃÄÅ"]
p_out = session.protect(data, "SUCCESS_STR",
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("xyz", encoding="utf-8"))
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
(['uc72ntca2dI896Ã\x83Â\x80Ã\x83Â\x81', 'xc72ntca2dIÃ\x83Â\x86Ã\x83Â\x87Ã\x83Â\x88',
 'xc72ntca2dEBÃ\x83Â\x80Ã\x83Â\x81Ã\x83Â\x82Ã\x83Â\x83Ã\x83Â\x84Ã\x83Â\x85'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Unprotecting String Data

The example for using the unprotect API for retrieving the original string data from the protected data is described in this section.

Example: Input string data
In the following example, the Protegrity1 string that was protected using the SUCCESS_STR data element, is now unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("Protegrity1", "SUCCESS_STR")
print("Protected Data: %s" %output)
org = session.unprotect(output, "SUCCESS_STR")
print("Unprotected Data: %s" %org)

Result

Protected Data: 6JPqrjJEqLX
Unprotected Data: Protegrity1

Mock Example - Unprotecting String Data with External IV

The example for using the unprotect API for retrieving the original string data from protected data, using external initialization vector (IV) is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, the Protegrity1 string that was protected using the SUCCESS_STR data element and the external IV 1234 is now unprotected using the same data element and same external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("Protegrity1", "SUCCESS_STR", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)
org = session.unprotect(output, "SUCCESS_STR", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Unprotected Data: %s" %org)

Result

Protected Data: Ho9bgXoebxa
Unprotected Data: Protegrity1

Mock Example - Unprotecting String Data Using External IV and External Tweak

The example for using the unprotect API for unprotecting string data using external IV and tweak is described in this section.

If the external IV and external tweak are passed as keyword arguments to the protect API, then the external IV and external tweak must be passed as bytes.

Example
In the following example, the protegrity1234 string that was protected using the SUCCESS_STR data element, is now unprotected using the same data element and the same external IV and external tweak.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("protegrity1234", "SUCCESS_STR",
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("abcdef",
 encoding="utf-8"))
print("Protected Data: %s" %output)
org = session.unprotect(output, "SUCCESS_STR",
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("abcdef",
 encoding="utf-8"))
print("Unprotected Data: %s" %org)

Result

Protected Data: 9GsvVbGRvTQwxr
Unprotected Data: protegrity1234

Mock Example - Unprotecting Bulk String Data

The examples for using the unprotect API for retrieving the original bulk string data from the protected data are described in this section.

Example 1
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data, which is protected using the SUCCESS_STR data element. The bulk string data is then unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "SUCCESS_STR")
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_STR")
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
(['pJPqrjJEqLXHaO', '6JPqrjJEqLX', '6JPqrjJEqLl5'], (6, 6, 6))
Unprotected Data: 
(['protegrity1234', 'Protegrity1', 'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.

8 is the success return code for the unprotect operation of each element in the list.

Example 2
In Example 1, the unprotected output was a tuple of the unprotected data and the error list.
The following example shows how you can tweak the code to ensure that you retrieve the unprotected output and the error list separately, and not as part of a tuple.

from appython import Protector
 protector = Protector()
 session = protector.create_session("ALL_USER")
 data = protegrity1234
 data = [data]*5
 p_out, error_list = session.protect(data, "SUCCESS_STR")
 print("Protected Data: ", end="")
 print(p_out)
 print("Error List: ", end="")
 print(error_list)
 org, error_list = session.unprotect(p_out, "SUCCESS_STR")
 print("Unprotected Data: ", end="")
 print(org)
 print("Error List: ", end="")
 print(error_list)

Result

Protected Data: ['pJPqrjJEqLXHaO', 'pJPqrjJEqLXHaO', 'pJPqrjJEqLXHaO', 'pJPqrjJEqLXHaO',
 'pJPqrjJEqLXHaO']
Error List: (6, 6, 6, 6, 6)
Unprotected Data: ['protegrity1234', 'protegrity1234', 'protegrity1234',
 'protegrity1234', 'protegrity1234']
Error List: (8, 8, 8, 8, 8)

6 is the success return code for the protect operation of each element in the list.

8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Unprotecting Bulk String Data with External IV

The example for using the unprotect API for retrieving the original bulk string data from protected data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "SUCCESS_STR",
 external_iv=bytes("123"))
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_STR",
 external_iv=bytes("123"))
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
(['nx8mEaxwmR2VSq', '1x8mEaxwmR2', '1x8mEaxwmRdF'], (6, 6, 6))
Unprotected Data: 
(['protegrity1234', 'Protegrity1', 'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.

8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Unprotecting Bulk String Data Using External IV and External Tweak

The example for using the unprotect API for retrieving the original bulk string data from protected data using external IV and external tweak is described in this section.

If the external IV and external tweak are passed as keyword arguments to the protect API, then the external IV and external tweak must be passed as bytes.

Example
In the following example, protegrity1234ÀÁ, Protegrity1ÆÇÈ, and Protegrity56ÀÁÂÃÄÅ strings are stored in a list and used as bulk data. This bulk data is protected using the SUCCESS_STR data element, with the help of external IV 1234 and external tweak xyz that are both passed as bytes. The protected bulk string data is then unprotected using the same data element, same external IV, and external tweak.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234ÀÁ", "Protegrity1ÆÇÈ", "Protegrity56ÀÁÂÃÄÅ"]
p_out = session.protect(data, "SUCCESS_STR",
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("xyz",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_STR", 
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("xyz",
 encoding="utf-8"))
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
(['uc72ntca2dI896Ã\x83Â\x80Ã\x83Â\x81', 'xc72ntca2dIÃ\x83Â\x86Ã\x83Â\x87Ã\x83Â\x88',
 'xc72ntca2dEBÃ\x83Â\x80Ã\x83Â\x81Ã\x83Â\x82Ã\x83Â\x83Ã\x83Â\x84Ã\x83Â\x85'], (6, 6, 6))
Unprotected Data: 
([u'protegrity1234\xc0\xc1', u'Protegrity1\xc6\xc7\xc8',
 u'Protegrity56\xc0\xc1\xc2\xc3\xc4\xc5'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.

8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Reprotecting String

The example for using the reprotect API for reprotecting string data is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used Alpha-Numeric data element to protect the data, then you must use only Alpha-Numeric data element to reprotect the data.

Example: Input string data
In the following example, the Protegrity1 string is used as the input data, which is first protected using the SUCCESS_STR data element.
The protected input data, the old data element SUCCESS_STR, and a new data element SUCCESS_REPROTECT_STR are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element, and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("Protegrity1", "SUCCESS_STR")
print("Protected Data: %s" %output)
r_out = session.reprotect(output, "SUCCESS_STR", 
 "SUCCESS_REPROTECT_STR")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: 6JPqrjJEqLX
Reprotected Data: JQbePhQ2eGC

Mock Example - Reprotecting String Data with External IV

The example for using the reprotect API for reprotecting string data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, the Protegrity1 string is used as the input data, which is first protected using the SUCCESS_STR data element, with the help of external IV 1234 that is passed as bytes.
The protected input data, the old data element SUCCESS_STR, a new data element SUCCESS_REPROTECT_STR, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element and old external IV, and then reprotects it using the new data element and new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("Protegrity1", "SUCCESS_STR", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "SUCCESS_STR", 
 "SUCCESS_REPROTECT_STR", old_external_iv=bytes("1234", encoding="utf-8"), 
 new_external_iv=bytes("123456", encoding="utf-8"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: Ho9bgXoebxa
Reprotected Data: vQIqelQyqY6

Mock Example - Reprotecting String Data Using External IV and External Tweak

The example for using the reprotect API for reprotecting string data using external IV and external tweak is described in this section.

If the external IV and external tweak are passed as keyword arguments to the reprotect API, then the external IV and external tweak must be passed as bytes.

Example
In the following example, the protegrity1234 string is used as the data, which is first protected using the SUCCESS_STR data element, with the help of external IV 1234 and external tweak abcdef that are both passed as bytes.
The protected input data, the SUCCESS_STR data element, a new data element SUCCESS_REPROTECT_STR, the old external IV 1234 and external tweak abcdef in bytes, and a new external IV 123456 and external tweak xyz in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element, and old external IV and external tweak, and then reprotects it using the same data element, but with the new external IV and external tweak.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("protegrity1234", "SUCCESS_STR",
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("abcdef"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "SUCCESS_STR", 
 "SUCCESS_REPROTECT_STR", old_external_iv=bytes("1234", encoding="utf-8"),
 new_external_iv=bytes("12345", encoding="utf-8"),
 old_external_tweak=bytes("abcdef", encoding="utf-8"),
 new_external_tweak=bytes("xyz"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: 9GsvVbGRvTQwxr
Reprotected Data: 3AZjIrAvjOsnwb

Mock Example - Reprotecting Bulk String Data

The example for using the reprotect API for reprotecting bulk string data is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data, which is protected using the SUCCESS_STR data element.
The protected input data, the old data element SUCCESS_STR, and a new data element SUCCESS_REPROTECT_STR are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "SUCCESS_STR")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_STR",
 "SUCCESS_REPROTECT_STR")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
(['pJPqrjJEqLXHaO', '6JPqrjJEqLX', '6JPqrjJEqLl5'], (6, 6, 6))
Reprotected Data:
(['gQbePhQ2eGCjqW', 'JQbePhQ2eGC', 'JQbePhQ2eGBK'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Reprotecting Bulk String Data with External IV

The example for using the reprotect API for reprotecting bulk string data using external IV is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data, which is protected using the SUCCESS_STR data element, with the help of an external IV 1234 that is passed as bytes.
The protected input data, the old data element SUCCESS_STR, a new data element SUCCESS_REPROTECT_STR, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element and old external IV, and then reprotects it using the new data element and new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "SUCCESS_STR",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_STR",
 "SUCCESS_REPROTECT_STR", old_external_iv=bytes("1234", encoding="utf-8"), 
 new_external_iv=bytes("123456", encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data:
(['fo9bgXoebxaCTN', 'Ho9bgXoebxa', 'Ho9bgXoebx2q'], (6, 6, 6))
Reprotected Data:
(['cQIqelQyqY6OoN', 'vQIqelQyqY6', 'vQIqelQyqYXa'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Reprotecting Bulk String Data Using External IV and External Tweak

The example for using the reprotect API for reprotecting bulk string data using external IV and external tweak is described in this section. The bulk string data can be used as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If the external IV and external tweak are passed as keyword arguments to the reprotect API, then the external IV and external tweak must be passed as bytes.

Example
In the following example, protegrity1234ÀÁ, Protegrity1ÆÇÈ, and Protegrity56ÀÁÂÃÄÅ strings are stored in a list and used as bulk data, which is first protected using the SUCCESS_STR data element, with the help of an external IV 1234 and external tweak abc that are both passed as bytes.
The protected input data, the old data element SUCCESS_STR, a new data element SUCCESS_REPROTECT_STR, the old external IV 1234 and external tweak abc in bytes, and a new external IV 123456 and external tweak xyz in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the old data element, and old external IV and external tweak, and then reprotects it using the new data element, new external IV, and external tweak.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234ÀÁ", "Protegrity1ÆÇÈ", "Protegrity56ÀÁÂÃÄÅ"]
p_out = session.protect(data, "SUCCESS_STR",
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("abc",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_STR",
 "SUCCESS_REPROTECT_STR", old_external_iv=bytes("1234", encoding="utf-8"),
 new_external_iv=bytes("123456", encoding="utf-8"),
 old_external_tweak=bytes("abc", encoding="utf-8"),
 new_external_tweak=bytes("xyz", encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
(['A2XIHe2vIEFmShÃ\x83Â\x80Ã\x83Â\x81', 'N2XIHe2vIEFÃ\x83Â\x86Ã\x83Â\x87Ã\x83Â\x88',
 'N2XIHe2vIE5oÃ\x83Â\x80Ã\x83Â\x81Ã\x83Â\x82Ã\x83Â\x83Ã\x83Â\x84Ã\x83Â\x85'],
(6, 6, 6))
Reprotected Data:
(['VmDBawmlBAsfc6Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã
\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\
x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã
\x82Â\x82Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\
x82Â\x80Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â
\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\
x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x82Ã
\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x81',
'emDBawmlBAsÃ\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â
\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\
x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x82Ã
\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x86Ã\x83Â\
x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã
\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\
x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x83Ã
\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x87Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\
x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã
\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\
x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã
\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x88','emDBawmlBAtIÃ\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\
x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â
\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\
x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â
\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x80Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\
x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â
\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\
x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â
\x82Ã\x82Â\x81Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\
x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â
\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x82Ã\
x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â
\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\
x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â
\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x83Ã\
x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â
\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\
x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â
\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\
x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x84Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â
\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\
x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â
\x82Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\
x83Â\x82Ã\x82Â\x85'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Integer Data

The example for using the protect API for protecting integer data is described in this section.

The AP Python APIs support integer values only between -2147483648 and 2147483648, both inclusive.

Example
In the following example, 21 is used as the integer data, which is tokenized using the SUCCESS_INT data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(21, "SUCCESS_INT")
print("Protected Data: %s" %output)

Result

Protected Data: 68

Mock Example - Protecting Integer Data with External Initialization Vector (IV)

The example for using the protect API for protecting integer data using external initialization vector (IV) is described in this section.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 21 is used as the integer data, which is tokenized using the SUCCESS_INT data element, with the help of external IV 1234 that is passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(21, "SUCCESS_INT", external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: 36

Mock Example - Protecting Bulk Integer Data

The example for using the protect API for protecting bulk integer data is described in this section. The bulk integer data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

The AP Python APIs support integer values only between -2147483648 and 2147483648, both inclusive.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is protected using the SUCCESS_INT data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [21, 42, 55]
p_out = session.protect(data, "SUCCESS_INT")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([68, 46, 55], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Bulk Integer Data with External IV

The example for using the protect API for protecting bulk integer data using external IV is described in this section. The bulk integer data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is protected using the SUCCESS_INT data element, with the help of external IV 1234 that is passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [21, 42, 55]
p_out = session.protect(data, "SUCCESS_INT", external_iv=bytes("1234",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([36, 13, 99], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Unprotecting Integer Data

The example for using the unprotect API for retrieving the original integer data from protected data is described in this section.

The AP Python APIs support integer values only between -2147483648 and 2147483648, both inclusive.

Example
In the following example, the integer data 21 that was protected using the SUCCESS_INT data element, is now unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(21, "SUCCESS_INT")
print("Protected Data: %s" %output)
org = session.unprotect(output, "SUCCESS_INT")
print("Unprotected Data: %s" %org)

Result

Protected Data: 68
Unprotected Data: 21

Mock Example - Unprotecting Integer Data with External IV

The example for using the unprotect API for retrieving the original integer data from protected data, using external initialization vector (IV) is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, the integer data 21 that was protected using the SUCCESS_INT data element and the external IV 1234, is now unprotected using the same data element and same external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(21, "SUCCESS_INT", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)
org = session.unprotect(output, "SUCCESS_INT", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Unprotected Data: %s" %org)

Result

Protected Data: 36
Unprotected Data: 21

Mock Example - Unprotecting Bulk Integer Data

The example for using the unprotect API for retrieving the original bulk integer data from protected data is described in this section.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is protected using the SUCCESS_INT data element. The bulk integer data is then unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [21, 42, 55]
p_out = session.protect(data, "SUCCESS_INT")
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_INT")
print("Unprotected Data: ")
print(out)

Result

Protected Data:
([68, 46, 55], (6, 6, 6))
Unprotected Data:
([21, 42, 55], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Unprotecting Bulk Integer Data with External IV

The example for using the unprotect API for retrieving the original bulk integer data from protected data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is protected using the SUCCESS_INT data element and external IV 1234. The bulk integer data is then unprotected using the same data element and external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [21, 42, 55]
p_out = session.protect(data, "SUCCESS_INT", external_iv=bytes("1234",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_INT", external_iv=bytes("1234",
 encoding="utf-8"))
print("Unprotected Data: ")
print(out)

Result

Protected Data:
([36, 13, 99], (6, 6, 6))
Unprotected Data:
([21, 42, 55], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Reprotecting Integer Data

The example for using the reprotect API for reprotecting integer data is described in this section.

The AP Python APIs support integer values only between -2147483648 and 2147483648, both inclusive.

Example
In the following example, 21 is used as the input integer data, which is first protected using the SUCCESS_INT data element.
The tokenized input data, the old data element SUCCESS_INT, and a new data element SUCCESS_REPROTECT_INT are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element, and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(21, "SUCCESS_INT")
print("Protected Data: %s" %output)
r_out = session.reprotect(output, "SUCCESS_INT", "SUCCESS_REPROTECT_INT")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: 68
Reprotected Data: 69

Mock Example - Reprotecting Integer Data with External IV

The example for using the reprotect API for reprotecting integer data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 21 is used as the input integer data, which is first tokenized using the SUCCESS_INT data element, with the help of external IV 1234 that is passed as bytes.
The protected input data, the old data element SUCCESS_INT, a new data element SUCCESS_REPROTECT_INT, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element and old external IV, and then reprotects it using the new data element and new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect(21, "SUCCESS_INT", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "SUCCESS_INT", "SUCCESS_REPROTECT_INT",
 old_external_iv=bytes("1234", encoding="utf-8"), new_external_iv=bytes("123456",
 encoding="utf-8"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: 36
Reprotected Data: 14

Mock Example - Reprotecting Bulk Integer Data

The example for using the reprotect API for reprotecting bulk integer data. The bulk integer data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

The AP Python APIs support integer values only between -2147483648 and 2147483648, both inclusive.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is protected using the SUCCESS_INT data element.
The protected input data, the old data element SUCCESS_INT, and a new data element SUCCESS_REPROTECT_INT are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [21, 42, 55]
p_out = session.protect(data, "SUCCESS_INT")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_INT", "SUCCESS_REPROTECT_INT")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data:
([68, 46, 55], (6, 6, 6))
Reprotected Data:
([69, 86, 22], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Reprotecting Bulk Integer Data with External IV

The example for using the reprotect API for rerotecting bulk integer data using external IV is described in this section. The bulk integer data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is protected using the SUCCESS_INT data element, with the help of an external IV 123 that is passed as bytes.
The tokenized input data, the old data element SUCCESS_INT, a new data element SUCCESS_REPROTECT_INT, the old external IV 123 in bytes, and a new external IV 1234 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element and old external IV, and then reprotects it using the new data element and new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [21, 42, 55]
p_out = session.protect(data, "SUCCESS_INT", external_iv=bytes("1234",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_INT", "SUCCESS_REPROTECT_INT",
 old_external_iv=bytes("123", encoding="utf-8"), new_external_iv=bytes("1234",
 encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data:
([36, 13, 99], (6, 6, 6))
Reprotected Data:
([24, 72, 33], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Long Data

The example for using the protect API for protecting long data is described in this section.

Example
In the following example, 1376235139103947 is used as the long data, which is protected using the SUCCESS_LONG data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(1376235139103947, "SUCCESS_LONG")
print("Protected Data: %s" %output)

Result

Protected Data: 8632961867806753

Mock Example - Protecting Long Data with External IV

The example for using the protect API for protecting long data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 1376235139103947 is used as the long data, which is protected using the SUCCESS_LONG data element, with the help of external IV 1234 that is passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(1376235139103947, "SUCCESS_LONG",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: 6278329624602417

Mock Example - Protecting Bulk Long Data

The example for using the protect API for protecting bulk long data. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "SUCCESS_LONG")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([8632961867806753, 9672961467836748, 7638965892832741], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Bulk Long Data with External IV

The example for using the protect API for protecting bulk long data using external IV is described in this section. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass the external IV as bytes to the API.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "SUCCESS_LONG", external_iv=bytes("1234",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([6278329624602417, 3248329524672456, 4276321638678459], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Unprotecting Long Data

The example for using the unprotect API for retrieving the original long data from protected data is described in this section.

Example
In the following example, the long data 1376235139103947 that was tokenized using the SUCCESS_LONG data element, is now unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(1376235139103947, "SUCCESS_LONG")
print("Protected Data: %s" %output)
org = session.unprotect(output, "SUCCESS_LONG")
print("Unprotected Data: %s" %org)

Result

Protected Data: 8632961867806753
Unprotected Data: 1376235139103947

Mock Example - Unprotecting Long Data with External IV

The example for using the unprotect API for retrieving the original long data from protected data, using external initialization vector (IV) is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, the long data 1376235139103947 that was protected using the SUCCESS_LONG data element and the external IV 1234 is now unprotected using the same data element and external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(1376235139103947, "SUCCESS_LONG", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)
org = session.unprotect(output, "SUCCESS_LONG", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Unprotected Data: %s" %org)

Result

Protected Data: 6278329624602417
Unprotected Data: 1376235139103947

Mock Example - Unprotecting Bulk Long Data

The example for using the unprotect API for retrieving the original bulk long data from protected data is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "SUCCESS_LONG")
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_LONG")
print("Unprotected Data: ")
print(out)

Result

Protected Data:
([8632961867806753, 9672961467836748, 7638965892832741], (6, 6, 6))
Unprotected Data:
([1376235139103947, 2396235839173981, 9371234126176985], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Unprotecting Bulk Long Data with External IV

The example for using the unprotect API for retrieving the original bulk long data from protected data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is protected using the SUCCESS_LONG data element and external IV 1234. The bulk long data is then unprotected using the same data element and same external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "SUCCESS_LONG", external_iv=bytes("1234",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_LONG", external_iv=bytes("1234",
 encoding="utf-8"))
print("Unprotected Data: ")
print(out)

Result

Protected Data:
([6278329624602417, 3248329524672456, 4276321638678459], (6, 6, 6))
Unprotected Data:
([1376235139103947, 2396235839173981, 9371234126176985], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Reprotecting Long Data

The example for using the reprotect API for reprotecting long data is described in this section.

Example
In the following example, 1376235139103947 is used as the input long data, which is first protected using the SUCCESS_LONG data element.
The protected input data, the old data element SUCCESS_LONG, and a new data element SUCCESS_REPROTECT_LONG are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(1376235139103947, "SUCCESS_LONG")
print("Protected Data: %s" %output)
r_out = session.reprotect(output, "SUCCESS_LONG", "SUCCESS_REPROTECT_LONG")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: 8632961867806753

Mock Example - Reprotecting Long Data with External IV

The example for using the reprotect API for reprotecting long data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 1376235139103947 is used as the input long data, which is first protected using the SUCCESS_LONG data element, with the help of external IV 1234 that is passed as bytes.
The protected input data, the old data element SUCCESS_LONG, a new data element SUCCESS_REPROTECT_LONG, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element and old external IV, and then reprotects it using the new data element and new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect(1376235139103947, "SUCCESS_LONG", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "SUCCESS_LONG", "SUCCESS_REPROTECT_LONG",
 old_external_iv=bytes("1234", encoding="utf-8"), new_external_iv=bytes("123456",
 encoding="utf-8"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: 6278329624602417
Reprotected Data: 4563152458405896

Mock Example - Reprotecting Bulk Long Data

The example for using the reprotect API for reprotecting bulk long data is described in this section. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is protected using the SUCCESS_LONG data element.
The tokenized input data, the old data element SUCCESS_LONG, and a new data element SUCCESS_REPROTECT_LONG are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "SUCCESS_LONG")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_LONG", "SUCCESS_REPROTECT_LONG")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data:
([8632961867806753, 9672961467836748, 7638965892832741], (6, 6, 6))
Reprotected Data:
([4213926425402581, 9253926725412574, 5214928493413576], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Reprotecting Bulk Long Data with External IV

The example for using the reprotect API for reprotecting bulk long data using external IV. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is protected using the SUCCESS_LONG data element, with the help of an external IV 1234 that is passed as bytes.
The protected input data, the old data element SUCCESS_LONG, a new data element SUCCESS_REPROTECT_LONG, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element and old external IV, and then reprotects it using the new data element and new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "SUCCESS_LONG", external_iv=bytes("1234",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_LONG", "SUCCESS_REPROTECT_LONG",
 old_external_iv=bytes("1234", encoding="utf-8"), new_external_iv=bytes("123456",
 encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data:
([6278329624602417, 3248329524672456, 4276321638678459], (6, 6, 6))
Reprotected Data:
([4563152458405896, 1583152758465874, 8564159413463872], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Float Data

The example for using the protect API for protecting float data using a No Encryption data element. This API can be used for access control and auditing.

Example
In the following example, 22.5 is used as the float data, which is protected using the SUCCESS_FLOAT data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(22.5, "SUCCESS_FLOAT")
print("Protected Data: %s" %output)

Result

Protected Data: 22.5

As we are using a No Encryption data element to protect the data, the protected output data is the same as the input data.

Mock Example - Protecting Bulk Float Data

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is protected using the SUCCESS_FLOAT data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "SUCCESS_FLOAT")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([22.5, 48.93, 94.31], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.
As we are using a No Encryption data element to protect the data, the protected output data is the same as the input data.

Mock Example - Unprotecting Float Data

The example for using the unprotect API for unprotecting float data using a No Encryption data element. This API can be used for access control and auditing.

Example
In the following example, the long data 22.5 that was protected using the SUCCESS_FLOAT data element, is now unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(22.5, "SUCCESS_FLOAT")
print("Protected Data: %s" %output)
org = session.unprotect(output, "SUCCESS_FLOAT")
print("Unprotected Data: %s" %org)

Result

Protected Data: 22.5
Unprotected Data: 22.5

The input data, the protected output data, and the unprotected data are the same, as we are using a No Encryption data element to protect and unprotect the data.

Mock Example - Unprotecting Bulk Float Data

The example for using the unprotect API for unprotecting bulk float data using a No Encryption data element. This API can be used for access control and auditing.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is protected using the SUCCESS_FLOAT data element. The bulk float data is then unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "SUCCESS_FLOAT")
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_FLOAT")
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
([22.5, 48.93, 94.31], (6, 6, 6))
Unprotected Data: 
([22.5, 48.93, 94.31], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.
The input data, the protected output data, and the unprotected data are the same, as we are using a No Encryption data element to protect and unprotect the data.

Mock Example - Reprotecting Float Data

The example for using the reprotect API for reprotecting float data using a No Encryption data element. This API can be used for access control and auditing.

If you are reprotecting the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used No Encryption data element to protect the data, then you must use only No Encryption data element to reprotect the data.

Example
In the following example, 22.5 is used as the input float data, which is first protected using the SUCCESS_FLOAT data element.
The protected input data, the old data element SUCCESS_FLOAT, and a new data element SUCCESS_REPROTECT_FLOAT are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(22.5, "SUCCESS_FLOAT")
print("Protected Data: %s" %output)
r_out = session.reprotect(output, "SUCCESS_FLOAT", "SUCCESS_REPROTECT_FLOAT")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: 22.5
Reprotected Data: 22.5

As we are using a No Encryption data element to protect and reprotect the data, the reprotected output data is the same as the protected data.

Mock Example - Reprotecting Bulk Float Data

The example for using the reprotect API for reprotecting bulk float data using a No Encryption data element is described in this section. The bulk long data can be passed as a list or a tuple. This API can be used for access control and auditing.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is protected using the SUCCESS_FLOAT data element.
The tokenized input data, the old data element SUCCESS_FLOAT, and a new data element SUCCESS_REPROTECT_FLOAT are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "SUCCESS_FLOAT")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_FLOAT", "SUCCESS_REPROTECT_FLOAT")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([22.5, 48.93, 94.31], (6, 6, 6))
Reprotected Data: 
([22.5, 48.93, 94.31], (6, 6, 6))

Mock Example - Protecting Bytes Data

The example for using the protect API for protecting bytes data is described in this section.

Example
In the following example, “Protegrity1” string is first converted to bytes using the Python bytes() method. The bytes data is then protected using the SUCCESS_BYTE data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "SUCCESS_BYTE")
print("Protected Data: %s" %p_out)

Result

Protected Data: b'nLiNJRL7N2P'

Mock Example - Protecting Bytes Data with External IV

The example for using the protect API for protecting bytes data using external IV is described in this section.

Example
In the following example, “Protegrity1” string is first converted to bytes using the Python bytes() method. The bytes data is then protected using the SUCCESS_BYTE data element, with the help of external IV 1234 that is passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=bytes("Protegrity1", encoding="utf-8")
output = session.protect(data, "SUCCESS_BYTE",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: b'Ho9bgXoebxa'

Mock Example - Protecting Bulk Bytes Data

The example for using the protect API for protecting bulk bytes data. The bulk bytes data can be used as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [bytes("protegrity1234"), bytes("Protegrity1"), bytes("Protegrity56")]
p_out = session.protect(data, "SUCCESS_BYTE")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([b'pJPqrjJEqLXHaO', b'6JPqrjJEqLX', b'6JPqrjJEqLl5'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Bulk Bytes Data with External IV

The example for using the protect API for protecting bulk bytes data using external IV. The bulk bytes data can be passed as a list or a tuple.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [bytes("protegrity1234", encoding="utf-8"), bytes("Protegrity1",
 encoding="utf-8"), bytes("Protegrity56", encoding="utf-8")]
p_out = session.protect(data, "SUCCESS_BYTE",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([b'fo9bgXoebxaCTN', b'Ho9bgXoebxa', b'Ho9bgXoebx2q'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Unprotecting Bytes Data

The example for using the unprotect API for retrieving the original bytes data from protected data is described in this section.

Example
In the following example, the bytes data b’Protegrity1’ that was protected using the SUCCESS_BYTE data element, is now unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "SUCCESS_BYTE")
print("Protected Data: %s" %p_out)
org = session.unprotect(p_out, "SUCCESS_BYTE")
print("Unprotected Data: %s" %org)

Result

Protected Data: b'6JPqrjJEqLX'
Unprotected Data: b'Protegrity1'

Mock Example - Unprotecting Bytes Data with External IV

The example for using the unprotect API for retrieving the original bytes data from protected data, using external initialization vector (IV) is described in this section.

Example
In the following example, the bytes data b’Protegrity1’ that was protected using the SUCCESS_BYTE data element and the external IV 1234 is now unprotected using the same data element and same external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "SUCCESS_BYTE", external_iv=bytes("1234",
 encoding="utf-8"))
print("Protected Data:", p_out)
org = session.unprotect(p_out, "SUCCESS_BYTE", external_iv=bytes("1234",
 encoding="utf-8"))
print("Unprotected Data:", org)

Result

Protected Data: b'Ho9bgXoebxa'
Unprotected Data: b'Protegrity1'

Mock Example - Unprotecting Bulk Bytes Data

The example for using the unprotect API for retrieving the original bulk bytes data from protected data is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [bytes("protegrity1234"), bytes("Protegrity1"), bytes("Protegrity56")]
p_out = session.protect(data, "SUCCESS_BYTE")
print("Protected Data: ")
print(p_out)
org = session.unprotect(p_out[0], "SUCCESS_BYTE")
print("Unprotected Data: ")
print(org)

Result

Protected Data:
([b'pJPqrjJEqLXHaO', b'6JPqrjJEqLX', b'6JPqrjJEqLl5'], (6, 6, 6))
Unprotected Data:
([b'protegrity1234', b'Protegrity1', b'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Unprotecting Bulk Bytes Data with External IV

The example for using the unprotect API for retrieving the original bulk bytes data from protected data using external IV is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [bytes("protegrity1234", encoding="utf-8"), bytes("Protegrity1",
 encoding="utf-8"), bytes("Protegrity56", encoding="utf-8")]
p_out = session.protect(data, "SUCCESS_BYTE",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out) 
org = session.unprotect(p_out[0], "SUCCESS_BYTE",
 external_iv=bytes("1234", encoding="utf-8"))
print("Unprotected Data: ")
print(org)

Result

Protected Data:
([b'fo9bgXoebxaCTN', b'Ho9bgXoebxa', b'Ho9bgXoebx2q'], (6, 6, 6))
Unprotected Data:
([b'protegrity1234', b'Protegrity1', b'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Re-encrypting Bytes Data

The example for using the reprotect API for re-encrypting bytes data is described in this section.

If you are using the reprotect API, then the old data element and the new data element must be of the same protection method. For example, if you have used AES256 data element to protect the data, then you must use only AES256 data element to reprotect the data.

Example
In the following example, Protegrity1 string is first converted to bytes using the Python bytes() method. The bytes data is then encrypted using the SUCCESS_BYTE data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.
The protected input data, the old data element SUCCESS_BYTE, and a new data element SUCCESS_REPROTECT_BYTE are then passed as inputs to the reprotect API. The reprotect API first decrypts the protected input data using the old data element and then re-encrypts it using the new data element, as part of a single reprotect operation. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "SUCCESS_BYTE", encrypt_to=bytes)
print("Encrypted Data: %s" %p_out)
r_out = session.reprotect(p_out, "SUCCESS_BYTE", "SUCCESS_REPROTECT_BYTE",
 encrypt_to=bytes)
print("Re-encrypted Data: %s" %r_out)

Result

Encrypted Data: b'6JPqrjJEqLX'
Re-encrypted Data: b'JQbePhQ2eGC'

Mock Example - Reprotecting Bytes Data with External IV

The example for using the reprotect API for reprotecting bytes data using external IV is described in this section.

Example
In the following example, Protegrity1 string is first converted to bytes using the Python bytes() method. The bytes data is then protected using the SUCCESS_BYTE data element, with the help of external IV 1234 that is passed as bytes.
The protected input data, the old data element SUCCESS_BYTE, a new data element SUCCESS_REPROTECT_BYTE, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element and old external IV, and then reprotects it using the new data element and new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "SUCCESS_BYTE",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "SUCCESS_BYTE",
 "SUCCESS_REPROTECT_BYTE", old_external_iv=bytes("1234", encoding="utf-8"),
 new_external_iv=bytes("123456", encoding="utf-8"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: b'Ho9bgXoebxa'
Reprotected Data: b'vQIqelQyqY6'

Mock Example - Reprotecting Bulk Bytes Data

The example for using the reprotect API for reprotecting bulk bytes data. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are first converted to bytes using the Python bytes() method. The converted bytes are then stored in a list and used as bulk data, which is protected using the SUCCESS_BYTE data element.
The tokenized input data, the old data element SUCCESS_BYTE, and a new data element SUCCESS_REPROTECT_BYTE are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [bytes("protegrity1234"), bytes("Protegrity1"), bytes("Protegrity56")]
p_out = session.protect(data, "SUCCESS_BYTE")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_BYTE",
 "SUCCESS_REPROTECT_BYTE")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data:
([b'pJPqrjJEqLXHaO', b'6JPqrjJEqLX', b'6JPqrjJEqLl5'], (6, 6, 6))
Reprotected Data:
([b'gQbePhQ2eGCjqW', b'JQbePhQ2eGC', b'JQbePhQ2eGBK'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Reprotecting Bulk Bytes Data with External IV

The example for using the reprotect API for reprotecting bulk bytes data using external IV is described in this section. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are first converted to bytes using the Python bytes() method. The converted bytes are then stored in a list and used as bulk data, which is protected using the SUCCESS_BYTE data element, with the help of an external IV 1234 that is passed as bytes.
The protected input data, the SUCCESS_BYTE data element, a new data element SUCCESS_REPROTECT_BYTE, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element and old external IV, and then reprotects it using the new data element and with the new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [bytes("protegrity1234", encoding="utf-8"), bytes("Protegrity1",
 encoding="utf-8"), bytes("Protegrity56", encoding="utf-8")]
p_out = session.protect(data, "SUCCESS_BYTE",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out) 
r_out = session.reprotect(p_out[0], "SUCCESS_BYTE",
 "SUCCESS_REPROTECT_BYTE", old_external_iv=bytes("1234", encoding="utf-8"),
 new_external_iv=bytes("123456", encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data:
([b'fo9bgXoebxaCTN', b'Ho9bgXoebxa', b'Ho9bgXoebx2q'], (6, 6, 6))
Reprotected Data:
([b'cQIqelQyqY6OoN', b'vQIqelQyqY6', b'vQIqelQyqYXa'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Date Object in DD/MM/YYYY Format

The example for using the protect API for protecting the date object.

Example: Input date object in DD/MM/YYYY format
In the following example, the 27/01/2019 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is then protected using the SUCCESS_DATE_DDMMYYYY data element.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data = datetime.strptime("27/01/2019", "%d/%m/%Y").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_DDMMYYYY")
print("Protected date: "+str(p_out))

Result

Input date as a Date object : 2019-01-27
Protected date: 2022-06-14

Mock Example - Protecting Bulk Date Objects in DD/MM/YYYY Format

The example for using the protect API for protecting bulk date objects. The bulk date objects can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, the 27/01/2019 and 22/04/2018 date strings are used as the data, which are first converted to a date objects using the Python date method of the datetime module. The two date objects are then used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATE_DDMMYYYY data element. For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("27/01/2019", "%d/%m/%Y").date()
data2 = datetime.strptime("22/04/2018", "%d/%m/%Y").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_DDMMYYYY")
print("Protected data: "+str(p_out))

Result

Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2022, 6, 14), datetime.date(2021, 9, 7)], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Date String in DD/MM/YYYY Format

The example for using the protect API for protecting a date string in DD/MM/YYYY format is described in this section.

Example: Input date string in DD/MM/YYYY format
In the following example, the 27/01/2019 date string is used as the input data, which is protected using the SUCCESS_DATE_DDMMYYYY data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("27/01/2019", "SUCCESS_DATE_DDMMYYYY")
print("Protected date: " + p_out)

Result

Protected date: 14/06/2022

Mock Example - Protecting Bulk Date Strings in DD/MM/YYYY Format

The example for using the protect API for protecting bulk date strings. The bulk date strings can be used as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, the 27/01/2019 and 22/04/2018 date strings are used to create a list, which is used as the input data. The input list is then protected using the SUCCESS_DATE_DDMMYYYY data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["27/01/2019", "22/04/2018"]
print("Input data: " + str(data))
p_out = session.protect(data, "SUCCESS_DATE_DDMMYYYY")
print("Protected data: " + str(p_out))

Result

Input data: ['27/01/2019', '22/04/2018']
Protected data: (['14/06/2022', '07/09/2021'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Unprotecting Date Objects in DD/MM/YYYY Format

The example for using the unprotect API for retrieving the original data object from protected data is described in this section.

Example: Input date object in DD/MM/YYYY format
In the following example, the 27/01/2019 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is first protected using the SUCCESS_DATE_DDMMYYYY data element, and is then unprotected using the same data element.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data = datetime.strptime("27/01/2019", "%d/%m/%Y").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_DDMMYYYY")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "SUCCESS_DATE_DDMMYYYY")
print("Unprotected date: "+str(unprotected_output))

Result

Input date as a Date object : 2019-01-27
Protected date: 2022-06-14
Unprotected date: 2019-01-27

Mock Example - Unprotecting Bulk Date Objects in DD/MM/YYYY Format

The example for using the unprotect API for retrieving the original bulk date objects from token data is described in this section.

Example
In the following example, the 27/01/2019 and 22/04/2018 date strings are used as the data, which are first converted to a date objects using the Python date method of the datetime module. The two date objects are then used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATE_DDMMYYYY data element, and then unprotected using the same data element.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("27/01/2019", "%d/%m/%Y").date()
data2 = datetime.strptime("22/04/2018", "%d/%m/%Y").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_DDMMYYYY")
print("Protected data: "+str(p_out))
unprotected_output = session.unprotect(p_out[0], "SUCCESS_DATE_DDMMYYYY")
print("Unprotected data: "+str(unprotected_output))

Result

Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2022, 6, 14), datetime.date(2021, 9, 7)], (6, 6))
Unprotected data: ([datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)], (8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Unprotecting Date String in DD/MM/YYYY Format

The example for using the unprotect API for retrieving the original data string from protected data is described in this section.

Example: Input date string in DD/MM/YYYY format
In the following example, the 27/01/2019 date string that was protected using the SUCCESS_DATE_DDMMYYYY data element, is unprotected using the SUCCESS_DATE_DDMMYYYY data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("27/01/2019", "SUCCESS_DATE_DDMMYYYY")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "SUCCESS_DATE_DDMMYYYY")
print("Unprotected date: "+str(unprotected_output))

Result

Protected date: 14/06/2022
Unprotected date: 27/01/2019

Mock Example - Unprotecting Bulk Date Strings in DD/MM/YYYY Format

The example for using the unprotect API for retrieving the original bulk date strings from token data is described in this section.

Example
In the following example, the 27/01/2019 and 22/04/2018 date strings are used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATE_DDMMYYYY data element, and then unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["27/01/2019", "22/04/2018"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_DDMMYYYY")
print("Protected data: "+str(p_out))
unprotected_output = session.unprotect(p_out[0], "SUCCESS_DATE_DDMMYYYY")
print("Unprotected data: "+str(unprotected_output))

Result

Input data: ['27/01/2019', '22/04/2018']
Protected data: (['14/06/2022', '07/09/2021'], (6, 6))
Unprotected data: (['27/01/2019', '22/04/2018'], (8, 8))

Mock Example - Reprotecting Date Object in DD/MM/YYYY Format

The example for using the reprotect API for reprotecting a date object is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the 27/01/2019 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module. The date object is then protected using the SUCCESS_DATE_DDMMYYYY data element.
The protected input data, the old data element SUCCESS_DATE_DDMMYYYY, and a new data element SUCCESS_REPROTECT_DATE_DDMMYYYY are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data = datetime.strptime("27/01/2019", "%d/%m/%Y").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_DDMMYYYY")
print("Protected date: "+str(p_out))
r_out = session.reprotect(p_out, "SUCCESS_DATE_DDMMYYYY",
 "SUCCESS_REPROTECT_DATE_DDMMYYYY")
print("Reprotected date: "+str(r_out))

Result

Input date as a Date object : 2019-01-27
Protected date: 2022-06-14
Reprotected date: 2030-11-26

Mock Example - Reprotecting Bulk Date Objects in DD/MM/YYYY Format

The example for using the reprotect API for reprotecting bulk date objects is described in this section. The bulk date objects can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example In the following example, the two date strings 27/01/2019 and 22/04/2018 are used as data, which are first converted to date objects using the Python date method of the datetime module. The two date objects are joined together to create a list, which is protected using the SUCCESS_DATE_DDMMYYYY data element. The protected input data, the old data element SUCCESS_DATE_DDMMYYYY, and a new data element SUCCESS_REPROTECT_DATE_DDMMYYYY are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("27/01/2019", "%d/%m/%Y").date()
data2 = datetime.strptime("22/04/2018", "%d/%m/%Y").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_DDMMYYYY")
print("Protected data: "+str(p_out))
r_out = session.reprotect(p_out[0], "SUCCESS_DATE_DDMMYYYY",
 "SUCCESS_REPROTECT_DATE_DDMMYYYY")
print("Reprotected data: "+str(r_out))
Result
Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2022, 6, 14), datetime.date(2021, 9, 7)], (6, 6))
Reprotected data: ([datetime.date(2030, 11, 26), datetime.date(2030, 2, 19)], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Reprotecting Date String in DD/MM/YYYY Format

The example for using the reprotect API for reprotecting a date in string format is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the 27/01/2019 date string is protected using the SUCCESS_DATE_DDMMYYYY data element.
The protected input data, the old data element SUCCESS_DATE_DDMMYYYY, and a new data element SUCCESS_REPROTECT_DATE_DDMMYYYY are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("27/01/2019", "SUCCESS_DATE_DDMMYYYY")
print("Protected date: "+str(p_out))
r_out = session.reprotect(p_out, "SUCCESS_DATE_DDMMYYYY",
 "SUCCESS_REPROTECT_DATE_DDMMYYYY")
print("Reprotected date: "+str(r_out))

Result

Protected date: 14/06/2022
Reprotected date: 26/11/2030

Mock Example - Reprotecting Bulk Date Strings in DD/MM/YYYY Format

The example for using the reprotect API for reprotecting bulk date strings is described in this section. The bulk date strings can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the two date strings 27/01/2019 and 22/04/2018 are used to create a list, which is protected using the SUCCESS_DATE_DDMMYYYY data element.
The protected input data, the old data element SUCCESS_DATE_DDMMYYYY, and a new data element SUCCESS_REPROTECT_DATE_DDMMYYYY are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["27/01/2019", "22/04/2018"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_DDMMYYYY")
print("Protected data: "+str(p_out))
r_out = session.reprotect(p_out[0], "SUCCESS_DATE_DDMMYYYY",
 "SUCCESS_REPROTECT_DATE_DDMMYYYY")
print("Reprotected data: "+str(r_out))

Result

Input data: ['27/01/2019', '22/04/2018']
Protected data: (['14/06/2022', '07/09/2021'], (6, 6))
Reprotected data: (['26/11/2030', '19/02/2030'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Date Object in MM.DD.YYYY Format

The example for using the protect API for protecting the date object is described in this section.

Example: Input date object in MM.DD.YYYY format
In the following example, the 01/27/2019 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is then protected using the SUCCESS_DATE_MMDDYYYY data element.

For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data = datetime.strptime("01/27/2019", "%m/%d/%Y").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected date: "+str(p_out))

Result

Input date as a Date object : 2019-01-27
Protected date: 2025-06-29

Mock Example - Protecting Bulk Date Objects in MM.DD.YYYY Format

The example for using the protect API for tokenizing bulk date objects. The bulk date objects can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, the 01/27/2019 and 04/22/2018 date strings are used as the data, which are first converted to a date objects using the Python date method of the datetime module. The two date objects are then used to create a list, which is used as the input data. The input list is then protected using the SUCCESS_DATE_MMDDYYYY data element.

For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("01/27/2019", "%m/%d/%Y").date()
data2 = datetime.strptime("04/22/2018", "%m/%d/%Y").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected data: "+str(p_out))

Result

Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2025, 6, 29), datetime.date(2024, 9, 22)], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Date String in MM.DD.YYYY Format

The example for using the protect API for protecting a date string in MM/DD/YYYY format is described in this section.

Example: Input date string in MM.DD.YYYY format
In the following example, the 01/27/2019 date string is used as the data, which is protected using the SUCCESS_DATE_MMDDYYYY data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("01/27/2019", "SUCCESS_DATE_MMDDYYYY")
print("Protected date: " + p_out)

Result

Protected date: 06/29/2025

Mock Example - Protecting Bulk Date Strings in MM.DD.YYYY Format

The example for using the protect API for tokenizing bulk dates in string format is described in this section. The bulk date strings can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, the 01/27/2019 and 04/22/2018 date strings are used to create a list, which is used as the input data. The input list is then protected using the SUCCESS_DATE_MMDDYYYY data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["01/27/2019", "04/22/2018"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected data: "+str(p_out))

Result

Input data: ['01/27/2019', '04/22/2018']
Protected data: (['06/29/2025', '09/22/2024'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Unprotecting Date Objects in MM.DD.YYYY Format

The example for using the unprotect API for retrieving the original data object from protected data is described in this section.

Example: Input date object in MM.DD.YYYY format
In the following example, the 01/27/2019 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is first protected using the SUCCESS_DATE_MMDDYYYY data element, and is then unprotected using the same data element.

For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data = datetime.strptime("01/27/2019", "%m/%d/%Y").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "SUCCESS_DATE_MMDDYYYY")
print("Unprotected date: "+str(unprotected_output))

Result

Input date as a Date object : 2019-01-27
Protected date: 2025-06-29
Unprotected date: 2019-01-27

Mock Example - Unprotecting Bulk Date Objects in MM.DD.YYYY Format

The example for using the unprotect API for retrieving the original bulk date objects from token data is described in htis section.

Example
In the following example, the 01/27/2019 and 04/22/2018 date strings are used as the data, which are first converted to a date objects using the Python date method of the datetime module. The two date objects are then used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATE_MMDDYYYY data element, and then unprotected using the same data element.

For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("01/27/2019", "%m/%d/%Y").date()
data2 = datetime.strptime("04/22/2018", "%m/%d/%Y").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected data: "+str(p_out))
unprotected_output = session.unprotect(p_out[0], "SUCCESS_DATE_MMDDYYYY")
print("Unprotected data: "+str(unprotected_output))

Result

Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2025, 6, 29), datetime.date(2024, 9, 22)], (6, 6))
Unprotected data: ([datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)], (8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Unprotecting Date Objects in MM.DD.YYYY Format

The example for using the unprotect API for retrieving the original data object from protected data is described in this section.

Example: Input date object in MM.DD.YYYY format
In the following example, the 01/27/2019 date string that was protected using the SUCCESS_DATE_MMDDYYYY data element, is unprotected using the same data element.

For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("01/27/2019", "SUCCESS_DATE_MMDDYYYY")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "SUCCESS_DATE_MMDDYYYY")
print("Unprotected date: "+str(unprotected_output))

Result

Protected date: 06/29/2025
Unprotected date: 01/27/2019

Mock Example - Unprotecting Bulk Date Strings in MM.DD.YYYY Format

The example for using the unprotect API for retrieving the original bulk date strings from token data is described in this section.

Example
In the following example, the 01/27/2019 and 04/22/2018 date strings are used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATE_MMDDYYYY data element, and then unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["01/27/2019", "04/22/2018"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected data: "+str(p_out))
unprotected_output = session.unprotect(p_out[0], "SUCCESS_DATE_MMDDYYYY")
print("Unprotected data: "+str(unprotected_output))

Result

Input data: ['01/27/2019', '04/22/2018']
Protected data: (['06/29/2025', '09/22/2024'], (6, 6))
Unprotected data: (['01/27/2019', '04/22/2018'], (8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Reprotecting Date Object in MM.DD.YYYY Format

The example for using the reprotect API for reprotecting date object is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the 01/27/2019 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module. The datetime object is then protected using the SUCCESS_DATE_MMDDYYYY data element.
The protected input data, the old data element SUCCESS_DATE_MMDDYYYY, and a new data element SUCCESS_REPROTECT_DATE_MMDDYYYY are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data = datetime.strptime("01/27/2019", "%m/%d/%Y").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected date: "+str(p_out))
r_out = session.reprotect(p_out, "SUCCESS_DATE_MMDDYYYY",
 "SUCCESS_REPROTECT_DATE_MMDDYYYY")
print("Reprotected date: "+str(r_out))

Result

Input date as a Date object : 2019-01-27
Protected date: 2025-06-29
Reprotected date: 2033-12-11

Mock Example - Reprotecting Bulk Date Objects in MM.DD.YYYY Format

The example for using the reprotect API for reprotecting bulk date objects. The bulk date objects can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the two date strings 01/27/2019 and 04/22/2018 are used as data, which are first converted to date objects using the Python date method of the datetime module. The two date objects are joined together to create a list, which is protected using the SUCCESS_DATE_MMDDYYYY data element.
The protected input data, the old data element SUCCESS_DATE_MMDDYYYY, and a new data element SUCCESS_REPROTECT_DATE_MMDDYYYY are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("01/27/2019", "%m/%d/%Y").date()
data2 = datetime.strptime("04/22/2018", "%m/%d/%Y").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected data: "+str(p_out))
r_out = session.reprotect(p_out[0], "SUCCESS_DATE_MMDDYYYY",
 "SUCCESS_REPROTECT_DATE_MMDDYYYY")
print("Reprotected data: "+str(r_out))

Result

Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2025, 6, 29), datetime.date(2024, 9, 22)], (6, 6))
Reprotected data: ([datetime.date(2033, 12, 11), datetime.date(2033, 3, 6)], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Reprotecting Date String in MM.DD.YYYY Format

The example for using the reprotect API for reprotecting a date in string format is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the 01/27/2019 date string is used as the data, which is protected using the SUCCESS_DATE_MMDDYYYY data element.
The protected input data, the old data element SUCCESS_DATE_MMDDYYYY, and a new data element SUCCESS_REPROTECT_DATE_MMDDYYYY are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("01/27/2019", "SUCCESS_DATE_MMDDYYYY")
print("Protected date: "+str(p_out))
r_out = session.reprotect(p_out, "SUCCESS_DATE_MMDDYYYY",
 "SUCCESS_REPROTECT_DATE_MMDDYYYY")
print("Reprotected date: "+str(r_out))

Result

Protected date: 06/29/2025
Reprotected date: 12/11/2033

Mock Example - Reprotecting Bulk Date Strings in MM.DD.YYYY Format

The example for uisng the reprotect API for reprotecting bulk dates in string format. The bulk date strings can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the two date strings 01/27/2019 and 04/22/2018 are used to create a list, which is protected using the SUCCESS_DATE_MMDDYYYY data element.
The protected input data, the old data element SUCCESS_DATE_MMDDYYYY, and a new data element SUCCESS_REPROTECT_DATE_MMDDYYYY are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["01/27/2019", "04/22/2018"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected data: "+str(p_out))
r_out = session.reprotect(p_out[0], "SUCCESS_DATE_MMDDYYYY",
 "SUCCESS_REPROTECT_DATE_MMDDYYYY")
print("Reprotected data: "+str(r_out))

Result

Input data: ['01/27/2019', '04/22/2018']
Protected data: (['06/29/2025', '09/22/2024'], (6, 6))
Reprotected data: (['12/11/2033', '03/06/2033'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Reprotecting Bulk Date Strings in MM.DD.YYYY Format

The example for using the reprotect API for reprotecting bulk dates in string format. The bulk date strings can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["01/27/2019", "04/22/2018"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected data: "+str(p_out))
r_out = session.reprotect(p_out[0], "SUCCESS_DATE_MMDDYYYY",
 "SUCCESS_REPROTECT_DATE_MMDDYYYY")
print("Reprotected data: "+str(r_out))

Result

Input data: ['01/27/2019', '04/22/2018']
Protected data: (['06/29/2025', '09/22/2024'], (6, 6))
Reprotected data: (['12/11/2033', '03/06/2033'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Bulk Date Objects in YYYY/MM/DD Format

The example for using the protect API for protecting bulk date objects is described in this section. The bulk date objects can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, the 2019/01/27 and 2018/04/22 date strings are used as the data, which are first converted to a date object using the Python date method of the datetime module. The two date objects are then used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATE_YYYYMMDD data element. For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("2019/01/27", "%Y/%m/%d").date()
data2 = datetime.strptime("2018/04/22", "%Y/%m/%d").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_YYYYMMDD")
print("Protected data: "+str(p_out))

Result

Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2028, 7, 14), datetime.date(2027, 10, 8)], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Date Object in YYYY-MM-DD Format

The example for using the protect API for protecting the date object is described in this section.

Example: Input date object in YYYY-MM-DD format
In the following example, the 2019/01/27 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is then protected using the SUCCESS_DATE_YYYYMMDD data element.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data = datetime.strptime("2019/01/27", "%Y/%m/%d").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_YYYYMMDD")
print("Protected date: "+str(p_out))

Result

Input date as a Date object : 2019-01-27
Protected date: 2028-07-14

Mock Example - Protecting Bulk Date Objects in YYYY-MM-DD Format

The example for using the protect API for protecting bulk date objects is described in this section. The bulk date objects can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, the 2019/01/27 and 2018/04/22 date strings are used as the data, which are first converted to a date object using the Python date method of the datetime module.
The two date objects are then used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATE_YYYYMMDD data element.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("2019/01/27", "%Y/%m/%d").date()
data2 = datetime.strptime("2018/04/22", "%Y/%m/%d").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_YYYYMMDD")
print("Protected data: "+str(p_out))

Result

Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2028, 7, 14), datetime.date(2027, 10, 8)], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Unprotecting Date Objects in YYYY-MM-DD Format

The example for using the unprotect API for retrieving the original data object from protected data is described in this section.

Example: Input date object in YYYY-MM-DD format
In the following example, the 2019/01/27 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is first protected using the SUCCESS_DATE_YYYYMMDD data element, and is then unprotected using the same data element.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
Confidential 268
Protegrity APIs, UDFs, Commands Reference Guide 9.1.0.0 Application Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = datetime.strptime("2019/01/27", "%Y/%m/%d").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_YYYYMMDD")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "SUCCESS_DATE_YYYYMMDD")
print("Unprotected date: "+str(unprotected_output))

Result

Input date as a Date object : 2019-01-27
Protected date: 2028-07-14
Unprotected date: 2019-01-27

Mock Example - Unprotecting Bulk Date Objects in YYYY-MM-DD Format

The example for using the unprotect API for retrieving the original bulk date objects from token data is described on this section.

Example
In the following example, the 2019/01/27 and 2018/04/22 date strings are used as the data, which are first converted to date objects using the Python date method of the datetime module.
The two date objects are then used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATE_YYYYMMDD data element, and then unprotected using the same data element.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("2019/01/27", "%Y/%m/%d").date()
data2 = datetime.strptime("2018/04/22", "%Y/%m/%d").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_YYYYMMDD")
print("Protected data: "+str(p_out))
unprotected_output = session.unprotect(p_out[0], "SUCCESS_DATE_YYYYMMDD")
print("Unprotected data: "+str(unprotected_output))

Result

Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2028, 7, 14), datetime.date(2027, 10, 8)], (6, 6))
Unprotected data: ([datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)], (8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Unprotecting Date String in YYYY-MM-DD Format

The example for using the unprotect API for retrieving the original data string from protected data is described in this section.

Example: Input date string in YYYY-MM-DD format
In the following example, the 2019/01/27 date string that was protected using the SUCCESS_DATE_YYYYMMDD data element, is unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("2019/01/27", "SUCCESS_DATE_YYYYMMDD")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "SUCCESS_DATE_YYYYMMDD")
print("Unprotected date: "+str(unprotected_output))

Result

Protected date: 2028/07/14
Unprotected date: 2019/01/27

Mock Example - Unprotecting Bulk Date Strings in YYYY-MM-DD Format

The example for using the unprotect API for retrieving the original bulk date strings from token data is described in this section.

Example
In the following example, the 2019/01/27 and 2018/04/22 date strings are used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATE_YYYYMMDD data element, and then unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["2019/01/27", "2018/04/22"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_YYYYMMDD")
print("Protected data: "+str(p_out))
unprotected_output = session.unprotect(p_out[0], "SUCCESS_DATE_YYYYMMDD")
print("Unprotected data: "+str(unprotected_output))

Result

Input data: ['2019/01/27', '2018/04/22']
Protected data: (['2028/07/14', '2027/10/08'], (6, 6))
Unprotected data: (['2019/01/27', '2018/04/22'], (8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Reprotecting Date Object in YYYY-MM-DD Format

The example for using the reprotect API for reprotecting date object is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the 2019/01/27 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module. The date object is then protected using the SUCCESS_DATE_YYYYMMDD data element.
The protected input data, the old data element SUCCESS_DATE_YYYYMMDD, and a new data element SUCCESS_REPROTECT_DATE_YYYYMMDD are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data = datetime.strptime("2019/01/27", "%Y/%m/%d").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_YYYYMMDD")
print("Protected date: "+str(p_out))
r_out = session.reprotect(p_out, "SUCCESS_DATE_YYYYMMDD",
 "SUCCESS_REPROTECT_DATE_YYYYMMDD")
print("Reprotected date: "+str(r_out))

Result

Input date as a Date object : 2019-01-27
Protected date: 2028-07-14
Reprotected date: 2036-12-26

Mock Example - Reprotecting Bulk Date Objects in YYYY-MM-DD Format

The example for using the reprotect API for reprotecting bulk date objects is described in this section. The bulk date objects can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the two date strings 2019/01/27 and 2018/04/22 are used as data, which are first converted to date objects using the Python date method of the datetime module. The two date objects are joined together to create a list, which is protected using the SUCCESS_DATE_YYYYMMDD data element.
The protected input data, the old data element SUCCESS_DATE_YYYYMMDD, and a new data element SUCCESS_REPROTECT_DATE_YYYYMMDD are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("2019/01/27", "%Y/%m/%d").date()
data2 = datetime.strptime("2018/04/22", "%Y/%m/%d").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_YYYYMMDD")
print("Protected data: "+str(p_out))
r_out = session.reprotect(p_out[0], "SUCCESS_DATE_YYYYMMDD",
 "SUCCESS_REPROTECT_DATE_YYYYMMDD")
print("Reprotected data: "+str(r_out))

Result

Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2028, 7, 14), datetime.date(2027, 10, 8)], (6, 6))
Reprotected data: ([datetime.date(2036, 12, 26), datetime.date(2036, 3, 21)], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Reprotecting Date String in YYYY-MM-DD Format

The example for using the reprotect API for reprotecting a date in string format is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the 2019/01/27 date string is protected using the SUCCESS_DATE_YYYYMMDD data element.
The protected input data, the old data element SUCCESS_DATE_YYYYMMDD, and a new data element SUCCESS_REPROTECT_DATE_YYYYMMDD are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("2019/01/27", "SUCCESS_DATE_YYYYMMDD")
print("Protected date: "+str(p_out))
r_out = session.reprotect(p_out, "SUCCESS_DATE_YYYYMMDD",
 "SUCCESS_REPROTECT_DATE_YYYYMMDD")
print("Reprotected date: "+str(r_out))

Result

Protected date: 2028/07/14
Reprotected date: 2036/12/26

Mock Example - Reprotecting Bulk Date Strings in YYYY-MM-DD Format

The example for using the reprotect API for reprotecting bulk dates in string format is described in this section. The bulk date strings can be passes as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the two date strings 2019/01/27 and 2018/04/22 are used to create a list, which is protected using the SUCCESS_DATE_YYYYMMDD data element.
The protected input data, the old data element SUCCESS_DATE_YYYYMMDD, and a new data element SUCCESS_REPROTECT_DATE_YYYYMMDD are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["2019/01/27", "2018/04/22"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_YYYYMMDD")
print("Protected data: "+str(p_out))
r_out = session.reprotect(p_out[0], "SUCCESS_DATE_YYYYMMDD",
 "SUCCESS_REPROTECT_DATE_YYYYMMDD")
print("Reprotected data: "+str(r_out))

Result

Input data: ['2019/01/27', '2018/04/22']
Protected data: (['2028/07/14', '2027/10/08'], (6, 6))
Reprotected data: (['2036/12/26', '2036/03/21'], (8, 8))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Date and Time String

The example for using the protect API for protecting the date and time string is described in this section.

If you are providing the input as a Datetime object, then you must use the data element with the tokenization type as Datetime to protect the data.

Example: Input date and time string in YYYY-MM-DD HH:MM:SS MMM format
In the following example, the 2019/01/27 02:34:54.123 date and time string is protected using the SUCCESS_DATETIME data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("2019/01/27 02:34:54.123", "SUCCESS_DATETIME")
print("Protected date: "+str(p_out))

Result

Protected date: 2021/10/27 08:16:34.123000

Mock Example - Protecting Bulk Date and Time Strings

The example for using the protect API for protecting bulk date and time strings is described in this section. The bulk date and time strings can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["2019/01/27 02:34:54.123", "2018/04/22 01:24:35.123"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATETIME")
print("Protected data: "+str(p_out))

Result

Input data: ['2019/01/27 02:34:54.123', '2018/04/22 01:24:35.123']
Protected data: (['2021/10/27 08:16:34.123000', '2021/01/20 07:06:15.123000'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Unprotecting Date and Time String

The example for using the unprotect API for retrieving the original bulk data and time string from protected data is described in this section.

Example: Input date and time string in YYYY-MM-DD HH:MM:SS MMM format
In the following example, the 2019/01/27 02:34:54.123 date and time string that was protected using the SUCCESS_DATETIME data element, is unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("2019/01/27 02:34:54.123", "SUCCESS_DATETIME")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "SUCCESS_DATETIME")
print("Unprotected data: "+str(unprotected_output))

Result

Protected date: 2021/10/27 08:16:34.123000
Unprotected data: 2019/01/27 02:34:54.123000

Mock Example - Unprotecting Bulk Date and Time Strings

The example for using the unprotect API for retrieving the original bulk date and time strings from token data is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["2019/01/27 02:34:54.123", "2018/04/22 01:24:35.123"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATETIME")
print("Protected data: "+str(p_out))
unprotected_output = session.unprotect(p_out[0], "SUCCESS_DATETIME")
print("Unprotected data: "+str(unprotected_output))

Result

Protected data: (['2021/10/27 08:16:34.123000', '2021/01/20 07:06:15.123000'], (6, 6))
Unprotected data: (['2019/01/27 02:34:54.123000', '2018/04/22 01:24:35.123000'], (8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Reprotecting Date and Time String

The example for using the reprotect API for reprotecting date and time string is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Datetime (YYYY-MM-DD HH:MM:SS MMM) data element to protect the data, then you must use only the Datetime (YYYY-MM-DD HH:MM:SS MMM) data element to reprotect the data.

Example: Input date and time in YYYY-MM-DD HH:MM:SS MMM format
In the following example, the 2019/01/27 02:34:54.123 date string is protected using the SUCCESS_DATETIME data element.
The protected input data, the old data element SUCCESS_DATETIME, and a new data element SUCCESS_REPROTECT_DATETIME are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("2019/01/27 02:34:54.123", "SUCCESS_DATETIME")
print("Protected date: "+str(p_out))
r_out = session.reprotect(p_out, "SUCCESS_DATETIME", "SUCCESS_REPROTECT_DATETIME")
print("Reprotected date: "+str(r_out))

Result

Protected date: 2021/10/27 08:16:34.123000
Reprotected date: 2022/06/24 02:27:30.123000

Mock Example - Reprotecting Bulk Date and Time Strings

The example for using the reprotect API for reprotecting bulk date and time strings is described in this section. The bulk date and time strings can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Datetime (YYYY-MM-DD HH:MM:SS MMM) data element to protect the data, then you must use only the Datetime (YYYY-MM-DD HH:MM:SS MMM) data element to reprotect the data.

Example
In the following example, the 2019/01/27 02:34:54.123 and 2018/04/22 01:24:35.123 date and time strings are used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATETIME data element.
The protected input data, the old data element SUCCESS_DATETIME, and a new data element SUCCESS_REPROTECT_DATETIME are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["2019/01/27 02:34:54.123", "2018/04/22 01:24:35.123"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATETIME")
print("Protected data: "+str(p_out))
r_out = session.reprotect(p_out[0], "SUCCESS_DATETIME", "SUCCESS_REPROTECT_DATETIME")
print("Reprotected date: "+str(r_out))

Result

Protected data: (['2021/10/27 08:16:34.123000', '2021/01/20 07:06:15.123000'], (6, 6))
Reprotected date: (['2022/06/24 02:27:30.123000', '2021/09/17 01:17:11.123000'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Encrypting String Data

The example for using the protect API for encrypting string data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example: Input string data
In the following example, the Protegrity1 string is used as the data, which is encrypted using the SUCCESS_ENC data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("Protegrity1", "SUCCESS_ENC", 
 encrypt_to=bytes)
print("Encrypted Data: %s" %output)

Result

Encrypted Data: b'1\x05\n\x07\n\n\x17\x19\x15\nB'

Mock Example - Encrypting Bulk String Data

The example for using the protect API for encrypting bulk string data is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to encrypt the data, then you must must use bytes in the encrypt_to keyword.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data, which is encrypted using the SUCCESS_ENC data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "SUCCESS_ENC",
 encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'\x11\x05\n\x07\n\n\x17\x19\x15\nBE\\F', b'1\x05\n\x07\n\n\x17\x19\x15\nB', b'1\x05\n
\x07\n\n\x17\x19\x15\nFA'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Decrypting String Data

The example for using the unprotect API for decrypting string data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example: Input string data
In the following example, the Protegrity1 string that was encrypted using the SUCCESS_ENC data element is now decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument, and its value is set to str.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("Protegrity1", "SUCCESS_ENC", 
 encrypt_to=bytes)
print("Encrypted Data: %s" %output)
org = session.unprotect(output, "SUCCESS_ENC",
 decrypt_to=str)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b'1\x05\n\x07\n\n\x17\x19\x15\nB'
Decrypted Data: Protegrity1

Mock Example - Decrypting Bulk String Data

The example for using the unprotect API for decrypting bulk string data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data, which is encrypted using the SUCCESS_STR data element. The bulk string data is then decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument, and its value is set to str.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "SUCCESS_STR", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_STR", decrypt_to=str)
print("Decrypted Data: ")
print(out)

Result

Encrypted Data:
([b'pJPqrjJEqLXHaO', b'6JPqrjJEqLX', b'6JPqrjJEqLl5'], (6, 6, 6))
Decrypted Data:
(['protegrity1234', 'Protegrity1', 'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Encrypting Integer Data

The example for using the protect API for encrypting integer data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, 21 is used as the integer data, which is encrypted using the SUCCESS_ENC data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(21, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: %s" %output)

Result

Encrypted Data: b'twes'

Mock Example - Encrypting Bulk Integer Data

The example foe using the protect API for encrypting bulk integer data is described in this section. The bulk integer data can be passed as a list or a tuple.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is encrypted using the SUCCESS_ENC data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [21, 42, 55]
p_out = session.protect(data, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'twes', b'Kwes', b'Vwes'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Decrypting Integer Data

The example for using the unprotect API for decrypting integer data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, the integer data 21 that was encrypted using the SUCCESS_ENC data element is now decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument, and its value is set to int.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(21, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: %s" %output)
org = session.unprotect(output, "SUCCESS_ENC", decrypt_to=int)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b'twes'
Decrypted Data: 21

Mock Example - Decrypting Bulk Integer Data

The example for using the unprotect API for decrypting bulk integer data is described in this section.

If you want to encrypt the data,then you must use bytes in the encrypt_to keyword.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is encrypted using the SUCCESS_ENC data element. The bulk integer data is then decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument, and its value is set to int.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [21, 42, 55]
p_out = session.protect(data, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_ENC", decrypt_to=int)
print("Decrypted Data: ")
print(out)

Result

Encrypted Data:
([b'twes', b'Kwes', b'Vwes'], (6, 6, 6))
Decrypted Data:
([21, 42, 55], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Encrypting Long Data

The example for uisng the protect API for encrypting long data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, 1376235139103947 is used as the long data, which is encrypted using the SUCCESS_ENC data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(1376235139103947, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: %s" %output)

Result

Encrypted Data: b'\xaa\x8b\xf2\xc5\xc2\x8eap'

Mock Example - Encrypting Bulk Long Data

The example for using the protect API for encrypting bulk long data is described in this section. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is encrypted using the SUCCESS_ENC data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'\xaa\x8b\xf2\xc5\xc2\x8eap', b'<\x82\x98R2\xeemp', b'\xb8\xd5W\ny&Dp'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Decrypting Long Data

The example for using the unprotect API for decrypting long data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, the long data 1376235139103947 that was encrypted using the SUCCESS_ENC data element is now decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument, and its value is set to long.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(1376235139103947, "SUCCESS_ENC", encrypt_to=bytes)
Confidential 282
Protegrity APIs, UDFs, Commands Reference Guide 9.1.0.0 Application Protector
print("Encrypted Data: %s" %output)
org = session.unprotect(output, "SUCCESS_ENC", decrypt_to=int)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b'\xaa\x8b\xf2\xc5\xc2\x8eap'
Decrypted Data: 1376235139103947

Mock Example - Decrypting Bulk Long Data

The example for using the unprotect API for decrypting bulk long data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is encrypted using the SUCCESS_ENC data element. The bulk long data is then decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument, and its value is set to long.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_ENC", decrypt_to=int)
print("Decrypted Data: ")
print(out)

Result

Encrypted Data:
([b'\xaa\x8b\xf2\xc5\xc2\x8eap', b'<\x82\x98R2\xeemp', b'\xb8\xd5W\ny&Dp'], (6, 6, 6))
Decrypted Data:
([1376235139103947, 2396235839173981, 9371234126176985], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Encrypting Float Data

The example for using the protect API for encrypting float data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, 22.5 is used as the float data, which is encrypted using the SUCCESS_ENC data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(22.5, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: %s" %output)

Result

Encrypted Data: b'SEKF'

Mock Example - Encrypting Bulk Float Data

The example for using the protect API for encrypting bulk float data is described in this section. The bulk float data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is encrypted using the SUCCESS_ENC data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'SEKF', b'UOKJ\\', b'XCK@^'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Decrypting Float Data

The example for using the unprotect API for decrypting float data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example

In the following example, the float data 22.5 that was encrypted using the SUCCESS_ENC data element is now decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to float.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(22.5, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: %s" %output)
org = session.unprotect(output, "SUCCESS_ENC", decrypt_to=float)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b'SEKF'
Decrypted Data: 22.5

Mock Example - Decrypting Bulk Float Data

The example for using the unprotect API for decrypting bulk float data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is encrypted using the SUCCESS_ENC data element. The bulk float data is then decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to float.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_ENC", decrypt_to=float)
print("Decrypted Data: ")
print(out)

Result

Encrypted Data: 
([b'SEKF', b'UOKJ\\', b'XCK@^'], (6, 6, 6))
Decrypted Data: 
([22.5, 48.93, 94.31], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Encrypting Bytes Data

The example for using the protect API for encrypting bytes data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "SUCCESS_BYTE", encrypt_to=bytes)
print("Encrypted Data: %s" %p_out)

Result

Encrypted Data: b'6JPqrjJEqLX'

Mock Example - Encrypting Bulk Bytes Data

The example for using the protect API for encrypting bulk bytes data is described in this section. The bulk bytes data can be passes as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=[bytes("Protegrity1")]*5
p_out = session.protect(data, "SUCCESS_BYTE", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'6JPqrjJEqLX', b'6JPqrjJEqLX', b'6JPqrjJEqLX', b'6JPqrjJEqLX', b'6JPqrjJEqLX'], (6,
 6, 6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Decrypting Bytes Data

The example for using the protect API for decrypting bytes data is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "SUCCESS_BYTE", encrypt_to=bytes)
print("Encrypted Data: %s" %p_out)
org = session.unprotect(p_out, "SUCCESS_BYTE", decrypt_to=bytes)
print("Decrypted Data: %s" org)

Result

Encrypted Data: b'6JPqrjJEqLX'
Decrypted Data: %s b'Protegrity1'

Mock Example - Decrypting Bulk Bytes Data

The example for using the protect API for encrypting bulk bytes data is described in this section. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=[bytes("Protegrity1")]*5
p_out = session.protect(data, "SUCCESS_BYTE", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
org = session.unprotect(p_out[0], "SUCCESS_BYTE", decrypt_to=bytes)
print("Decrypted Data: ")
print(org)

Result

Encrypted Data:
([b'6JPqrjJEqLX', b'6JPqrjJEqLX', b'6JPqrjJEqLX', b'6JPqrjJEqLX', b'6JPqrjJEqLX'], (6,
 6, 6, 6, 6))
Decrypted Data:
([b'Protegrity1', b'Protegrity1', b'Protegrity1', b'Protegrity1', b'Protegrity1'], (8,
 8, 8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Re-encrypting Bytes Data

The example for using the reprotect API for re-encrypting bytes data is described in this section.

Example
In the following example, Protegrity1 string is first converted to bytes using the Python bytes() method. The bytes data is then encrypted using the SUCCESS_BYTE data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.
The protected input data, the old data element SUCCESS_BYTE, and a new data element SUCCESS_REPROTECT_BYTE are then passed as inputs to the reprotect API. The reprotect API first decrypts the protected input data using the old data element and then re-encrypts it using the new data element, as part of a single reprotect operation. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "SUCCESS_BYTE", encrypt_to=bytes)
print("Encrypted Data: %s" %p_out)
r_out = session.reprotect(p_out, "SUCCESS_BYTE", "SUCCESS_REPROTECT_BYTE",
 encrypt_to=bytes)
print("Re-encrypted Data: %s" %r_out)

Result

Encrypted Data: b'6JPqrjJEqLX'
Re-encrypted Data: b'JQbePhQ2eGC'

Mock Example - Re-Encrypting Bulk Bytes Data

The example for using the reprotect API for re-encrypting bulk bytes data is described in this section. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, Protegrity1 string is first converted to bytes using the Python bytes() method. The bytes data is then repeated five times in a list and used as bulk data, which is encrypted using the SUCCESS_BYTE data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.
The encrypted input data, the old data element SUCCESS_BYTE, and a new data element SUCCESS_REPROTECT_BYTE are then passed as inputs to the reprotect API. The reprotect API first decrypts the protected input data using the old data element and then re-encrypts it using the new data element, as part of a single reprotect operation. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=[bytes("Protegrity1")]*5
p_out = session.protect(data, "SUCCESS_BYTE", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_BYTE", "SUCCESS_REPROTECT_BYTE",
 encrypt_to=bytes)
print("Re-encrypted Data: ")
print(r_out)

Result

Encrypted Data:
([b'6JPqrjJEqLX', b'6JPqrjJEqLX', b'6JPqrjJEqLX', b'6JPqrjJEqLX', b'6JPqrjJEqLX'], (6,
 6, 6, 6, 6))
Re-encrypted Data:
([b'JQbePhQ2eGC', b'JQbePhQ2eGC', b'JQbePhQ2eGC', b'JQbePhQ2eGC', b'JQbePhQ2eGC'], (6,
 6, 6, 6, 6))

Using sample data elements for simulating auxiliary API scenarios

The examples on how to use the sample data elements for simulating the following auxiliary API scenarios are described in this section:

• Checking access permissions with success output
• Checking access permissions with failure output

In the mock implementation, you must pass the ALL_USER user name as an argument to the create_session API for creating a session.

Mock Example - Success Scenario for Checking Access Permissions

This example describes the success scenario on checking the access permission status of the user for a specified data element.

Example
In the following example, the check_access API returns True when you check the permission of User1 for protecting the data using the SUCCESS_CHECK_ACCESS data element.

from appython import Protector
from appython import CheckAccessType
protector = Protector()
session = protector.create_session("ALL_USER")
print(session.check_access("SUCCESS_CHECK_ACCESS", CheckAccessType.PROTECT))

Result

True

Mock Example - Failure Scenario for Checking Access Permissions

This example describes the failure scenario on checking the access permission status of the user for a specified data element.

Example
In the following example, the check_access API returns True when you check the permission of User1 for protecting the data using the FAIL_CHECK_ACCESS data element.

from appython import Protector
from appython import CheckAccessType
protector = Protector()
session = protector.create_session("ALL_USER")
print(session.check_access("FAIL_CHECK_ACCESS", CheckAccessType.PROTECT))

Result

False

Using sample data elements for simulating error scenarios

The examples on how to use the sample data elements for simulating the error scenarios while protecting, unprotecting, and reprotecting the data are described in this section.

In the mock implementation, you must pass the ALL_USER user name as an argument to the create_session API for creating a session.

Mock Example - Invalid User Exception

The examples for the scenario if a user who is not defined in a policy is used to protect single or bulk data are described in this section.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the EXCEPTION_INVALID_USER data element.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("ALL_USER")
try:
 output = session.protect("Protegrity1", "EXCEPTION_INVALID_USER")
 print("protect: "+output)
except ProtectError as error:
 print(error)

Result

1, The username could not be found in the policy in shared memory.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "EXCEPTION_INVALID_USER")
print(output)

Result

([None, None, None, None, None], ('1', '1', '1', '1', '1'))

Mock Example - Invalid Data Element Exception

The examples for the scenario if a data element that is not defined in a policy is used to protect single or bulk data are described in this section.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the EXCEPTION_INVALID_DE data element.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
Confidential 291
Protegrity APIs, UDFs, Commands Reference Guide 9.1.0.0 Application Protector
session = protector.create_session("ALL_USER")
try:
 output = session.protect("Protegrity1", "EXCEPTION_INVALID_DE")
 print("protect: "+output)
except ProtectError as error:
 print(error)

Result

2, The data element could not be found in the policy in shared memory.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "EXCEPTION_INVALID_DE")
print(output)

Result

([None, None, None, None, None], ('2', '2', '2', '2', '2'))

Mock Example - External Tweak is Null

The examples for the scenario if a null external tweak is used to protect single or bulk data are described in this section.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the EXCEPTION_TWEAK_IS_NULL data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
try:
 output = session.protect("Protegrity1", "EXCEPTION_TWEAK_IS_NULL")
 print("protect: "+output)
except ProtectError as error:
 print(error)

Result

4, Tweak is null.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "EXCEPTION_TWEAK_IS_NULL")
print(output)

Result

([None, None, None, None, None], ('4', '4', '4', '4', '4'))

Mock Example - Data Too Short

The examples for the scenario if the data to be protected or unprotected is too short are described in this section.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the DATA_TOO_SHORT data element.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("ALL_USER")
try:
 output = session.protect("Protegrity1", "DATA_TOO_SHORT")
 print("protect: "+output)
except ProtectError as error:
 print(error)

Result

22, Data is too short to be protected/unprotected.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "DATA_TOO_SHORT")
print(output)

Result

([None, None, None, None, None], ('22', '22', '22', '22', '22'))

Mock Example - Long User Name

The examples for the scenario if the name of the user, who is protecting or unprotecting the data, is too long are described in this section.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the USER_TOO_LONG data element.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("ALL_USER")
try:
 output = session.protect("Protegrity1", "USER_TOO_LONG")
 print("protect: "+output)
except ProtectError as error:
Confidential 293
Protegrity APIs, UDFs, Commands Reference Guide 9.1.0.0 Application Protector
 print(error)

Result

25, Username too long.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "USER_TOO_LONG")
print(output)

Result

([None, None, None, None, None], ('25', '25', '25', '25', '25'))

Mock Example - Unsupported Algorithm

The examples for the scenario if the protection method used to protect the data is not supported by the API are described in this section.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the EXCEPTION_UNSUPPORTED_ALGORITHM data element.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("ALL_USER")
try:
 output = session.protect("Protegrity1", "EXCEPTION_UNSUPPORTED_ALGORITHM")
 print("protect: "+output)
except ProtectError as error:
 print(error)

Result

26, Unsupported algorithm or unsupported action for the specific data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "EXCEPTION_UNSUPPORTED_ALGORITHM")
print(output)

Result

([None, None, None, None, None], ('26', '26', '26', '26', '26'))

Mock Example - Empty Policy

The examples for the scenario if the data is protected without the policy being present in shared memory are described in this section.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the EMPTY_POLICY data element.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("ALL_USER")
try:
 output = session.protect("Protegrity1", "EMPTY_POLICY")
 print("protect: "+output)
except ProtectError as error:
 print(error)

Result

31, Policy not available.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "EMPTY_POLICY")
print(output)

Result

([None, None, None, None, None], ('31', '31', '31', '31', '31'))

Mock Example - Invalid Input

The examples for the scenario if the data to be protected is invalid are described in this section.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the INPUT_NOT_VALID data element.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("ALL_USER")
try:
 output = session.protect("Protegrity1", "INPUT_NOT_VALID")
 print("protect: "+output)
except ProtectError as error:
 print(error)

Result

44, The content of the input data is not valid.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "INPUT_NOT_VALID")
print(output)

Result

([None, None, None, None, None], ('44', '44', '44', '44', '44'))

Mock Example - Reprotecting Data with Heterogenous Data Elements

This example describes the error when the new data element used to reprotect the data does not have the same tokenization type or the protection method as that of the old data element.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the SUCCESS_STR data element.
The protected input data, the old data element SUCCESS_STR, and a new data element REPROTECT_HETERO_STR are then passed as inputs to the reprotect API. The reprotect API returns an error as the old and new data elements do not have the same tokenization type or the protection method.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("Protegrity1", "SUCCESS_STR" )
try:
 org = session.reprotect(output, "SUCCESS_STR", "REPROTECT_HETERO_STR" )
 print("Reprotected data: "+org)
except Exception as error:
 print(error)

Result

26, Unsupported algorithm or unsupported action for the specific data element.

Example: Bulk Data
In the following example, the Protegrity1 string is repeated five times in a list, which is used as the input bulk data. The input data is being protected using the SUCCESS_STR data element.
The protected input data, the old data element SUCCESS_STR, and a new data element REPROTECT_HETERO_STR are then passed as inputs to the reprotect API. The reprotect API returns an error as the old and new data elements do not have the same tokenization type or the protection method.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=["Protegrity1"]*5
output = session.protect(data, "SUCCESS_STR" )
try:
 org = session.reprotect(output[0], "SUCCESS_STR", "REPROTECT_HETERO_STR" )
 print("Reprotected data:")
 print(org)
except Exception as error:
 print(error)

Result

26, Unsupported algorithm or unsupported action for the specific data element.

Using sample users for simulating error scenarios

The examples on how to use sample users for simulating the user-related error scenarios while protecting, unprotecting, and reprotecting the data are described in this section.

Mock Example - No Protect User

The examples for the scenario in which a user does not have privileges to protect data are described in this section.

Example: Single Data
In the following example, the NO_PROTECT_USER user is used to try and protect the Protegrity1 string using the SUCCESS_STR data element.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("NO_PROTECT_USER")
try:
 output = session.protect("Protegrity1", "SUCCESS_STR")
 print("Protected data: "+output)
except ProtectError as error:
 print(error)

Result

3, The user does not have the appropriate permissions to perform the requested  operation.

Example: Bulk Data
In the following example, the Protegrity1 string is repeated five times in a list, which is used as the input bulk data. The NO_PROTECT_USER is used to try and protect the input data using the SUCCESS_STR data element.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("NO_PROTECT_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "SUCCESS_STR")
print(output)

Result

([None, None, None, None, None], ('3', '3', '3', '3', '3'))

Mock Example - No Reprotect User

The examples for the scenario in which a user does not have privileges to reprotect data are described in this section.

Example: Single Data
In the following example, the NO_REPROTECT_USER user is used to try and reprotect the Protegrity1 string using the SUCCESS_REPROTECT_STR data element.

from appython import Protector
from appython.exceptions import ReprotectError
protector = Protector()
session = protector.create_session("NO_REPROTECT_USER")
try:
 org = session.reprotect("Protegrity1", "SUCCESS_STR", "SUCCESS_REPROTECT_STR")
 print("reprotect: " + org)
except ReprotectError as e:
 print(e)

Result

3, The user does not have the appropriate permissions to perform the requested operation.

Example: Bulk Data
In the following example, the Protegrity1 string is repeated five times in a list, which is used as the input bulk data. The NO_REPROTECT_USER is used to try and reprotect the input data using the SUCCESS_REPROTECT_STR data element.

from appython import Protector
from appython.exceptions import ReprotectError
protector = Protector()
session = protector.create_session("NO_REPROTECT_USER")
data = ["Protegrity1"]*5 
org = session.reprotect(data, "SUCCESS_STR", "SUCCESS_REPROTECT_STR")
print(org)

Result

([None, None, None, None, None], ('3', '3', '3', '3', '3'))

Mock Example - No Unprotect Null User

The examples for the scenario in which a user does not have privileges to unprotect data are described in this section. In this case, if the user tries to unprotect the data, then the unprotect API returns a null value.

Example: Single Data
In the following example, the NO_UNPROTECT_NULL_USER user is first used to protect the Protegrity1 string using the SUCCESS_STR data element. Then, the NO_UNPROTECT_NULL_USER user is used to try and unprotect the protected input data using the same data element. However, the user is unable to unprotect the data and the API returns a null value.

from appython import Protector
from appython.exceptions import UnprotectError
protector = Protector()
session = protector.create_session("NO_UNPROTECT_NULL_USER")
p_out = session.protect("Protegrity1", "SUCCESS_STR")
print("Protected data: " + p_out)
org = session.unprotect(p_out, "SUCCESS_STR")
print("Unprotected data: ")
print(org)

Result

Protected data: lSvH5dvO5l5vvH5zvOvzaX
Unprotected data: None

Example: Bulk Data
In the following example, the Protegrity1 string is repeated five times in a list, which is used as the input bulk data. The NO_UNPROTECT_NULL_USER user is first used to protect the input data using the SUCCESS_STR data element. Then, the NO_UNPROTECT_NULL_USER user is used to try and unprotect the protected input data using the same data element.

from appython import Protector
from appython.exceptions import UnprotectError
protector = Protector()
session = protector.create_session("NO_UNPROTECT_NULL_USER")
data = ["Protegrity1"]*5 
p_out = session.protect(data, "SUCCESS_STR")
print("Protected data: ")
print(p_out)
org = session.unprotect(p_out[0], "SUCCESS_STR")
print("Unprotected data: ")
print(org)

Result

Protected data: 
(['lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX',
 'lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX'], (6, 6, 6, 6, 6))
Unprotected data: 
([None, None, None, None, None], ('3', '3', '3', '3', '3'))

Mock Example - No Unprotect Exception User

The example for the scenario in which a user does not have privileges to unprotect data are described in this section. In this case, if the user tries to unprotect the data, then the unprotect API throws an exception.

from appython import Protector
from appython.exceptions import UnprotectError
protector = Protector()
session = protector.create_session("NO_UNPROTECT_EXC_USER")
p_out = session.protect("Protegrity1", "SUCCESS_STR")
print("Protected data: " + p_out)
try:
 org = session.unprotect(p_out, "SUCCESS_STR")
 print("Unprotected data: " + org)
except UnprotectError as e:
 print(e)

Result

Protected data: lSvH5dvO5l5vvH5zvOvzaX
3, The user does not have the appropriate permissions to perform the requested operation.

from appython import Protector
from appython.exceptions import UnprotectError
protector = Protector()
session = protector.create_session("NO_UNPROTECT_EXC_USER")
data = ["Protegrity1"]*5 
p_out = session.protect(data, "SUCCESS_STR")
print("Protected data: ")
print(p_out)
org = session.unprotect(p_out[0], "SUCCESS_STR")
print("Unprotected data: ")
print(org)

Result

Protected data: 
(['lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX',
 'lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX'], (6, 6, 6, 6, 6))
Unprotected data: 
([None, None, None, None, None], ('3', '3', '3', '3', '3'))

Mock Example - No Unprotect Protected User

Example: Single Data
In the following example, the NO_UNPROTECT_PROTECTED_USER user is first used to protect the Protegrity1 string using the SUCCESS_STR data element. Then, the NO_UNPROTECT_NULL_USER user is used to try and unprotect the protected input data using the same data element. However, the user is unable to unprotect the data, and the API returns the protected input data.

from appython import Protector
from appython.exceptions import UnprotectError
protector = Protector()
session = protector.create_session("NO_UNPROTECT_PROTECTED_USER")
p_out = session.protect("Protegrity1", "SUCCESS_STR")
print("Protected data: " + p_out)
org = session.unprotect(p_out, "SUCCESS_STR")
print("Unprotected data: " + org)

Result

Protected data: lSvH5dvO5l5vvH5zvOvzaX
Unprotected data: lSvH5dvO5l5vvH5zvOvzaX

Example: Bulk Data
In the following example, the Protegrity1 string is repeated five times in a list, which is used as the input bulk data. The NO_UNPROTECT_PROTECTED_USER user is first used to protect the input data using the SUCCESS_STR data element. Then, the NO_UNPROTECT_PROTECTED_USER user is used to try and unprotect the protected input data using the same data element.

from appython import Protector
from appython.exceptions import UnprotectError
protector = Protector()
session = protector.create_session("NO_UNPROTECT_PROTECTED_USER")
data = ["Protegrity1"]*5 
p_out = session.protect(data, "SUCCESS_STR")
print("Protected data: ")
print(p_out)
org = session.unprotect(p_out[0], "SUCCESS_STR")
print("Unprotected data: ")
print(org)

Result

Protected data: 
(['lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX',
 'lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX'], (6, 6, 6, 6, 6))
Unprotected data: 
(['lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX',
 'lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX'], (3, 3, 3, 3, 3))

Mock Example - No User

The examples for the scenario in which a user has not been defined in the security policy are described in this section.

Example: Single Data
In the following example, the NO_USER user is used to try and protect the Protegrity1 string using the SUCCESS_STR data element. However, the user is unable to perform the requested operation because the user has not been defined in the security policy.

from appython import Protector
from appython.exceptions import ProtectError, ReprotectError, UnprotectError
protector = Protector()
session = protector.create_session("NO_USER")
try:
 output = session.protect("Protegrity1", "SUCCESS_STR")
 print("Protected data: " + output)
except ProtectError as e:
 print(e)

Result

1, The username could not be found in the policy.

Example: Bulk Data
In the following example, the Protegrity1 string is repeated five times in a list, which is used as the input bulk data. The NO_USER user is used to try and protect the Protegrity1 string using the SUCCESS_STR data element. However, the user is unable to perform the requested operation because the user has not been defined in the security policy.

from appython import Protector
from appython.exceptions import ProtectError, ReprotectError, UnprotectError
protector = Protector()
session = protector.create_session("NO_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "SUCCESS_STR")
print(output)

Result

([None, None, None, None, None], ('1', '1', '1', '1', '1'))

2.6.1 - Using the AP Python APIs

Sample application for the AP Python

The process to use the AP Python protect, unprotect, and reprotect methods is described in this section.

It is assumed that the ESA is already available.

The tasks can be divided in the following order.

Create the data elements and data store in the Policy Management on the ESA Web UI.
Create the member sources and roles.
Configure the policy.
Configure the trusted application.
Add a trusted application to the data store.
Install the AP Python.
Run the sample application.

Creating a Data Element and Data Store

Create a data element and data store in the ESA by performing the following.

Before you run the application, decide on how you would like to protect the data – using encryption or tokenization.Protection and unprotection methods are available for both.

To create a data element, from the ESA Web UI, navigate to Policy Management → Data Elements & Masks → Data Elements. For more information about creating data elements, refer to Working With Data Elements.
To create a data store, navigate to Policy Management → Data Stores. For more information about creating data stores, refer to Creating a Data Store.

Creating a Member Source and Role

Create a member source and role in the ESA by performing the following.

To create a member source, from the ESA Web UI, navigate to Policy Management → Roles & Member Sources → Member Sources.
For more information about creating a member source, refer to Working With Member Sources.
To create a role, from the ESA Web UI, navigate to Policy Management → Roles & Member Sources → Roles.
For more information about creating a role, refer to Creating a Role.

Configuring a Policy

Configure a policy in the ESA by performing the following.

From the ESA Web UI, navigate to Policy Management → Policies & Trusted Applications → Policies.
Click Add New Policy.
The New Policy screen appears.
After the policy is configured for the application user, add the permissions, data elements, roles, and data stores to the policy and then save it.
Deploy the policy using the Policy Management Web UI.

For more information about creating a data security policy, refer to Creating Policies.

Configuring a Trusted Application

Only the applications and users configured as trusted applications under the ESA security policy can access the AP APIs.
If a policy is deployed but the application or the user is not trusted, then the AP aborts with the following message while performing the protect or unprotect operations:
API consumer is not part of the trusted applications, please contact the Security Officer

Configure a trusted application in the ESA by performing the following.

From the ESA Web UI, navigate to Policy Management → Policies & Trusted Applications → Trusted Application.
Create a trusted application.
Deploy the trusted application using the Policy Management Web UI.

For more information about trusted applications, refer to Working With Trusted Applications.

Adding a Trusted Application to Data Store

Add a trusted application to data store by performing the following.

From the ESA Web UI, navigate to Policy Management → Data Stores.
The list of all the data stores appear.
Select the required data store.
The screen to edit the data store appears.
Under the Trusted Applications tab, click Add.
The screen to add the trusted application appears.
Select the required trusted application and click Add.
Select the required policy and deploy it using the Policy Management Web UI.

For more information about adding a trusted application to data store, refer to Linking Data Store to a Trusted Application.

Installing the AP Python

Install the AP Python by performing the following steps.

To install the AP Python, refer to Application Protector Python Installation.
Verify if the AP Python is successfully installed by performing the following.
a. Initialize the AP Python.
For more information about the AP Python initialization API, refer to Initialize the protector.
b. Run the get_version method using the following command to check the version of the installed AP Python.
The following is a sample code to check the version number of the installed AP Python.
```
 from appython import Protector
 protector = Protector()
 print(protector.get_version())
```
c. Save the sample code and name it .py. d. Run the command python .py to know the version of the installed AP Python.

Running the AP Python APIs

After setting up the policy and trusted application, you can begin testing the AP Python APIs for protection, unprotection, and reprotection.

For more information about the AP Python APIs, refer to Application Protector Python APIs.

For more information about the AP Python return codes, refer to Application Protector API Return Codes.

The following represents a sample AP Python application for performing the protect, unprotect, and reprotect operations.

from appython import Protector
if __name__ == "__main__":

    # Initialize the protector
    protector = Protector()

    # Create session with policy user
    session = protector.create_session("USER1")

    # Protect operation
    p_out = session.protect("Protegrity1", "TE_AN_SLT13_L0R0_N")
    print("Protected Data: %s" %p_out)

    # Reprotect operation
    r_out = session.reprotect(p_out, "TE_AN_SLT13_L0R0_N", "TE_AN_SLT13_L0R0_N")
    print("Reprotected Data: %s" %r_out)

    # Unprotect operation
    org = session.unprotect(r_out, "TE_AN_SLT13_L0R0_N")
    print("Unprotected Data: %s" %org)

2.7 - Additional Topics

Learn about the AP Python documentation with advanced operational insights and platform-specific guidance.

This section expands the core Application Protector (AP) Python documentation.

Uninstalling AP Python on Linux involves removing binaries, configuration files, and dependencies.
Understanding AP Python’s memory footprint is critical for performance tuning and resource allocation.
Understanding the installation of AP Python on Linux in a development environment.

2.7.1 - Memory Usage of the AP Python

The memory usage in the AP Python for different policy sizes with a sample.

The memory used for the different policy sizes using a sample python application is described in this section.

Sample application

The following is a sample python application.

from appython import Protector
if __name__ == "__main__":

    # Initialize the protector
    protector = Protector()

    # Create session with policy user
    session = protector.create_session("USER1")

    # Protect operation
    p_out = session.protect("Protegrity1", "TE_AN_SLT13_L0R0_N")
    print("Protected Data: %s" %p_out)

    # Reprotect operation
    r_out = session.reprotect(p_out, "TE_AN_SLT13_L0R0_N", "TE_AN_SLT13_L0R0_N")
    print("Reprotected Data: %s" %r_out)

    # Unprotect operation
    org = session.unprotect(r_out, "TE_AN_SLT13_L0R0_N")
    print("Unprotected Data: %s" %org)

Expected memory usage

The process to find the policy size and expected memory usage for different policy sizes used by the python application is described in this section.

To find the policy size:

On Insights dashboard, under the Discover section, navigate to the troubleshooting index.
Search using the process.module.keyword: coreprovider filter.
Navigate to the logs with description as Policy successfully loaded. The additional_info.memoryUsed field depicts the policy size.

Memory Usage

The following is the expected memory usage for different policy sizes used by the python application.

Policy size	Process memory consumption
13 MB	42 MB
38 MB	89 MB
536 MB	979 MB

The process memory increases substantially for a few milliseconds when the application is running in the following cases:
The policy is replaced with another policy
Changes are made in the current policy

Conclusion

The results for memory required by various policy sizes using the sample python application can be used to determine the memory requirements of the Python application. The results are based on memory usage of a single instance of python processes. The results exclude LogForwarder and RP Agent.

2.7.2 - Setting Up AP Python on Linux in a Development Environment

Learn about installating AP Python on Linux in a development environment.

The steps to set up the AP Python on a Linux platform in a development environment are described in the section.

Verifying prerequisites

Ensure that the following prerequisites are met:

Python 3, version from 3.7 to 3.11, must be installed on the machine.
Latest version of pip, the Python package manager, must be installed.

Extracting the AP Python installation package

To set up the AP Python on the Linux platform in development environment.

Download the ApplicationProtector_Linux-ALL-64_x86-64_PY-3.11_\<version>.tgz file to any location on the machine where you want to install the protector.
Extract the AP Python installation package using the following command.
```
tar –xvf ApplicationProtector_Linux-ALL-64_x86-64_PY-3.11_<version>.tgz
```
The following setup files are extracted:
- LogforwarderSetup_Linux_x64_\<version>.sh
- RPAgentSetup_Linux_x64_\<version>.sh
- APPythonSetup_Linux_x64_\<version>.sh
- APPythonDevSetup_Linux_x64_\<version>.tar

Installing AP Python in a Development Environment

Run the following script to install AP Python in a development environment.
```
pip install APPythonDevSetup_Linux_x64_<version>.tar
```
This installs the AP Python in the development environment on the Linux platform. The default installation directory for the Linux platform is /usr/local/lib/python<version>/site-packages.
Verify that the following directories are created in the AP Python site-packages installation directory:
- appython
- mocks
- pypepprovider
To verify the version of the AP Python, run the following command:
```
pip list
```
The name and version of the installed AP Python package are displayed on the console.
```
appython-dev 10.0.0+x
```
For information on how to use the AP Python APIs in a development environment, refer to Using AP Python in a development environment.
Perform the following steps to access the AP Python Pydoc, which contains the API documentation.
- Run the following command to extract the AP Python setup file:
```
tar –xvf APPythonDevSetup_Linux_x64_<version>.tar
```
  The appython_dev-<version> directory is extracted.
- Navigate to the appython_dev-<version>\docs\ directory.
- Open the index.html file in a browser to access the AP Python Pydoc.
If you are setting up the AP Python in a virtual Linux environment, then convert the appython_dev-<version>\docs\ directory to a zip file and download it locally. You can then open the index.html file in a browser to access the AP Python Pydoc.

Uninstalling AP Python from the Development Environment

To uninstall the AP Python from the development environment:

Login to the machine where AP Python is installed.
Uninstall the AP Python by running the following command.
```
pip uninstall appython-dev
```

2.7.3 - DevOps Approach for Application Protector Python

The DevOps approach for package deployment.

The DevOps approach enables immutable package deployment. It uses a REST API call to download packages from the ESA in an encrypted format.

Note: The RP Agent should not be installed for immutable package deployments using DevOps.

For more information about package deployment approaches, refer to Resilient Package Deployment.

A REST API call is used to download the package on your local machine. Configure the package path in the config.ini file within the DevOps section and the decryptor class.

DevOps approach architecture

A REST API call is used to download the policy from the ESA in an envelop encrypted format. A public key is created using a Key Management System (KMS) or Hardware Security Module (HSM). This public key must be passed to the REST API.

The ESA generates a JSON file for the package with policy.
The encrypted DEK needs to be decrypted to perform the security operations. A Decryptor class is implemented using the Decryptor interface, to decrypt the Data Encryption Key (DEK) using a private key.

Before you begin

Ensure the following prerequisites are met:

The installation of the RP Agent is not required for immutable package deployment using the DevOps approach.
The decryptor parameter must have a fully qualified name of the decryptor class.
A Decryptor class needs to be implemented using the Decryptor interface, which decrypts the Data Encryption Key (DEK) using a private key. It returns the decrypted DEK in bytes.
For more information on the decryptor interface of AP Java, refer to Configuring the Decryptor interface.
For more information on the decryptor interface of AP Python, refer to Configuring the Decryptor interface.
The data store is properly configured before exporting your Application Protector policy. Define allowed servers for seamless policy deployment and secure access control.
For more information about configuring a data store, refer to -
- Creating a Data Store
- Adding Allowed Servers for the Data Store

AP Python

Using the DevOps approach

Perform the following steps to use the DevOps approach for immutable package deployment.

Add the [devops] parameter in the config.ini file.
Ensure the decryptor class has a fully qualified domain name.

[devops]
package.path = /path/to/policyFile
decryptor.path = /path/to/decryptorClassFile
decryptor.class = decryptorClassName

The following is an example for adding the [devops] parameter in the config.ini file.

[devops]
package.path = /opt/policies/test.json
decryptor.path = /opt/protegrity/sdk/python/lib/RSADecryptor.py
decryptor.class = RSADecryptor

Note: For ESA 10.2.0 and later, Application Protector DevOps must use the Encrypted Resilient Package REST APIs using GET method. The legacy Export API using POST method is deprecated and not supported for Teams (PPC). The deprecated API remains supported only for the Enterprise edition for backward compatibility.
For more information about exporting Resilient Package using POST method for 10.0.1 and 10.1.0 ESA, refer to Using the Encrypted Resilient Package REST APIs.

For more information about exporting Resilient Package using GET method for 10.2 ESA, refer to Using the Encrypted Resilient Package REST APIs.

For more information about exporting Resilient Package using GET method for PPC, refer to Using the Encrypted Resilient Package REST APIs.

Sample code for DevOps approach

The sample code for DevOps approach for various Application Protectors using different cloud platforms is provided in this section.

DevOps approach for AP Python

The sample code for DevOps approach for the AP Python using different cloud platforms is provided in this section.

Configuring the Decryptor interface

The following is a sample code for implementing the DEKDecryptor interface.

from abc import ABC, abstractmethod

class DEKDecryptor(ABC):
   @abstractmethod
   def decrypt(self,keylabel:str,algorithm_id:str,enc_dek:bytes) -> bytes:
      """
      Provides keyLabel,algorithmID and encDEK
      """

Using AWS

The following is a sample implementation using the private key from AWS KMS.

import logging
import boto3
from botocore.exceptions import ClientError
from pycoreprovider.utils.DEKDecryptor import DEKDecryptor


logger = logging.getLogger(__name__)

class KeyDecrypt:
    def __init__(self, kms_client):
        self.kms_client = kms_client

    @classmethod
    def from_client(cls) -> "KeyDecrypt":
        """
        Creates a KeyDecrypt instance with a default KMS client.

        :return: An instance of KeyDecrypt initialized with the default KMS client.
        """
        kms_client = boto3.client("kms",region_name="us-east-1")
        return cls(kms_client)


    def decrypt(self, key_id: str, cipher_text: bytes) -> bytes:
        """
        Decrypts text previously encrypted with a key.

        :param key_id: The ARN or ID of the key used to decrypt the data.
        :param cipher_text: The encrypted text to decrypt.
        :return: The decrypted text.
        """
        try:
            return self.kms_client.decrypt(KeyId=key_id, CiphertextBlob=cipher_text,EncryptionAlgorithm="ALGORITHM_NAME")[
                "Plaintext"
            ]
        except ClientError as err:
            logger.error(
                "Couldn't decrypt your ciphertext. Here's why: %s",
                err.response,
            )
            raise



class AWSKMSDecryptor(DEKDecryptor):
    def decrypt(self,keyLabel,algorithmID,encDek):
        key_decrypt = KeyDecrypt.from_client()
        return key_decrypt.decrypt("key:arn",encDek)

Using Azure

The following is a sample implementation using the private key from Azure Key Vault.

from azure.identity import DefaultAzureCredential
from azure.keyvault.keys.crypto import CryptographyClient, EncryptionAlgorithm
from pycoreprovider.utils.DEKDecryptor import DEKDecryptor

"""
Sample Decryptor class for decrypting the encrypted DEK using Azure Key Vault

[Azure Prerequisite]
* Install azure cli
* Login to azure : az login --use-device-code

[Protegrity Prerequisite]
* For creating a key in Azure Key Vault using Azure CLI, refer :
  https://learn.microsoft.com/en-us/azure/key-vault/keys/quick-create-cli 
* Download the public key from the key vault : 
  az keyvault key download --vault-name test -n testkey -e PEM -f publickey.pem
* Replace all the new lines with '\n' in publickey.pem
* Public key is now ready to be used for downloading the ESA policy
* Azure supports RSA1_5, RSA_OAEP and RSA_OAEP_256 algorithms, whose 
  correspoding names in REST API call are RSA1_5, RSA-OAEP-SHA1 and 
  RSA-OAEP-256 respectively. Refer: 
  https://azuresdkdocs.blob.core.windows.net/$web/python/azure-keyvault-keys/latest/azure.keyvault.keys.crypto.html
* Make sure that decrypt permission is present for the key vault : 
  az keyvault set-policy -n "test" --key-permissions decrypt --object-id 7e821e4c-e0ad-4a6f-aa26-f445c7c7e3ea
* To get the private key URI from azure key vault, refer :
  https://learn.microsoft.com/en-us/azure/key-vault/keys/quick-create-cli
[Python Prerequisite]
* Refer the minimum required python version from here -
  https://learn.microsoft.com/en-us/python/api/overview/azure/keyvault-keys-readme?view=azure-python
* pip install azure-keyvault-keys azure-identity cryptography

"""

class AzureKeyVaultDecryptor(DEKDecryptor):
    key_id = "https://automation-cntrs.vault.azure.net/keys/testkey/aaf3861366a24b1bb4f6871eb11afafe"

    def decrypt(self,keyLabel,algorithmID,encDek):
        credential = DefaultAzureCredential()        
        crypto_client = CryptographyClient(AzureKeyVaultDecryptor.key_id, credential=credential)
        decrypted = crypto_client.decrypt(EncryptionAlgorithm.rsa_oaep_256, encDek)
        return decrypted.plaintext

Using GCP

The following is a sample implementation using the private key from Google Cloud KMS.

from pycoreprovider.utils.DEKDecryptor import DEKDecryptor

# Import the client library.
from google.cloud import kms

def decrypt_asymmetric(
    project_id: str,
    location_id: str,
    key_ring_id: str,
    key_id: str,
    version_id: str,
    ciphertext: bytes,
) -> kms.DecryptResponse:
    """
    Decrypt the ciphertext using an asymmetric key.

    Args:
        project_id (string): Google Cloud project ID (e.g. 'my-project').
        location_id (string): Cloud KMS location (e.g. 'us-east1').
        key_ring_id (string): ID of the Cloud KMS key ring (e.g. 'my-key-ring').
        key_id (string): ID of the key to use (e.g. 'my-key').
        version_id (string): ID of the key version to use (e.g. '1').
        ciphertext (bytes): Encrypted bytes to decrypt.

    Returns:
        DecryptResponse: Response including plaintext.

    """

    # Create the client.
    client = kms.KeyManagementServiceClient()

    # Build the key version name.
    key_version_name = client.crypto_key_version_path(
        project_id, location_id, key_ring_id, key_id, version_id
    )

    # Optional, but recommended: compute ciphertext's CRC32C.
    # See crc32c() function defined below.
    ciphertext_crc32c = crc32c(ciphertext)

    # Call the API.
    decrypt_response = client.asymmetric_decrypt(
        request={
            "name": key_version_name,
            "ciphertext": ciphertext,
            "ciphertext_crc32c": ciphertext_crc32c,
        }
    )

    # Optional, but recommended: perform integrity verification on decrypt_response.
    # For more details on ensuring E2E in-transit integrity to and from Cloud KMS visit:
    # https://cloud.google.com/kms/docs/data-integrity-guidelines
    if not decrypt_response.verified_ciphertext_crc32c:
        raise Exception("The request sent to the server was corrupted in-transit.")
    if not decrypt_response.plaintext_crc32c == crc32c(decrypt_response.plaintext):
        raise Exception(
            "The response received from the server was corrupted in-transit."
        )
    # End integrity verification

    print(f"Plaintext: {decrypt_response.plaintext!r}")
    return decrypt_response


def crc32c(data: bytes) -> int:
    """
    Calculates the CRC32C checksum of the provided data.
    Args:
        data: the bytes over which the checksum should be calculated.
    Returns:
        An int representing the CRC32C checksum of the provided bytes.
    """
    import crcmod  # type: ignore

    crc32c_fun = crcmod.predefined.mkPredefinedCrcFun("crc-32c")
    return crc32c_fun(data)

class GCPKMSDecryptor(DEKDecryptor):
    def decrypt(self,keyLabel,algorithmID,encDek):
        print(keyLabel,algorithmID,encDek)
        decDek=decrypt_asymmetric("project_id","location_id","key_ring_id","key_id","version_id","ciphertext")
        return decDek.plaintext

2.7.4 - Application Protector API Return Codes

Learn about the Application Protector API Return Codes.

Sample Log for AP Return Codes

The following is a sample log generated in Discover on the Audit Store Dashboards in the ESA.

Sample log for AP return codes

Protection audit logs are stored in the Audit Store. Select the pty_insight_*audit* index to view the protection logs.

For more information about viewing the logs, refer to Working with Discover.

2.7.5 - Config.ini file for Application Protector

Sample config.ini file for Application Protector.

The Application Protector can be configured using the config.ini file. By default, this file is located in the <installation directory>/sdk/<protector>/data/ directory.

The various configurations required for setting up the Application Protector are described in this section.

Sample config.ini file

The following represents a sample config.ini file.

# -----------------------------
# Protector configuration
# ----------------------------- 
[protector]

# Cadence determines how often the protector connects with shared memory to fetch the policy updates in background.
# Default is 60 seconds. So by default, every 60 seconds protector tries to fetch the policy updates.
#
# Default 60.
cadence = 60

# The time during which an session object is valid. Default = 15 minutes.
session.sessiontimeout = 15

###############################################################################
# Log Provider Config
###############################################################################
[log]

# In case that connection to fluent-bit is lost, set how audits/logs are handled
# 
# drop  : (default) Protector throws logs away if connection to the fluentbit is lost
# error : Protector returns error without protecting/unprotecting 
#         data if connection to the fluentbit is lost
mode = drop

# Host/IP to fluent-bit where audits/logs will be forwarded from the protector
#
# Default localhost
host = localhost

Different configurations for Application Protector

The following are the various configurations:

Protector configurations

cadence: The interval at which the protector synchronizes with the shared memory for fetching the package with policy. The default value for cadence is 60 seconds. The maximum and minimum value that can be set for cadence are 86400 seconds (24 hours) and 1 respectively.
For more information about the policy deployment with different cadence configurations, refer to Policy Deployment.
For more information about the Resilient Package sync configuration parameters, refer to Resilient Package Sync Configuration Parameters.
For more information about changing protector status interval, refer to Resilient Package Status Configuration Parameter.
session.sessiontimeout: The time during which a session object is valid. The default value for session.sessiontimeout is 15 minutes.
Note: The session.sessiontimeout parameter is a feature of AP Java and not valid for AP Python and AP .Net.

Log Provider configurations

mode: This describes how the protector logs are handled if you lose connection to the Log Forwarder host, can be set to one of the following values:
- drop: The logs are dropped when the connection to the Log Forwarder is lost. The default mode is drop.
- error: The data security operations are stopped and an error is generated when the connection to the Log Forwarder is lost.
host: The Log Forwarder hostname or IP address where the logs will be forwarded from the protector. The default host for Log Forwarder is localhost.

For more information about the configuration parameters for forwarding the audits and logs, refer to Configuration Parameters for Forwarding Audits and Logs.

2.7.6 - Multi-node Application Protector Architecture

Architecture for multi-node Application Protector.

The multi-node Application Protector (AP) architecture, its individual components, and how logs are collected using the Log Forwarder are described in this section.

The following figure describes the multi-node AP architecture.

Multi-node AP architecture

For example, some AP nodes are connected to an ESA, which includes the Audit Store component. Each AP node contains a Log Forwarder, RP Agent, and AP instance for sending logs to the ESA.

Protector: The AP can be configured using the config.ini file.
For more information about the configurations, refer to Config.ini file for Application Protector.

2.7.7 - Uninstalling the Application Protector

Uninstalling the AP Python Installation on different platforms

Uninstalling Application Protector (AP) Python from Linux in Production Environment

The steps to uninstall the different components of the AP Python in production environment are described in this section.

Uninstalling the Log Forwarder from Linux

To preserve all the configurations while upgrading the Log Forwarder, ensure that all the files present under the /opt/protegrity/logforwarder/data/config.d directory are backed up.

To uninstall the Log Forwarder from a Linux platform:

Navigate to the /opt/protegrity/logforwarder/bin directory.
Stop the Log Forwarder using the following command.
```
./logforwarderctrl stop
```
Delete the /opt/protegrity/logforwarder directory. The Log Forwarder is uninstalled.

Uninstalling the RP Agent from Linux

Before uninstalling the RP Agent, ensure that all the files present under the /opt/protegrity/rpagent/data directory are backed up.

To uninstall the RP Agent from a Linux platform:

Navigate to the /opt/protegrity/rpagent/bin directory.
Stop the RP Agent using the following command.
```
./rpagentctrl stop
```
Delete the /opt/protegrity/rpagent directory. The RP Agent is uninstalled.

Uninstalling the AP Python from Linux

To uninstall the AP Python from a Linux platform:

Login to the machine from where you want to uninstall the AP Python.
Uninstall the AP Python by running the following command.
```
pip uninstall appython
```
Delete the /opt/protegrity/sdk/python directory. The AP Python is uninstalled.

3 - Application Protector .Net

Learn about the Application Protector (AP) .Net.

Protegrity Application Protector (AP) .Net Overview

The Protegrity Application Protector (AP) .Net provides APIs that integrate with customer applications to protect, unprotect, and reprotect sensitive data. It can be used with any application developed using .NET Standard 2.0.

Note: The DLL file creation is supported only by .NET Core 8.0 and .NET Core 9.0. The .NET application can be run by using any supported versions.

Protection and Security Access Methods

The AP .Net provides the following methods:

Get product version
Check Access
Protect
Unprotect
Reprotect

For more information about these protection and security access methods, refer to AP .Net APIs.

Key Features

The key features of this protector include support of the .Net distributions listed here. Other key features include use of only trusted applications for access, audit logs, and initialization audit logs.

Supported .Net Distributions

The AP .Net supports the following versions:

AP .Net Distributions	Versions
.NET Framework	4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1
.NET Core	8.0, 9.0
.NET Standard	2.0

Trusted Applications

The AP .Net can only be accessed by trusted applications.
Any application that protects, unprotects, or reprotects data must first be configured as a trusted application.

For details on configuring a trusted application, refer to Creating a Trusted Application.

Audit Logs

The AP .Net generates an audit record for every protection method call, including the data element and user name.

Single Data Item Audit Example

Three audit log events are generated in the following scenarios:

1 protect operation with data element a (count = 1)
5 protect operations with data element b (count = 5)
1000 unprotect operations with data element a (count = 1000)

Bulk Data Item Audit Example

For bulk operations, each protect, unprotect, and reprotect call generates audit logs.

Example:

If bulk size = 3 and 2 bulk protect operations of the same data element are performed, then 1 audit log event is generated with a count = 6.

Initialization Audit Logs

Each time a trusted application is initialized, an audit log is generated showing whether initialization was successful.
These audits are available in ESA Audit Store Dashboard for easy access by the Security Officer.

3.1 - Architecture and Workflow

The architecture and workflow of Application Protector.

This page describes the architecture, the individual components, and the workflow of the Protegrity Application Protector (AP) solution.

Architecture and Workflow

The following figure illustrates the deployment architecture of the Application Protector (AP).

Architecture and Workflow of Application Protector

The following table describes the components of the AP deployment architecture.

Component	Description
Customer Application	Built in supported programming languages and integrates with AP for data protection.
Application Protector	Core protection engine that enforces security policies and performs data protection operations.
Configuration File (config.ini)	Contains initialization parameters passed to AP during startup.
Native Interface	Native interface between AP and the C layer. .Net: Platform Invocation Services (P/Invoke)
Package Enforcement and Deployment	Downloads policy packages from the RP Agent and executes protection operations, such as, protect, unprotect, and reprotect.
Log Forwarder	Collects logs from AP and forwards them to the Audit Store for centralized auditing.
Resilient Package (RP) Agent	Standalone process that retrieves policy packages from ESA and shares them with AP processes using shared memory IPC.

The following steps describe the workflow of a sample AP deployment in the production environment.

The customer application initializes the SDK.
The configurations that are required configuration parameters are passed to the protector using the config.ini file.
Note: The configurations can be set through environment variables. ENV overrides values in the config.ini file, except for cadence and session timeout which must be set in the config file.
For more information about environment variables configuration, refer to Configuration Parameters for Protector.
The RP Agent regularly syncs with the RP Proxy or ESA to check for policy updates. If a change is detected, the updated policy package is securely downloaded over a TLS channel and stored in shared memory.
The protector synchronizes with shared memory based on the cadence value defined in config.ini file. If a new package is available, it is fetched into process memory. This updated package is then used to perform data protection operations such as, protect, unprotect, and reprotect.
The audit logs generated during protection operations are forwarded to the Audit Store:
- Logs from the application are sent through the Log Forwarder.
- Logs from the RP Agent are also forwarded using the Log Forwarder.

Components of the Application Protector

The Protegrity Application Protector (AP) solution comprises several key components that work together to enforce data protection policies and ensure secure operations.

Application Protector

The core engine that integrates with customer applications to perform data protection operations:

Protect
Unprotect
Reprotect

AP is available in multiple language-specific variants:

AP Java: For applications developed in Java
AP Python: For applications developed in Python
AP .Net: For applications developed in C#

Resilient Package (RP) Agent

A standalone process responsible for policy synchronization.

To sync with the RP Proxy or ESA at regular intervals of 60 seconds.
To detect policy changes and download updated packages over a secure TLS channel.
To store the packages in shared memory for use by the protector.

Log Forwarder

A log processing tool that handles audit and protection logs.

Collects logs generated by AP and RP Agent.
Forwards logs to the Audit Store within ESA.

Ports used to transport the protection and audit logs to the ESA:

15780: Configurable
15781: Non-configurable

Package Deployment

The different approaches for package deployment during the initialization process of the Application Protector are described in this section.

Dynamic Package Deployment

Use this approach when the protector needs to continuously check for policy updates after initialization.

Set the cadence parameter to a non-zero value in the config.ini file.
This value defines the interval in seconds at which the protector synchronizes with the RP Agent.
If a policy change is detected, the protector automatically fetches the updated package and applies it during protection operations.
Note: This method ensures that the protector always operates with the latest policy.

Immutable Package Deployment

Use this approach when the protector does not need to check for policy changes after initialization.

Add the [devops] parameter in the config.ini file before initializing the protector.
A REST API call is used to download an envelope-encrypted package from the ESA.
The protector uses this static package for all operations without further synchronization.
For more information about the DevOps approach, refer to DevOps Approach for Application Protector.

3.2 - System Requirements

Lists the recommended minimum system requirements

The following table lists the minimum hardware configurations.

Hardware Component	Configuration Details
CPU	Depends on the application.
Disk Space	Under 200 MB - including LogForwarder, RP Agent, and AP Java, AP Python or AP .Net.
RAM	Memory usage depends on the AP flavor and application behavior. Refer to AP .Net

Note: The Disk Space depends on the policy size and stored logs on the disk.

3.3 - Preparing the Environment

The prerequisites to install the AP .Net Installation on Windows are described in the section.

The Protegrity Application Protector (AP) .NET provides APIs that integrate with customer applications to protect and unprotect sensitive data. It is compatible with applications developed using .NET Core and C#.

Caution: Install only one environment at a time either production or development. Do not install Mock AP .Net protector in a Production environment.

Preparing the Environment for AP .Net Installation on Windows in a Production Environment

Before installing Protegrity Application Protector (AP) .Net on a Windows platform in a Production environment, ensure the following prerequisites are met:

The ESA appliance is installed, configured, and running.
The IP address or hostname of the ESA is noted.
Policy Management (PIM) is initialized on the ESA. This ensures cryptographic keys and the policy repository are created. For more information about initializing the PIM, refer to Initializing the Policy Management.
A supported version of .NET is installed.
For more information about Supported .Net version, refer to Supported .Net Distributions.

3.4 - Installing the AP .Net Protector

Steps to set up AP .Net on Windows in a Production Environment

Extracting the AP .Net Setup Scripts and Package

To extract the setup scripts and package:

Download the ApplicationProtector_WIN-ALL-64_x86-64_NET-STD-2.0-64_<version>.zip file to any location on the machine where you want to install the protector.
Extract the contents of the ApplicationProtector_WIN-ALL-64_x86-64_NET-STD-2.0-64_<version>.zip file.
The following setup files are extracted:
- ApplicationProtector_WIN-ALL-64_x86-64_NET-STD-2.0-64_<version>.zip
- signatures/ApplicationProtector_WIN-ALL-64_x86-64_NET-STD-2.0-64_<version>.zip_10.0.sig
Verify the digital signature of the signed AP .Net build.
For more information about verifying the signed AP .Net build, refer to Verification of Signed Protector Build.
Extract the contents of the AP .Net installation package again.
The following setup files are extracted:
- LogforwarderSetup_Windows_x64_<version>.exe
- RPAgentSetup_Windows_x64_<version>.exe
- APDotNetSetup_Windows_x64_<version>.exe
- APDotNetMockSetup_Windows_x64_<version>.exe

Before you begin

To preserve all configurations during upgrade:

For Log Forwarder, backup all files present under C:\Program Files\Protegrity\logforwarder\data\config.d directory.
For RP Agent, backup all files present under C:\Program Files\Protegrity\rpagent\data directory.

Installing Log Forwarder on Windows

This section describes how to install the Log Forwarder on a Windows platform using either the Windows Wizard or Silent mode.

Using Windows Wizard

For more information about installing the Log Forwarder using the Windows wizard, refer to Installing Log Forwarder on Windows.

Using Silent Mode

For more information about installing Log Forwarder using the silent mode, refer to Installing Log Forwarder on Windows using Silent Mode.

Installing RP Agent on Windows

This section describes how to install the RP Agent on a Windows platform using either the Windows Wizard or Silent Mode.

Using Windows Wizard

For more information about installing RP Agent using the Windows wizard, refer to Installing RP Agent on Windows.

Using Silent Mode

For more information about installing RP Agent using the silent mode, refer to Installing RP Agent on Windows using Silent Mode.

RPA Secure Mode with ESA / PPC on Windows

Before proceeding with the RPA installation in secure mode, ensure that the required CA certificate is available and trusted on the system.

For PPC (Windows)

Retrieve the custom CA certificate using the following command:

kubectl -n cert-manager get secret eclipse-ca -o jsonpath='{.data.tls\.crt}' | base64 -d > ca.crt

For ESA
Download the certificate from ESA.
For more information about downloading certificates from ESA, refer to Manage Certificates.

After obtaining the certificate, configure the system environment variable:

Variable	Value
SSL_CERT_FILE	Full path to the certificate file (for example, C:\Users\Administrator\ca.crt)

When prompted for the ESA hostname or IP during RPA installation, ensure it is included in the ESA TLS certificate (CN or SAN) and is resolvable from the RPAgent host.

After the CA certificate is available, proceed with the RPA installation.

Using Windows Wizard

For more information about installing RP Agent using the Windows wizard, refer to Installing RP Agent on Windows.

Using Silent Mode

For more information about installing RP Agent using the silent mode, refer to Installing RP Agent on Windows using Silent Mode.

Installing Application Protector .Net on Windows

Using Windows Wizard

This section describes how to install AP .NET on a Windows platform.

Note: Before installation, ensure that the C:\Users\Administrator\.nuget\packages directory does not contain the dotnetprotector folder.

To install the AP .Net on the Windows platform:

Run the APDotNetSetup_Windows_x64_<version>.exe installer from the created directory.
The Select Destination Location screen appears.
Set the installation directory to C:\Program Files\Protegrity\sdk\dotnet.
Click Next.
The Ready to Install screen appears.
Click Install.
The Completing the Defiance AP DOTNET API Setup Wizard screen appears.
Click Finish to complete the installation.
The AP .NET is now installed successfully.
The default installation directories for different platforms are given in the following table.
Table: AP .Net Default Installation Directories
Platform Directory
Windows 64-bit C:\Program Files\Protegrity\sdk\dotnet\lib
API Docs C:\Program Files\Protegrity\sdk\dotnet\doc
Verify that the following files exist in the dotnet\lib directory:
- DotNetProtector.<version>.nupkg - NuGet package for AP .NET
- dotnetprovider.plm - Dynamically loadable module for Windows

Platform	Directory
Windows 64-bit	`C:\Program Files\Protegrity\sdk\dotnet\lib`
API Docs	`C:\Program Files\Protegrity\sdk\dotnet\doc`

Installing the NuGet Package

In Solution Explorer, right-click on Dependencies and select Manage NuGet Packages.
The NuGet Package Manager screen appears.
Click the Settings icon next to the Package source list.
The Options dialog box appears.
Click the ellipsis icon next to the Source field.
Browse to select the lib directory that contains the DotNetProtector.<version>.nupkg package.
For example, select the C:\Program Files\Protegrity\sdk\dotnet\lib directory.
Specify a name for the package source in the Name field.
Click Update.
The lib directory path appears in the Package sources list.
Click OK to close the Options dialog box.
In the NuGet Package Manager screen, in the Package source list, select the newly created package source.
Click Browse.
The DotNetProtector package appears in the list of packages.
Select DotNetProtector and click Install.
The DotNetProtector package is installed.
The AP .NET is installed successfully.

Using Silent Mode

This section describes how to perform a silent installation of AP .Net using command-line parameters.

Silent installation allows you to install AP .Net without user interaction, making it suitable for automated deployments and scripting.

To view usage of the AP .Net installation, use the -help parameter during silent installation.

APDotNetSetup_Windows_x64_10.0.0+0.g8606.exe -help

To specify the directory for the AP .Net installation, use the -dir parameter during silent installation.

APDotNetSetup_Windows_x64_10.0.0+0.g8606.exe -dir C:\Users\Administrator

Note: -dir is a mandatory parameter for silent installation.

3.5 - Configuring the Protector

Configuring and Verifying AP .Net Installation on different platforms

Setting Up Environment Variables for AP .NET on Windows

This section describes the steps to configure environment variables required to run the Application Protector .NET application on a Windows platform.

To set up the environment variables on the Windows platform:

On the machine where AP .NET is installed, navigate to Control Panel > System > Advanced system settings.
The System Properties dialog box appears.
Click Environment Variables.
The Environment Variables dialog box appears.
Select the Path variable and click Edit.
The Edit Environment Variable dialog box appears.
Click New.
Add the path where the dotnetprovider.plm file is located.
For example, specify the path as C:\Program Files\Protegrity\sdk\dotnet\lib.
Click OK to save the changes.
The environment variable is now set successfully.

Verifying Installation of AP .Net

To verify that the AP .Net has been successfully installed:

Create a data element and data store in the ESA.
For more information about creating data elements, refer to Working With Data Elements.
For more information about creating data stores, refer to Creating a Data Store.
Create a member source and role in the ESA.
For more information about creating a member source, refer to Working With Member Sources.
For more information about creating a role, refer to Working with Roles.
Configure a policy in the ESA.
For more information about creating a data security policy, refer to Creating Policies.
Configure the application as a trusted application in the ESA.
For more information about trusted applications, refer to Working With Trusted Applications.
Initialize the AP .Net.
For more information about the AP .Net initialization API, refer to GetProtector API.

To verify the version of the installed AP .Net, run the GetVersion method using the following code:

using System;
using System.Collections.Generic;
using System.Text;
using Protegrity.Net;
using Protegrity.PException;

namespace APDotNetTest
{
    class Program
    {
        static void Main(string[] args)
        { 
            try
            {
                using Protector protector = Protector.GetProtector();

                /**
                * Calling GetVersion to print APDotNet sdk and Core version.
                */
                Console.WriteLine(protector.GetVersion() + "\n");
            }
            catch (ProtectorException e)
            {
                Console.WriteLine(e);
            }
        }
    }
}

3.6 - Using the AP .Net APIs

Sample application for the AP .Net.

The process to use the AP .Net protect, unprotect, and reprotect methods are described on this page.

It is assumed that the ESA is already available.

The tasks can be divided in the following order.

Create the data elements and data store in the Policy Management on the ESA Web UI.
Create the member sources and roles.
Configure the policy.
Configure the trusted application.
Add a trusted application to the data store.
Install the AP .Net.
Run the sample application.

Creating a Data Element and Data Store

Determine how the data needs to be protected either by using encryption or tokenization before running the application. Protection and unprotection methods are available for both.

Create a data element and data store in the ESA by performing the following.

To create a data element, from the ESA Web UI, navigate to Policy Management → Data Elements & Masks → Data Elements.
For more information about creating data elements, refer to Working With Data Elements.
To create a data store, navigate to Policy Management → Data Stores.
For more information about creating data stores, refer to Creating a Data Store.

Creating a Member Source and Role

Create a member source and role in the ESA by performing the following.

To create a member source, from the ESA Web UI, navigate to Policy Management → Roles & Member Sources → Member Sources.
For more information about creating a member source, refer to Working With Member Sources.
To create a role, from the ESA Web UI, navigate to Policy Management → Roles & Member Sources → Roles.
For more information about creating a role, refer to Working with Roles.

Configuring a Policy

Configure a policy in the ESA by performing the following.

From the ESA Web UI, navigate to Policy Management → Policies & Trusted Applications → Policies.
Click Add New Policy.
The New Policy screen appears.
After the policy is configured for the application user, add the permissions, data elements, roles, and data stores to the policy and then save it.
Deploy the policy using the Policy Management Web UI.

For more information about creating a data security policy, refer to Creating Policies.

Configuring a Trusted Application

Configure a trusted application in the ESA by performing the following.

From the ESA Web UI, navigate to Policy Management → Policies & Trusted Applications → Trusted Application.
Create a trusted application.
Deploy the trusted application using the Policy Management Web UI.

For more information about trusted applications, refer to Working With Trusted Applications.

Adding a Trusted Application to Data Store

Add a trusted application to data store by performing the following.

From the ESA Web UI, navigate to Policy Management → Data Stores.
The list of all the data stores appear.
Select the required data store.
The screen to edit the data store appears.
Under the Trusted Applications tab, click Add.
The screen to add the trusted application appears.
Select the required trusted application and click Add.
Select the required policy and deploy it using the Policy Management Web UI.

For more information about adding a trusted application to data store, refer to Linking Data Store to a Trusted Application.

Installing the AP .Net

Install the AP .Net by performing the following.

To install the AP .Net, refer to Application Protector .Net Installation.
Verify if the AP .Net is successfully installed by performing the following.
a. Configure the application as a trusted application in the ESA.
For more information about trusted applications, refer to Working With Trusted Applications.
b. Initialize the AP .Net.
For more information about the AP .Net initialization API, refer to getProtector.
c. Run the GetVersion method to check the version of the installed AP .Net.
For more information about the GetVersion method, refer to GetVersion API.

Running the AP .Net APIs

After setting up the policy and trusted application, you can begin testing the AP .Net APIs for protection, unprotection, and reprotection.

For more information about the AP .Net APIs, refer to Application Protector .Net APIs.

For more information about the AP .Net return codes, refer to Application Protector API Return Codes.

The following represents a sample AP .Net application for performing the protect, unprotect, and reprotect operations.

using System;
using System.Collections.Generic;
using System.Text;
using Protegrity.Net;
using Protegrity.PException;

namespace APDotNetTest
{
    /**********************************************************************************************/
    /**
     * @class   Program
     *
     * @brief   A sample program for Application .NET Protector.
     *
     **************************************************************************************************/
    class Program
    {
        private const string dataElementName = "alphanum";
        private const string newDataElementName = "alphanumreprot";
        private const string userName = "policyuser";


        /**********************************************************************************************/
        /**
         * @fn  static void Main(string[] args)
         *
         * @brief   Main entry-point for this application
         *
         * @param   args    An array of command-line argument strings.
         **************************************************************************************************/

        static void Main(string[] args)
        { 
            try
            {
                /* Dispose() is a method defined by the IDisposable interface in .NET. 
                 * It’s used to release unmanaged resources.
                 * .NET garbage collector only cleans up managed memory. If your class uses unmanaged resources, 
                 * you must clean them up manually — and that’s what Dispose() is for.
                 * 
                 * ====================
                 * With using 
                 * ====================
                 * You're telling the compiler:
                 * "Create this object, and automatically call Dispose() on it 
                 * when it goes out of scope."
                 * This is called a using declaration, and it ensures that cleanup happens even if
                 * an exception occurs.
                 * 
                 * ======================
                 * Without using
                 * ======================
                 * You have to call dispose manually.
                 */

                using Protector protector = Protector.GetProtector();

                /**
                 * Sample input string data for single operations.
                 */
                string singleInput = "Hello Protegrity";
                byte[] singleByteInput = Encoding.UTF8.GetBytes(singleInput);

                Console.WriteLine("#########################################");
                Console.WriteLine("# Protegrity Application .NET Protector #");
                Console.WriteLine("#########################################\n");

                /**
                 * Calling GetVersion to print APDotNet sdk and Core version.
                 */
                Console.WriteLine(protector.GetVersion() + "\n");
                Console.WriteLine("--------------------------------------");
                Console.WriteLine("-     Single Protect API             -");
                Console.WriteLine("--------------------------------------");
                Console.WriteLine($"Input Data is:        {singleInput}\n");


                /**
                 * Use protector object to call single string Protect API.
                 */
                string protectedData = protector.Protect(singleInput, userName, dataElementName);
                Console.WriteLine("With String Data Type");
                Console.WriteLine("-----------------------");
                Console.WriteLine($"Protected Data is:    {protectedData}");

                /**
                 * Use protector object to call single string Unprotect API
                 */
                string unprotectedData = protector.Unprotect(protectedData, userName, dataElementName);
                Console.WriteLine($"Unprotected Data is:  {unprotectedData}\n");

                /**
                * Use protector object to call single string Reprotect API.
                */
                string reprotectedData = protector.Reprotect(protectedData, userName, dataElementName, newDataElementName);
                Console.WriteLine($"Reprotected Data is:  {reprotectedData}");

                /**
                 * Use protector object to call single string Unprotect API
                 */
                string unprotectReprotectedData = protector.Unprotect(reprotectedData, userName, newDataElementName);
                Console.WriteLine($"Unprotected Data is:  {unprotectReprotectedData}\n");

                /** 
                 * Use protector object to call single byte Protect API.
                 */
                byte[] byteProtectedData = protector.Protect(singleByteInput, userName, dataElementName);
                Console.WriteLine("With Byte Data Type");
                Console.WriteLine("----------------------");
                Console.WriteLine($"Protected Byte Data is:    {Encoding.UTF8.GetString(byteProtectedData)}");

                /**
                 * Use protector object to call single byte Unprotect API
                 */
                byte[] byteUnprotectedData = protector.Unprotect(byteProtectedData, userName, dataElementName);
                Console.WriteLine($"Unprotected Byte Data is:  {Encoding.UTF8.GetString(byteUnprotectedData)}\n");

                /**
                 * Use protector object to call single byte Reprotect API.
                 */
                byte[] byteReprotectedData = protector.Reprotect(byteProtectedData, userName, dataElementName, newDataElementName);
                Console.WriteLine($"Reprotected Byte Data is:  {Encoding.UTF8.GetString(byteReprotectedData)}");

                /**
                 * Use protector object to call single byte Unprotect API
                 */
                byte[] byteUnprotectReprotectedData = protector.Unprotect(byteReprotectedData, userName, newDataElementName);
                Console.WriteLine($"Unprotected Byte Data is:  {Encoding.UTF8.GetString(byteUnprotectReprotectedData)}");
                Console.WriteLine("\n");

                /**
                 * Sample bulk string input data
                 */
                string[] bulkInput = { "The Alpha-numeric token type tokenizes all alphabetic symbols (both lowercase and uppercase letters), as well as digits.", "Digits 0 through 9, Lowercase letters a through z, Uppercase letters A through Z", "alphanumeric data 1234567890 !@#$%^&* with special characters", "ALL THE CHARACTERS IN THIS STRING ARE UPPERCASE", "UPPERCASE WITH 1234567890 NUMBERS AND !@#$%^&*() SPECIAL CHARACTERS" };
                List<byte[]> byteBulkInput = new List<byte[]>(bulkInput.Length);

                Console.WriteLine("--------------------------------------");
                Console.WriteLine("-         Bulk Protect API           -");
                Console.WriteLine("--------------------------------------");

                Console.WriteLine("Input Data is:");

                /**
                 * Converting string data to byte data.
                 */
                for (int i = 0; i < bulkInput.Length; i++)
                {
                    Console.WriteLine($"{bulkInput[i]}");
                    byteBulkInput.Add(Encoding.UTF8.GetBytes(bulkInput[i]));
                }

                Console.WriteLine("\n");
                Console.WriteLine("With String Data Type");
                Console.WriteLine("----------------------");

                /**
                 * Use protector object to call bulk string Protect API
                 */
                Tuple<string[], int[]> bulkProtectedData = protector.Protect(bulkInput, userName, dataElementName);
                Console.WriteLine("Protected Data is: ");
                for (int i = 0; i < bulkProtectedData.Item1.Length; i++)
                {
                    Console.WriteLine(bulkProtectedData.Item1[i] + " " + bulkProtectedData.Item2[i]);
                }
                Console.WriteLine("\n");

                /**
                 * Use protector object to call bulk string Unprotect API
                 */
                Tuple<string[], int[]> bulkUnprotectedData = protector.Unprotect(bulkProtectedData.Item1, userName, dataElementName);
                Console.WriteLine("Unprotected Data is: ");
                for (int i = 0; i < bulkUnprotectedData.Item1.Length; i++)
                {
                    Console.WriteLine(bulkUnprotectedData.Item1[i] + " " + bulkUnprotectedData.Item2[i]);
                }
                Console.WriteLine("\n");

                /**
                 * Use protector object to call bulk string Reprotect API
                 */
                Tuple<string[], int[]> bulkReprotectedData = protector.Reprotect(bulkProtectedData.Item1, userName, dataElementName, newDataElementName);
                Console.WriteLine("Reprotected Data is: ");
                for (int i = 0; i < bulkReprotectedData.Item1.Length; i++)
                {
                    Console.WriteLine(bulkReprotectedData.Item1[i] + " " + bulkReprotectedData.Item2[i]);
                }
                Console.WriteLine("\n");

                /**
                * Use protector object to call bulk string Unprotect API
                */
                Tuple<string[], int[]> bulkUnprotectReprotectedData = protector.Unprotect(bulkReprotectedData.Item1, userName, newDataElementName);
                Console.WriteLine("Unprotected Data is: ");
                for (int i = 0; i < bulkUnprotectReprotectedData.Item1.Length; i++)
                {
                    Console.WriteLine(bulkUnprotectReprotectedData.Item1[i] + " " + bulkUnprotectReprotectedData.Item2[i]);
                }
                Console.WriteLine("\n");

                Console.WriteLine("With Byte Data Type");
                Console.WriteLine("----------------------");

                /**
                 * Use protector object to call bulk byte Protect API
                 */
                Tuple<List<byte[]>, int[]> byteBulkProtectedData = protector.Protect(byteBulkInput, userName, dataElementName);
                Console.WriteLine("Protected Data is: ");
                for (int i = 0; i < byteBulkProtectedData.Item1.Count; i++)
                {
                    Console.WriteLine(Encoding.UTF8.GetString(byteBulkProtectedData.Item1[i]) + " " + byteBulkProtectedData.Item2[i]);
                }
                Console.WriteLine("\n");

                /**
                * Use protector object to call bulk byte Unprotect API
                */
                Tuple<List<byte[]>, int[]> byteBulkUnprotectedData = protector.Unprotect(byteBulkProtectedData.Item1, userName, dataElementName);
                Console.WriteLine("Unprotected Data is: ");
                for (int i = 0; i < byteBulkUnprotectedData.Item1.Count; i++)
                {
                    Console.WriteLine(Encoding.UTF8.GetString(byteBulkUnprotectedData.Item1[i]) + " " + byteBulkUnprotectedData.Item2[i]);
                }
                Console.WriteLine("\n");

                /**
                * Use protector object to call bulk byte Reprotect API
                */
                Tuple<List<byte[]>, int[]> byteBulkReprotectedData = protector.Reprotect(byteBulkProtectedData.Item1, userName, dataElementName, newDataElementName);
                Console.WriteLine("Reprotected Data is: ");
                for (int i = 0; i < byteBulkReprotectedData.Item1.Count; i++)
                {
                    Console.WriteLine(Encoding.UTF8.GetString(byteBulkReprotectedData.Item1[i]) + " " + byteBulkReprotectedData.Item2[i]);
                }
                Console.WriteLine("\n");

                /**
                * Use protector object to call bulk byte Unprotect API
                */
                Tuple<List<byte[]>, int[]> byteBulkUnprotectReprotectedData = protector.Unprotect(byteBulkReprotectedData.Item1, userName, newDataElementName);
                Console.WriteLine("Unprotected Data is: ");
                for (int i = 0; i < byteBulkUnprotectReprotectedData.Item1.Count; i++)
                {
                    Console.WriteLine(Encoding.UTF8.GetString(byteBulkUnprotectReprotectedData.Item1[i]) + " " + byteBulkUnprotectReprotectedData.Item2[i]);
                }
                Console.WriteLine("\n");
            }
            catch (ProtectorException e)
            {
                Console.WriteLine(e);
            }
        } /* End scope of main function */

    } /* End scope of class */

} /* closure of namespace */

3.6.1 - Application Protector .Net APIs

The various APIs of the AP .Net.

A Trusted Application must be added in the datastore for running AP .Net. The AP .Net accesses the information on the Trusted Application from the policy stored in the memory. If the application is trusted, then the user can invoke the protect, unprotect, or reprotect APIs, depending on the requirements.

The following diagram represents the basic flow of the AP .Net.

Flowchart for AP .Net

Note:
The AP .Net supports only bytes and string data type.

The following sections provide detailed information for the various functions used by the Protegrity Application Protector .Net.

Using AP .Net in a Production Environment

This section provides a list of the APIs that are supported by AP .Net. It describes the syntax of the AP .Net APIs and provides sample use cases.

GetProtector API

The GetProtector returns the Protector object associated with the AP .Net API.

public static Protector GetProtector

Parameters

None

Returns

Protector Instance: Object associated with the AP .Net API.

Exception

ProtectorException: If the configuration is invalid, then an exception is returned.

Example

using Protector protector = Protector.GetProtector();

The Protector class implements the IDisposable interface. This ensures that resources held by the Protector object are released properly when it is no longer needed. The using keyword automatically disposes of objects at the end of their scope. This helps prevent resource leaks and improves application stability.

GetVersion API

The GetVersion API returns the extended version of the AP .Net in use. The extended version consists of the AP .Net version number and Core version.

public string GetVersion()

Parameters

None

Returns

string: Returns an object with product version of the installed AP .Net and the Core version.

Exception

None

Example

protector.GetVersion();

CheckAccess API

The CheckAccess API returns the access permission status of the user for a specified data element.

public bool CheckAccess(string userName, string dataElement, int accessType=CheckAccessType.PROTECT, string newDataElement = null)

Parameters

Parameter	Description
`userName`	String containing the username defined in the policy.
`dataElement`	String containing the name of the data element defined in the policy.
`checkAccess`	Type of the access permission of the user for the specified data element. You can specify a value for this parameter from the accessType constants, such as, `PROTECT`, `UNPROTECT`, or `REPROTECT`.
`newDataElement`	String containing the name of the data element defined in the policy when we are checking access for reprotect.

Returns

boolean: Returns true if the user has the requested access on the data element and false if the user does not have access to the data element.

Exception

ProtectorException: If the CheckAccess operation is unsuccessful, then an exception is thrown.

Example

To check whether user1 will be able to perform protect operation or not using Alphanum data element:

bool access = protector.CheckAccess("user1", "Alphanum", CheckAccessType.PROTECT);

To check whether user1 will be able to perform unprotect operation or not using Alphanum data element:

bool access = protector.CheckAccess("user1", "Alphanum", CheckAccessType.UNPROTECT);

To check whether user1 will be able to perform reportect operation or not using Alphanum (old) and Alphanum1 (new) data element

bool access = protector.CheckAccess("user1", "Alphanum", CheckAccessType.REPROTECT, "Alphanum1");

Protect - String API

This API protects the data provided as a string using a tokenization or Format Preserving Encryption (FPE) data elements.

public string Protect(string input, string userName, string dataElementName, byte[] externalIv = null, byte[] externalTweak = null)

Parameters

Parameter	Description
`input`	Input data to be protected in string format.
`userName`	String containing the user name defined in the policy.
`dataElementName`	String containing the data element name defined in the policy.
`externalIV`	External IV is an optional argument. It is a buffer containing data that is used as an initialization vector and accepts input in byte format. When the external IV is null, its value is ignored.
`externalTweak`	External Tweak is an optional argument that is used only for the FPE data elements. It is a buffer containing data that is used as an external tweak and accepts input in byte format. When the external tweak is empty, its value is ignored.

Returns

string: Protected data in string format.

Exception

ProtectorException: If the protect operation is unsuccessful, then an exception is thrown.

Example

string singleProt = protector.Protect("Protegrity1234", "user1", "AlphaNum", Encoding.UTF8.GetBytes("abcd123"), null);

Protect - Bulk String API

This API protects the data provided as a string array using a tokenization or Format Preserving Encryption (FPE) data elements.

It supports bulk protection. There is no maximum data limit. For more information about input data and data elements, refer to Protection Methods Reference.

public Tuple<string[], int[]> Protect(string[] input, string userName, string dataElementName, byte[] externalIv = null, byte[] externalTweak = null)

Parameters

Parameter	Description
`input`	Input array to be protected in string format.
`userName`	String containing the user name defined in the policy.
`dataElementName`	String containing the data element name defined in the policy.
`externalIV`	External IV is an optional argument. It is a buffer containing data that is used as an initialization vector and accepts input in byte format. When the external IV is null, its value is ignored.
`externalTweak`	External Tweak is an optional argument that is used only for the FPE data elements. It is a buffer containing data that is used as an external tweak and accepts input in byte format. When the external tweak is empty, its value is ignored.

Returns

Tuple<string[], int[]>: Returns a tuple of the following data:
- String array of the protected data.
- Int array of the return codes.

Exception

ProtectorException: If the protect operation is unsuccessful, then an exception is thrown. For string array, an exception is not thrown for error codes 22, 23, and 44. Instead, an error list is returned for the individual items in the bulk data.

Example

Tuple<string[], int[]> prot = protector.Protect({"Protegrity1", "Protegrity2", "Protegrity3"}, "user1", "AlphaNum", Encoding.UTF8.GetBytes("abcd123"), null);

Protect - Byte API

This API protects the data provided as bytes using an encryption or a tokenization data element.

public Protect(byte[] input, string userName, string dataElementName, byte[] externalIv = null, byte[] externalTweak = null, int charset = Charset.UTF8)

Parameters

Parameter	Description
`input`	Input data to be protected in byte format.
`userName`	String containing the user name defined in the policy.
`dataElementName`	String containing the data element name defined in the policy.
`externalIV`	External IV is an optional argument. It is a buffer containing data that is used as an initialization vector and accepts input in byte format. When the external IV is null, its value is ignored.
`externalTweak`	External Tweak is an optional argument that is used only for the FPE data elements. It is a buffer containing data that is used as an external tweak and accepts input in byte format. When the external tweak is empty, its value is ignored.
`charset`	Charset is an optional argument. It indicates the encoding associated with the bytes of the input data. You can specify a value for this argument from the charset constants, such as, `UTF8`, `UTF16LE`, or `UTF16BE`. The default value for the charset argument is `UTF8`.

Important:
The charset parameter is mandatory for the data elements created with Unicode Gen2 tokenization method and the FPE encryption method.
The encoding set for the charset parameter must match the encoding of the input data passed.

Note: The charset argument is only applicable for the input data of byte type.

Returns

byte[]: Protected data in byte format.

Exception

ProtectorException: If the protect operation is unsuccessful, then an exception is thrown.

Example

byte[] singleByteProt = protector.Protect(Encoding.Unicode.GetBytes("Protegrity123"), "user1", "UnicodeGen2_UTF16LE", Encoding.UTF8.GetBytes("abcd123"), null, charset:Charset.UTF16LE);

Protect - Bulk Byte API

This API protects the data provided as a byte array using an encryption or a tokenization data element.

It supports bulk protection. There is no maximum data limit. For more information about input data and data elements, refer to Protection Methods Reference.

public Tuple<List<byte[]>, int[]> Protect(List<byte[]> input, string userName, string dataElementName, byte[] externalIv = null, byte[] externalTweak = null, int charset = Charset.UTF8)

Parameters

Parameter	Description
`input`	List of byte arrays.
`userName`	String containing the user name defined in the policy.
`dataElementName`	String containing the data element name defined in the policy.
`externalIV`	External IV is an optional argument. It is a buffer containing data that is used as an initialization vector and accepts input in byte format. When the external IV is null, its value is ignored.
`externalTweak`	External Tweak is an optional argument that is used only for the FPE data elements. It is a buffer containing data that is used as an external tweak and accepts input in byte format. When the external tweak is empty, its value is ignored.
`charset`	Charset is an optional argument. It indicates the encoding associated with the bytes of the input data. You can specify a value for this argument from the charset constants, such as, `UTF8`, `UTF16LE`, or `UTF16BE`. The default value for the charset argument is `UTF8`.

Important:
The charset parameter is mandatory for the data elements created with Unicode Gen2 tokenization method and the FPE encryption method.
The encoding set for the charset parameter must match the encoding of the input data passed.

Note: The charset argument is only applicable for the input data of byte type.

Returns

Tuple<List<byte[]>, int[]>: Returns a tuple of the following data:
- List of byte arrays of the protected data.
- Int array of the return codes.

Exception

ProtectorException: If the protect operation is unsuccessful, then an exception is thrown. For byte array, an exception is not thrown for error codes 22, 23, and 44. Instead, an error list is returned for the individual items in the bulk data.

Example

Tuple<List<byte[]>, int[]> bProt = protector.Protect({Encoding.BigEndianUnicode.GetBytes("Protegrity123"), Encoding.BigEndianUnicode.GetBytes("Protegrity12345")}, "user1", "UnicodeGen2_UTF16BE", Encoding.UTF8.GetBytes("abcd123"), null, charset:Charset.UTF16BE);

Unprotect - String API

This API unprotects the data provided as a string using a tokenization or Format Preserving Encryption (FPE) data elements.

public string Unprotect(string input, string userName, string dataElementName, byte[] externalIv = null, byte[] externalTweak = null)

Parameters

Parameter	Description
`input`	Input data to be unprotected in string format.
`userName`	String containing the user name defined in the policy.
`dataElementName`	String containing the data element name defined in the policy.
`externalIV`	External IV is an optional argument. It is a buffer containing data that is used as an initialization vector and accepts input in byte format. When the external IV is null, its value is ignored.
`externalTweak`	External Tweak is an optional argument that is used only for the FPE data elements. It is a buffer containing data that is used as an external tweak and accepts input in byte format. When the external tweak is empty, its value is ignored.

Returns

string: Unprotected data in string format.

Exception

ProtectorException: If the unprotect operation is unsuccessful, then an exception is thrown.

Example

string singleProt = protector.Protect("Protegrity1234", "user1", "AlphaNum", Encoding.UTF8.GetBytes("abcd123"), null);  

string singleUnprot = protector.Unprotect(singleProt, "user1", "AlphaNum", Encoding.UTF8.GetBytes("abcd123"), null);

Unprotect - Bulk String API

This API unprotects the data provided as a string array using a tokenization or Format Preserving Encryption (FPE) data elements.

It supports bulk unprotection. There is no maximum data limit. For more information about input data and data elements, refer to Protection Methods Reference.

public Tuple<string[],int[]> Unprotect(string[] input, string userName, string dataElementName, byte[] externalIv = null, byte[] externalTweak = null)

Parameters

Parameter	Description
`input`	Input array to be unprotected in string format.
`userName`	String containing the user name defined in the policy.
`dataElementName`	String containing the data element name defined in the policy.
`externalIV`	External IV is an optional argument. It is a buffer containing data that is used as an initialization vector and accepts input in byte format. When the external IV is null, its value is ignored.
`externalTweak`	External Tweak is an optional argument that is used only for the FPE data elements. It is a buffer containing data that is used as an external tweak and accepts input in byte format. When the external tweak is empty, its value is ignored.

Returns

Tuple<string[], int[]>: Returns a tuple of the following data:
- String array of the unprotected data.
- Int array of the return codes.

Exception

ProtectorException: If the unprotect operation is unsuccessful, then an exception is thrown. For string array, an exception is not thrown for error codes 22, 23, and 44. Instead, an error list is returned for the individual items in the bulk data.

Example

Tuple<string[], int[]> prot = protector.Protect({"Protegrity1", "Protegrity2", "Protegrity3"}, "user1", "AlphaNum", Encoding.UTF8.GetBytes("abcd123"), null);  

Tuple<string[], int[]> unprot = protector.Unprotect(prot.Item1, "user1", "AlphaNum", Encoding.UTF8.GetBytes("abcd123"), null);

Unprotect - Byte API

This API unprotects the data provided as bytes using an encryption or a tokenization data element.

public Unprotect(byte[] input, string userName, string dataElementName, byte[] externalIv =
null, byte[] externalTweak = null, int charset = Charset.UTF8)

Parameters

Parameter	Description
`input`	Input data to be unprotected in byte format.
`userName`	String containing the user name defined in the policy.
`dataElementName`	String containing the data element name defined in the policy.
`externalIV`	External IV is an optional argument. It is a buffer containing data that is used as an initialization vector and accepts input in byte format. When the external IV is null, its value is ignored.
`externalTweak`	External Tweak is an optional argument that is used only for the FPE data elements. It is a buffer containing data that is used as an external tweak and accepts input in byte format. When the external tweak is empty, its value is ignored.
`charset`	Charset is an optional argument. It indicates the encoding associated with the bytes of the input data. You can specify a value for this argument from the charset constants, such as, `UTF8`, `UTF16LE`, or `UTF16BE`. The default value for the charset argument is `UTF8`.

Important:
The charset parameter is mandatory for the data elements created with Unicode Gen2 tokenization method and the FPE encryption method.
The encoding set for the charset parameter must match the encoding of the input data passed.

Note: The charset argument is only applicable for the input data of byte type.

Returns

byte[]: Unprotected data in byte format.

Exception

ProtectorException: If the unprotect operation is unsuccessful, then an exception is thrown.

Example

byte[] singleByteProt = protector.Protect(Encoding.Unicode.GetBytes("Protegrity123"),
"user1", "UnicodeGen2_UTF16LE", Encoding.UTF8.GetBytes("abcd123"), null, charset: Charset.UTF16LE);  

byte[] singleByteUnprot = protector.Unprotect(singleByteProt, "user1", "UnicodeGen2_UTF16LE", Encoding.UTF8.GetBytes("abcd123"), null, charset:Charset.UTF16LE);

Unprotect - Bulk Byte API

This API unprotects the data provided as a byte array using an encryption or a tokenization data element.

It supports bulk unprotection. There is no maximum data limit. For more information about input data and data elements, refer to Protection Methods Reference.

public Tuple<List<byte[]>, int[]> Unprotect(List<byte[]> input, string userName, string dataElementName, byte[] externalIv = null, byte[] externalTweak = null, int charset = Charset.UTF8 )

Parameters

Parameter	Description
`input`	List of byte arrays.
`userName`	String containing the user name defined in the policy.
`dataElementName`	String containing the data element name defined in the policy.
`externalIV`	External IV is an optional argument. It is a buffer containing data that is used as an initialization vector and accepts input in byte format. When the external IV is null, its value is ignored.
`externalTweak`	External Tweak is an optional argument that is used only for the FPE data elements. It is a buffer containing data that is used as an external tweak and accepts input in byte format. When the external tweak is empty, its value is ignored.
`charset`	Charset is an optional argument. It indicates the encoding associated with the bytes of the input data. You can specify a value for this argument from the charset constants, such as, `UTF8`, `UTF16LE`, or `UTF16BE`. The default value for the charset argument is `UTF8`.

Important:
The charset parameter is mandatory for the data elements created with Unicode Gen2 tokenization method and the FPE encryption method.
The encoding set for the charset parameter must match the encoding of the input data passed.

Note: The charset argument is only applicable for the input data of byte type.

Returns

Tuple<List<byte[]>, int[]>: Returns a tuple of the following data:
- List of byte arrays of the protected data.
- Int array of the return codes.

Exception

ProtectorException: If the unprotect operation is unsuccessful, then an exception is thrown. For byte array, an exception is not thrown for error codes 22, 23, and 44. Instead, an error list is returned for the individual items in the bulk data.

Example

Tuple<List<byte[]>, int[]> bProt = protector.Protect({Encoding.BigEndianUnicode.GetBytes("Protegrity123"), Encoding.BigEndianUnicode.GetBytes("Protegrity12345")}, "user1", "UnicodeGen2_UTF16BE", Encoding.UTF8.GetBytes("abcd123"), null, charset: Charset.UTF16BE);  

Tuple<List<byte[]>, int[]> bUnprot = protector.Unprotect(bProt.Item1, "user1", "UnicodeGen2_UTF16BE", Encoding.UTF8.GetBytes("abcd123"), null, charset:Charset.UTF16BE);

Reprotect - String API

This API reprotects the data provided as a string using a tokenization or Format Preserving Encryption (FPE) data elements.

Warning:
If you are using the reprotect API, then the old data element and the new data element must have the same data type.
For example, if you have used an Alpha-Numeric data element to protect the data, then you must use only Alpha-Numeric data element to reprotect the data.

public string Reprotect(string input, string userName, string oldDataElementName, string newDataElementName, byte[] oldExternalIv = null, byte[] newExternalIv = null, byte[] oldExternalTweak = null, byte[] newExternalTweak = null)

Parameters

Parameter	Description
`input`	Input data to be reprotected in string format.
`userName`	String containing the user name defined in the policy.
`oldDataElementName`	String containing the old data element name defined in the policy.
`newDataElementName`	String containing the new data element name defined in the policy.
`oldExternalIv`	Old external IV is an optional argument. It is a buffer containing data that is used as an initialization vector and accepts input in byte format. When the old external IV is null, its value is ignored.
`newExternalIv`	New external IV is an optional argument. It is a buffer containing data that is used as an initialization vector and accepts input in byte format. When the new external IV is null, its value is ignored.
`oldExternalTweak`	Old external Tweak is an optional argument that is used only for the FPE data elements. It is a buffer containing data that is used as an external tweak and accepts input in byte format. When the old external tweak is empty, its value is ignored.
`newExternalTweak`	New external Tweak is an optional argument that is used only for the FPE data elements. It is a buffer containing data that is used as an external tweak and accepts input in byte format. When the new external tweak is empty, its value is ignored.

Returns

string: Reprotected data in string format.

Exception

ProtectorException: If the reprotect operation is unsuccessful, then an exception is thrown.

Example

string singleProt = protector.Protect("Protegrity1234", "user1", "AlphaNum",
Encoding.UTF8.GetBytes("abcd123"), null);  

string singleReprot = protector.Reprotect(singleProt, "user1", "AlphaNum", "AlphaNum_1", Encoding.UTF8.GetBytes("abcd123"), Encoding.UTF8.GetBytes("abcd123456"), null, null);

Reprotect - Bulk String API

This API reprotects the data provided as a string array using a tokenization or Format Preserving Encryption (FPE) data elements.

It supports bulk reprotection. There is no maximum data limit. For more information about input data and data elements, refer to Protection Methods Reference.

Warning:
If you are using the reprotect API, then the old data element and the new data element must have the same data type.
For example, if you have used an Alpha-Numeric data element to protect the data, then you must use only Alpha-Numeric data element to reprotect the data.

public Tuple<string[], int[]> Reprotect(string[] input, string userName, string oldDataElementName, string newDataElementName, byte[] oldExternalIv = null, byte[] newExternalIv = null, byte[] oldExternalTweak = null, byte[] newExternalTweak = null)

Parameters

Parameter	Description
`input`	Input array to be reprotected in string format.
`userName`	String containing the user name defined in the policy.
`oldDataElementName`	String containing the old data element name defined in the policy.
`newDataElementName`	String containing the new data element name defined in the policy.
`oldExternalIv`	Old external IV is an optional argument. It is a buffer containing data that is used as an initialization vector and accepts input in byte format. When the old external IV is null, its value is ignored.
`newExternalIv`	New external IV is an optional argument. It is a buffer containing data that is used as an initialization vector and accepts input in byte format. When the new external IV is null, its value is ignored.
`oldExternalTweak`	Old external Tweak is an optional argument that is used only for the FPE data elements. It is a buffer containing data that is used as an external tweak and accepts input in byte format. When the old external tweak is empty, its value is ignored.
`newExternalTweak`	New external Tweak is an optional argument that is used only for the FPE data elements. It is a buffer containing data that is used as an external tweak and accepts input in byte format. When the new external tweak is empty, its value is ignored.

Returns

Tuple<string[], int[]>: Returns a tuple of the following data:
- String array of the protected data.
- Int array of the return codes.

Exception

ProtectorException: If the reprotect operation is unsuccessful, then an exception is thrown. For string array, an exception is not thrown for error codes 22, 23, and 44. Instead, an error list is returned for the individual items in the bulk data.

Example

Tuple<string[], int[]> bulkProt = protector.Protect({"Protegrity1", "Protegrity2", "Protegrity3"}, "user1", "AlphaNum", Encoding.UTF8.GetBytes("abcd123"), null);  

Tuple<string[], int[]> bulkReprot = protector.Reprotect(bulkProt.Item1, "user1", "AlphaNum", "AlphaNum_1", Encoding.UTF8.GetBytes("abcd123"), Encoding.UTF8.GetBytes("abcd123456"), null, null);

Reprotect - Byte API

This API reprotects the data provided as bytes using an encryption or a tokenization data element.

Warning:
If you are using the reprotect API, then the old data element and the new data element must have the same data type.
For example, if you have used an Alpha-Numeric data element to protect the data, then you must use only Alpha-Numeric data element to reprotect the data.

public Reprotect(byte[] input, string userName, string oldDataElementName, string newDataElementName, byte[] oldExternalIv = null, byte[] newExternalIv = null, byte[] oldExternalTweak = null, byte[] newExternalTweak = null, int charset = Charset.UTF8)

Parameters

Parameter	Description
`input`	Input data to be reprotected in byte format.
`userName`	String containing the user name defined in the policy.
`oldDataElementName`	String containing the old data element name defined in the policy.
`newDataElementName`	String containing the new data element name defined in the policy.
`oldExternalIv`	Old external IV is an optional argument. It is a buffer containing data that is used as an initialization vector and accepts input in byte format. When the old external IV is null, its value is ignored.
`newExternalIv`	New external IV is an optional argument. It is a buffer containing data that is used as an initialization vector and accepts input in byte format. When the new external IV is null, its value is ignored.
`oldExternalTweak`	Old external Tweak is an optional argument that is used only for the FPE data elements. It is a buffer containing data that is used as an external tweak and accepts input in byte format. When the old external tweak is empty, its value is ignored.
`newExternalTweak`	New external Tweak is an optional argument that is used only for the FPE data elements. It is a buffer containing data that is used as an external tweak and accepts input in byte format. When the new external tweak is empty, its value is ignored.
`charset`	Charset is an optional argument. It indicates the encoding associated with the bytes of the input data. You can specify a value for this argument from the charset constants, such as, `UTF8`, `UTF16LE`, or `UTF16BE`. The default value for the charset argument is `UTF8`.

Important:
The charset parameter is mandatory for the data elements created with Unicode Gen2 tokenization method and the FPE encryption method.
The encoding set for the charset parameter must match the encoding of the input data passed.

Note: The charset argument is only applicable for the input data of byte type.

Returns

byte[]: Reprotected data in byte format.

Exception

ProtectorException: If the reprotect operation is unsuccessful, then an exception is thrown.

Example

byte[] singleByteProt = protector.Protect(Encoding.Unicode.GetBytes("Protegrity123"), "user1", "UnicodeGen2_UTF16LE", Encoding.UTF8.GetBytes("abcd123"), null, charset: Charset.UTF16LE);  

byte[] singleByteReprot = protector.Reprotect(singleByteProt, "user1", "UnicodeGen2_UTF16LE", "UnicodeGen2_UTF16LE_1", Encoding.UTF8.GetBytes("abcd123"), Encoding.UTF8.GetBytes("abcd123456"), null, null, charset:Charset.UTF16LE);

Reprotect - Bulk Byte API

This API reprotects the data provided as a byte array using an encryption or a tokenization data element.

It supports bulk reprotection. There is no maximum data limit. For more information about input data and data elements, refer to Protection Methods Reference.

Warning:
If you are using the reprotect API, then the old data element and the new data element must have the same data type.
For example, if you have used an Alpha-Numeric data element to protect the data, then you must use only Alpha-Numeric data element to reprotect the data.

public Tuple<List<byte[]>, int[]> Reprotect(List<byte[]> input, string userName, string oldDataElementName, string newDataElementName, byte[] oldExternalIv = null, byte[] newExternalIv = null, byte[] oldExternalTweak = null, byte[] newExternalTweak = null, int charset = Charset.UTF8)

Parameters

Parameter	Description
`input`	List of byte arrays.
`userName`	String containing the user name defined in the policy.
`oldDataElementName`	String containing the old data element name defined in the policy.
`newDataElementName`	String containing the new data element name defined in the policy.
`oldExternalIv`	Old external IV is an optional argument. It is a buffer containing data that is used as an initialization vector and accepts input in byte format. When the old external IV is null, its value is ignored.
`newExternalIv`	New external IV is an optional argument. It is a buffer containing data that is used as an initialization vector and accepts input in byte format. When the new external IV is null, its value is ignored.
`oldExternalTweak`	Old external Tweak is an optional argument that is used only for the FPE data elements. It is a buffer containing data that is used as an external tweak and accepts input in byte format. When the old external tweak is empty, its value is ignored.
`newExternalTweak`	New external Tweak is an optional argument that is used only for the FPE data elements. It is a buffer containing data that is used as an external tweak and accepts input in byte format. When the new external tweak is empty, its value is ignored.
`charset`	Charset is an optional argument. It indicates the encoding associated with the bytes of the input data. You can specify a value for this argument from the charset constants, such as, `UTF8`, `UTF16LE`, or `UTF16BE`. The default value for the charset argument is `UTF8`.

Important:
The charset parameter is mandatory for the data elements created with Unicode Gen2 tokenization method and the FPE encryption method.
The encoding set for the charset parameter must match the encoding of the input data passed.

Note: The charset argument is only applicable for the input data of byte type.

Returns

Tuple<List<byte[]>, int[]>: Returns a tuple of the following data:
- List of byte arrays of the protected data.
- Int array of the return codes.

Exception

ProtectorException: If the reprotect operation is unsuccessful, then an exception is thrown. For byte array, an exception is not thrown for error codes 22, 23, and 44. Instead, an error list is returned for the individual items in the bulk data.

Example

Tuple<List<byte[]>, int[]> bProt = protector.Protect({Encoding.BigEndianUnicode.GetBytes("Protegrity123"), Encoding.BigEndianUnicode.GetBytes("Protegrity12345")}, "user1", "UnicodeGen2_UTF16BE", Encoding.UTF8.GetBytes("abcd123"), null, charset: Charset.UTF16BE);  

Tuple<List<byte[]>, int[]> bReprot = protector.Reprotect(bProt.Item1, "user1", "UnicodeGen2_UTF16BE", "UnicodeGen2_UTF16BE_1", Encoding.UTF8.GetBytes("abcd123"), Encoding.UTF8.GetBytes("abcd123456"), null, null, charset:Charset.UTF16BE);

Using AP .Net Mock in a development environment

The AP .Net Mock can be used in a development environment. This is also known as mock implementation of AP .Net APIs. In this mode, the AP .Net Mock development package provides you with sample users and data elements that can be used to simulate the behavior of the actual APIs in production environment.

Caution: Do not install Mock AP .Net protector in a Production environment. When the AP .Net Mock APIs are used with the sample users and data elements provided with the development package, the output data is only a simulation of the protected or encrypted data. Do not use the AP .Net APIs in the development environment to protect, unprotect, or reprotect sensitive data.

Using Sample Data Elements and Sample Users for Simulating Protect, Unprotect, and Reprotect Scenarios

This section describes how to use the sample data elements and sample users for simulating the protect, unprotect, and reprotect scenarios.

Note: To view the sample project, refer to the following default location: C:\Program Files\Protegrity\sdk\dotnet\sample. This location contains the sample project with the Mock build for running code snippets simulating the protect, unprotect, and reprotect scenarios.

Mock Example - Protecting, Unprotecting, and Reprotecting String

This section describes how to use the protect, unprotect, and reprotect APIs for a string input data.

Example: Input string data
In the following example, the Protegrity1 string is used as the input data, which is protected and unprotected using the SUCCESS_STR data element. It is further reprotected using SUCCESS_REPROTECT_STR data element.

string protectedData = protector.Protect("Protegrity1", MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_STR);
Console.WriteLine($"Protected Data is:    {protectedData}");

string unprotectedData = protector.Unprotect(protectedData, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_STR);
Console.WriteLine($"Unprotected Data is:  {unprotectedData}");

string reprotectedData = protector.Reprotect(protectedData, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_STR, MockDataElement.SUCCESS_REPROTECT_STR);
Console.WriteLine($"Reprotected Data is:  {reprotectedData}");

Result

Protected Data is: ESUgkmSlgtq
Unprotected Data is: Protegrity1
Reprotected Data is: 5j4mBnjRmgT

Mock Example - Protecting, Unprotecting, and Reprotecting String Data with External IV

This section describes how to use the protect, unprotect, and reprotect APIs for string input data using external IV.

Note: If you want to pass the external IV to protect, unprotect, and reprotect APIs, then you must pass the external IV as bytes to the API.

Example
In the following example, the Protegrity1 string is used as the input data, which is protected and unprotected using the SUCCESS_STR data element, with the help of external IV 1234 that is passed as bytes. It is reprotected using the same SUCCESS_STR data element, but with the help of a different external IV 5678 that is passed as bytes.

string protectedData = protector.Protect("Protegrity1", MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_STR, Encoding.UTF8.GetBytes("1234"));
Console.WriteLine($"Protected Data is:    {protectedData}");

string unprotectedData = protector.Unprotect(protectedData, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_STR, Encoding.UTF8.GetBytes("1234"));
Console.WriteLine($"Unprotected Data is:  {unprotectedData}");

string reprotectedData = protector.Reprotect(protectedData, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_STR, MockDataElement.SUCCESS_STR, Encoding.UTF8.GetBytes("1234"), Encoding.UTF8.GetBytes("5678"));
Console.WriteLine($"Reprotected Data is:  {reprotectedData}");

Result

Protected Data is: LEtjnVE8jUy
Unprotected Data is: Protegrity1
Reprotected Data is: d1jhkG1MheU

Mock Example - Protecting, Unprotecting, and Reprotecting String Data with External IV and External Tweak

This section describes how to use the protect, unprotect, and reprotect APIs for string input data using external IV and external tweak.

Note: If you want to pass the external IV and external tweak to protect, unprotect, and reprotect APIs, then you must pass the external IV and external tweak as bytes.

Example
In the following example, the Protegrity1 string is used as the input data, which is protected and unprotected using the SUCCESS_STR data element, with the help of external IV 1234 and external tweak abcd passed as bytes. It is reprotected using the same SUCCESS_STR data element, but with the help of a different external IV 5678 and external tweak zyxw passed as bytes.

string protectedData = protector.Protect("Protegrity1", MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_STR, Encoding.UTF8.GetBytes("1234"), Encoding.UTF8.GetBytes("abcd"));
Console.WriteLine($"Protected Data is:    {protectedData}");

string unprotectedData = protector.Unprotect(protectedData, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_STR, Encoding.UTF8.GetBytes("1234"), Encoding.UTF8.GetBytes("abcd"));
Console.WriteLine($"Unprotected Data is:  {unprotectedData}");

string reprotectedData = protector.Reprotect(protectedData, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_STR, MockDataElement.SUCCESS_STR, Encoding.UTF8.GetBytes("1234"), Encoding.UTF8.GetBytes("5678"), Encoding.UTF8.GetBytes("abcd"), Encoding.UTF8.GetBytes("zyxw"));
Console.WriteLine($"Reprotected Data is:  {reprotectedData}");

Result

Protected Data is: euDUv6uoUrP
Unprotected Data is: Protegrity1
Reprotected Data is: vmXGROmDGue

Mock Example - Protecting, Unprotecting, and Reprotecting Bulk String Data

This section describes how to use the protect, unprotect, and reprotect APIs for bulk string input data.

Example 1
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in an array and used as bulk data, which is protected and unprotected using the SUCCESS_STR data element. It is further reprotected using SUCCESS_REPROTECT_STR data element.

string[] bulkInput = { "protegrity1234", "Protegrity1", "Protegrity56" };

Tuple<string[], int[]> bulkProtectedData = protector.Protect(bulkInput, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_STR);
Console.WriteLine("Protected Data is: ");
for (int i = 0; i < bulkProtectedData.Item1.Length; i++)
{
    Console.WriteLine(bulkProtectedData.Item1[i] + " " + bulkProtectedData.Item2[i]);
}
Console.WriteLine("\n");

Tuple<string[], int[]> bulkUnprotectedData = protector.Unprotect(bulkProtectedData.Item1, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_STR);
Console.WriteLine("Unprotected Data is: ");
for (int i = 0; i < bulkUnprotectedData.Item1.Length; i++)
{
    Console.WriteLine(bulkUnprotectedData.Item1[i] + " " + bulkUnprotectedData.Item2[i]);
}
Console.WriteLine("\n");

Tuple<string[], int[]> bulkReprotectedData = protector.Reprotect(bulkProtectedData.Item1, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_STR, MockDataElement.SUCCESS_REPROTECT_STR);
Console.WriteLine("Reprotected Data is: ");
for (int i = 0; i < bulkReprotectedData.Item1.Length; i++)
{
    Console.WriteLine(bulkReprotectedData.Item1[i] + " " + bulkReprotectedData.Item2[i]);
}

Result

Protected Data is:
cSUgkmSlgtqwi8 6
ESUgkmSlgtq 6
ESUgkmSlgtNK 6

Unprotected Data is:
protegrity1234 8
Protegrity1 8
Protegrity56 8

Reprotected Data is:
Oj4mBnjRmgTIlD 50
5j4mBnjRmgT 50
5j4mBnjRmgYh 50

For each element in an array -

6 is the success return code for the protect operation.
8 is the success return code for the unprotect operation.
50 is the success return code for the reprotect operation.

Mock Example - Protecting, Unprotecting, and Reprotecting Bulk String Data with External IV

This section describes how to use the protect, unprotect, and reprotect APIs for bulk string input data using external IV.

Note: If you want to pass the external IV to protect, unprotect, and reprotect APIs, then you must pass the external IV as bytes to the API.

Example: Input string data
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in an array and used as bulk input data, which is protected and unprotected using the SUCCESS_STR data element with the help of external IV 1234 that is passed as bytes. It is reprotected using the same SUCCESS_STR data element, but with the help of a different external IV 5678 that is passed as bytes.

string[] bulkInput = { "protegrity1234", "Protegrity1", "Protegrity56" };

Tuple<string[], int[]> bulkProtectedData = protector.Protect(bulkInput, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_STR, Encoding.UTF8.GetBytes("1234"));
Console.WriteLine("Protected Data is: ");
for (int i = 0; i < bulkProtectedData.Item1.Length; i++)
{
    Console.WriteLine(bulkProtectedData.Item1[i] + " " + bulkProtectedData.Item2[i]);
}
Console.WriteLine("\n");

Tuple<string[], int[]> bulkUnprotectedData = protector.Unprotect(bulkProtectedData.Item1, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_STR, Encoding.UTF8.GetBytes("1234"));
Console.WriteLine("Unprotected Data is: ");
for (int i = 0; i < bulkUnprotectedData.Item1.Length; i++)
{
    Console.WriteLine(bulkUnprotectedData.Item1[i] + " " + bulkUnprotectedData.Item2[i]);
}
Console.WriteLine("\n");

Tuple<string[], int[]> bulkReprotectedData = protector.Reprotect(bulkProtectedData.Item1, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_STR, MockDataElement.SUCCESS_STR, Encoding.UTF8.GetBytes("1234"), Encoding.UTF8.GetBytes("5678"));
Console.WriteLine("Reprotected Data is: ");
for (int i = 0; i < bulkReprotectedData.Item1.Length; i++)
{
    Console.WriteLine(bulkReprotectedData.Item1[i] + " " + bulkReprotectedData.Item2[i]);
}

Result

Protected Data is:
WEtjnVE8jUy2Xr 6
LEtjnVE8jUy 6
LEtjnVE8jUlR 6

Unprotected Data is:
protegrity1234 8
Protegrity1 8
Protegrity56 8

Reprotected Data is:
i1jhkG1MheU26E 50
d1jhkG1MheU 50
d1jhkG1MheZF 50

For each element in an array -

6 is the success return code for the protect operation.
8 is the success return code for the unprotect operation.
50 is the success return code for the reprotect operation.

Mock Example - Protecting, Unprotecting, and Reprotecting Bulk String Data Using External IV and External Tweak

This section describes how to use the protect, unprotect, and reprotect APIs for bulk string input data using external IV and external tweak.

Note: If you want to pass the external IV and external tweak to protect, unprotect, and reprotect APIs, then you must pass the external IV and external tweak as bytes.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in an array and used as bulk input data. This bulk data is protected and unprotected using the SUCCESS_STR data element, with the help of external IV 1234 and external tweak xyz that are both passed as bytes. It is reprotected using the same SUCCESS_STR data element, but with the help of a different external IV 5678 and external tweak abc passed as bytes.

string[] bulkInput = { "protegrity1234", "Protegrity1", "Protegrity56" };

Tuple<string[], int[]> bulkProtectedData = protector.Protect(bulkInput, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_STR, Encoding.UTF8.GetBytes("1234"), Encoding.UTF8.GetBytes("abcd"));
Console.WriteLine("Protected Data is: ");
for (int i = 0; i < bulkProtectedData.Item1.Length; i++)
{
    Console.WriteLine(bulkProtectedData.Item1[i] + " " + bulkProtectedData.Item2[i]);
}
Console.WriteLine("\n");

Tuple<string[], int[]> bulkUnprotectedData = protector.Unprotect(bulkProtectedData.Item1, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_STR, Encoding.UTF8.GetBytes("1234"), Encoding.UTF8.GetBytes("abcd"));
Console.WriteLine("Unprotected Data is: ");
for (int i = 0; i < bulkUnprotectedData.Item1.Length; i++)
{
    Console.WriteLine(bulkUnprotectedData.Item1[i] + " " + bulkUnprotectedData.Item2[i]);
}
Console.WriteLine("\n");

Tuple<string[], int[]> bulkReprotectedData = protector.Reprotect(bulkProtectedData.Item1, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_STR, MockDataElement.SUCCESS_STR, Encoding.UTF8.GetBytes("1234"), Encoding.UTF8.GetBytes("5678"), Encoding.UTF8.GetBytes("abcd"), Encoding.UTF8.GetBytes("zyxw"));
Console.WriteLine("Reprotected Data is: ");
for (int i = 0; i < bulkReprotectedData.Item1.Length; i++)
{
    Console.WriteLine(bulkReprotectedData.Item1[i] + " " + bulkReprotectedData.Item2[i]);
}

Result

Protected Data is:
huDUv6uoUrPBbk 6
euDUv6uoUrP 6
euDUv6uoUrKO 6  

Unprotected Data is:
protegrity1234 8
Protegrity1 8
Protegrity56 8  

Reprotected Data is:
HmXGROmDGueMs7 50
vmXGROmDGue 50
vmXGROmDGuEY 50

For each element in an array -

6 is the success return code for the protect operation.
8 is the success return code for the unprotect operation.
50 is the success return code for the reprotect operation.

Mock Example - Protecting, Unprotecting, and Reprotecting Bytes Data

This section describes how to use the protect, unprotect, and reprotect APIs for bytes data.

Example 1
In the following example, Protegrity1 string is first converted to bytes. The bytes data is then protected and unprotected using the SUCCESS_BYTE data element. It is further reprotected using SUCCESS_REPROTECT_BYTE data element.

byte[] inputData = Encoding.UTF8.GetBytes("Protegrity1");
Console.WriteLine("Input Data is: ");
for (int i = 0; i < inputData.Length; i++)
{
    Console.Write(inputData[i]);
}
Console.WriteLine("\n");

byte[] protectedData = protector.Protect(inputData, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_BYTE);
Console.WriteLine("Protected Data is: ");
for (int i = 0; i < protectedData.Length; i++)
{
    Console.Write(protectedData[i]);
}
Console.WriteLine("\n");

byte[] unprotectedData = protector.Unprotect(protectedData, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_BYTE);
Console.WriteLine("Unprotected Data is: ");
for (int i = 0; i < unprotectedData.Length; i++)
{
    Console.Write(unprotectedData[i]);
}
Console.WriteLine("\n");

byte[] reprotectedData = protector.Reprotect(protectedData, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_BYTE, MockDataElement.SUCCESS_REPROTECT_BYTE);
Console.WriteLine("Reprotected Data is: ");
for (int i = 0; i < reprotectedData.Length; i++)
{
    Console.Write(reprotectedData[i]);
}

Result

Input Data is: 
8011411111610110311410511612149  

Protected Data is:
47682201011125321921025550132517810423224  

Unprotected Data is:
8011411111610110311410511612149  

Reprotected Data is:
2363619902426812914815513921612420620922714019534172719623784164388416718387142154

Mock Example - Protecting, Unprotecting, and Reprotecting Bulk Bytes Data

This section describes how to use the protect, unprotect, and reprotect APIs for bulk bytes data.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are first converted to bytes. The converted byte arrays are stored together in a tuple structure which is protected and unprotected using the SUCCESS_BYTE data element. It is further reprotected using SUCCESS_REPROTECT_BYTE data element.

string[] input = { "protegrity1234", "Protegrity1", "Protegrity56" };
List<byte[]> bulkInput = new List<byte[]>(input.Length);
for (int i = 0; i < input.Length; i++)
{
    bulkInput.Add(Encoding.UTF8.GetBytes(input[i]));
}
Console.WriteLine("Input Data is: ");
for (int i = 0; i < bulkInput.Count; i++)
{
    for (int j = 0; j < bulkInput[i].Length; j++)
    {
        Console.Write(bulkInput[i][j]);
    }
    Console.WriteLine();
}
Console.WriteLine("\n");


Tuple<List<byte[]>, int[]> bulkProtectedData = protector.Protect(bulkInput, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_BYTE);
Console.WriteLine("Protected Data is: ");
for (int i = 0; i < bulkProtectedData.Item1.Count; i++)
{
    for (int j = 0; j < bulkProtectedData.Item1[i].Length; j++)
    {
        Console.Write(bulkProtectedData.Item1[i][j]);
    }
    Console.WriteLine();
}
Console.WriteLine("\n");

Tuple<List<byte[]>, int[]> bulkUnprotectedData = protector.Unprotect(bulkProtectedData.Item1, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_BYTE);
Console.WriteLine("Unprotected Data is: ");
for (int i = 0; i < bulkUnprotectedData.Item1.Count; i++)
{
    for (int j = 0; j < bulkUnprotectedData.Item1[i].Length; j++)
    {
        Console.Write(bulkUnprotectedData.Item1[i][j]);
    }
    Console.WriteLine();
}
Console.WriteLine("\n");

Tuple<List<byte[]>, int[]> bulkReprotectedData = protector.Reprotect(bulkProtectedData.Item1, MockPolicyUser.ALL_USER, MockDataElement.SUCCESS_BYTE, MockDataElement.SUCCESS_REPROTECT_BYTE);
Console.WriteLine("Reprotected Data is: ");
for (int i = 0; i < bulkReprotectedData.Item1.Count; i++)
{
    for (int j = 0; j < bulkReprotectedData.Item1[i].Length; j++)
    {
        Console.Write(bulkReprotectedData.Item1[i][j]);
    }
    Console.WriteLine();
}

Result

Input Data is:
11211411111610110311410511612149505152
8011411111610110311410511612149
801141111161011031141051161215354  

Protected Data is:
24093431762273117614310419921525514617222667
47682201011125321921025550132517810423224
1226546236412520317611892221391111512195  

Unprotected Data is:
11211411111610110311410511612149505152
8011411111610110311410511612149
801141111161011031141051161215354  

Reprotected Data is:
1097873234601451681642431861332456611012491206245210191127130232438913019025466141128178
2363619902426812914815513921612420620922714019534172719623784164388416718387142154
172272218917715815199140240911562181962161361652852686202401579322821724417010138

Using Sample Data Elements for Simulating Auxiliary API Scenarios

This section describes how to use the sample data elements and sample users for simulating the following auxiliary API scenarios:

Get the protector and core version.
Checking access permissions with success output.
Checking access permissions with failure output.

Mock Example - GetVersion API

The GetVersion API returns the mock extended version of the AP .Net in use. The mock extended version consists of the AP .Net version number and sample Core version.

public string GetVersion()

Parameters

None

Returns

string: Returns an object with product version of the installed AP .Net and sample Core version.

Exception

None

Example

protector.GetVersion();

Result

SDK Version: 10.0.0.x, Core Version: 2.1.1+0.x

Note: The Core Version is for representational purposes only. The actual implementation may vary depending on the customer’s installation.

Mock Example - Success Scenario for Checking Access Permissions

This section lists the success scenario when you check the access permission status of the user for a specified data element.

Example
In the following example, the CheckAccess API returns True when you check the permission of ALL_USER for unprotecting the data using the SUCCESS_STR data element.

bool access = protector.CheckAccess(MockPolicyUser.ALL_USER,
MockDataElement.SUCCESS_STR, CheckAccessType.UNPROTECT);
Console.WriteLine(access);

Result

True

Mock Example - Failure Scenario for Checking Access Permissions

This section lists the failure scenario when you check the access permission status of the user for a specified data element.

Example
In the following example, the CheckAccess API returns False when you check the permission of NO_PROTECT_USER for protecting the data using the SUCCESS_STR data element.

bool access = protector.CheckAccess(MockPolicyUser.NO_PROTECT_USER,
MockDataElement.SUCCESS_STR, CheckAccessType.PROTECT);
Console.WriteLine(access);

Result

False

Using Sample Data Elements for Simulating Error Scenarios

This section describes how to use the sample data elements for simulating error scenarios while protecting, unprotecting, and reprotecting the data.

Mock Example - Invalid Data Element Exception

This section describes an example scenario where if a data element that is not defined in a policy is used to protect single or bulk data.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using an INVALID data element.

try
{
    protector = Protector.GetProtector();

    protector.Protect("Protegrity1", MockPolicyUser.ALL_USER, "INVALID_DE");
}
catch (ProtectorException e)
{
    Console.WriteLine(e);
}

Result

2, The data element could not be found in the policy.

Mock Example - Input Data Too Short

This section describes an example scenario where if the data to be protected or unprotected is too short.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the INPUT_TOO_SHORT data element.

try
{
    protector = Protector.GetProtector();

    protector.Protect("Protegrity1", MockPolicyUser.ALL_USER, MockDataElement.INPUT_TOO_SHORT);
}
catch (ProtectorException e)
{
    Console.WriteLine(e);
}

Result

22, Data is too short to be protected/unprotected.

Example: Bulk Data
In the following example, the Protegrity1234, Protegrity1, and Protegrity56 strings are added in an array and used as input bulk data. The input data is being protected using the INPUT_TOO_SHORT data element.

string[] bulkInput = { "protegrity1234", "Protegrity1", "Protegrity56" };

Tuple<string[], int[]> protectedData = protector.Protect(bulkInput, MockPolicyUser.ALL_USER, MockDataElement.INPUT_TOO_SHORT);

foreach (int retCode in protectedData.Item2) {
    Console.WriteLine(retCode);
}

Result

22
22
22

Mock Example - Input Data Too Long

This section describes an example scenario where if the data to be protected or unprotected is too long.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the INPUT_TOO_LONG data element.

try
{
    protector = Protector.GetProtector();

    protector.Protect("Protegrity1", MockPolicyUser.ALL_USER, MockDataElement.INPUT_TOO_LONG);
}
catch (ProtectorException e)
{
    Console.WriteLine(e);
}

Result

23, Data is too long to be protected/unprotected.

Example: Bulk Data

In the following example, the Protegrity1234, Protegrity1, and Protegrity56 strings are added in an array and used as input bulk data. The input data is being protected using the INPUT_TOO_LONG data element.

string[] bulkInput = { "protegrity1234", "Protegrity1", "Protegrity56" };

Tuple<string[], int[]> protectedData = protector.Protect(bulkInput, MockPolicyUser.ALL_USER, MockDataElement.INPUT_TOO_LONG);

foreach (int retCode in protectedData.Item2) {
    Console.WriteLine(retCode);
}

Result

23
23
23

Mock Example - Unsupported Algorithm

This section describes an example scenario where if the protection method used to protect the data is not supported by the API.

Example
In the following example, the Protegrity1 string is used as the data, which is being protected using the UNSUPPORTED_ALGORITHM data element.

try
{
    protector = Protector.GetProtector();

    protector.Protect("Protegrity1", MockPolicyUser.ALL_USER, MockDataElement.UNSUPPORTED_ALGORITHM);
}
catch (ProtectorException e)
{
    Console.WriteLine(e);
}

Result

26, Unsupported algorithm or unsupported action for the specific data element.

Mock Example - Empty Policy

This section describes an example scenario where if the data is protected without the policy being present in shared memory.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the EMPTY_POLICY data element.

try
{
    protector = Protector.GetProtector();

    protector.Protect("Protegrity1", MockPolicyUser.ALL_USER, MockDataElement.EMPTY_POLICY);
}
catch (ProtectorException e)
{
    Console.WriteLine(e);
}

Result

31, Policy not available.

Mock Example - Invalid Input

This section describes an example scenario where if the data to be protected is invalid.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the INPUT_NOT_VALID data element.

try
{
    protector = Protector.GetProtector();

    protector.Protect("Protegrity1", MockPolicyUser.ALL_USER, MockDataElement.INPUT_NOT_VALID);
}
catch (ProtectorException e)
{
    Console.WriteLine(e);
}

Result

44, The content of the input data is not valid.

string[] bulkInput = { "protegrity1234", "Protegrity1", "Protegrity56" };

Tuple<string[], int[]> protectedData = protector.Protect(bulkInput, MockPolicyUser.ALL_USER, MockDataElement.INPUT_NOT_VALID);

foreach (int retCode in protectedData.Item2) {
    Console.WriteLine(retCode);
}

Result

44
44
44

Using Sample Users for Simulating Error Scenarios

This section describes how to use sample users for simulating the user-related error scenarios while protecting, unprotecting, and reprotecting the data.

Mock Example - Invalid User Exception

This section describes an example scenario where if a user who is not defined in a policy is used to protect single or bulk data.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the NO_USER user and SUCCESS_STR data element.

try
{
    protector = Protector.GetProtector();

    protector.Protect("Protegrity1", MockPolicyUser.NO_USER, MockDataElement.SUCCESS_STR);
}
catch (ProtectorException e)
{
    Console.WriteLine(e);
}

Result

1, The username could not be found in the policy.

Mock Example - Long User Name

This section describes an example scenario where if the name of the user, who is protecting or unprotecting the data, is too long. For instance, if the user name is greater than 255 bytes.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the SUCCESS_STR data element and USER_TOO_LONG user.

try
{
    protector = Protector.GetProtector();

    protector.Protect("Protegrity1", MockPolicyUser.USER_TOO_LONG, MockDataElement.SUCCESS_STR);
}
catch (ProtectorException e)
{
    Console.WriteLine(e);
}

Result

25, Username too long.

Mock Example - No Protect User

This section describes an example scenario where in which a user does not have privileges to protect data.

Example: Single Data
In the following example, the NO_PROTECT_USER user is used to protect the Protegrity1 string using the SUCCESS_STR data element.

try
{
    protector = Protector.GetProtector();

    protector.Protect("Protegrity1", MockPolicyUser.NO_PROTECT_USER, MockDataElement.SUCCESS_STR);
}
catch (ProtectorException e)
{
    Console.WriteLine(e);
}

Result

3, The user does not have the appropriate permissions to perform the requested operation.

Mock Example - No Reprotect User

This section describes an example scenario where in which a user does not have privileges to reprotect data.

Example: Single Data
In the following example, the NO_REPROTECT_USER user is used to try and reprotect the Protegrity1 string using the SUCCESS_REPROTECT_STR data element.

try
{
    protector = Protector.GetProtector();

    protector.Reprotect("Protegrity1", MockPolicyUser.NO_REPROTECT_USER, MockDataElement.SUCCESS_STR, MockDataElement.SUCCESS_REPROTECT_STR);
}
catch (ProtectorException e)
{
    Console.WriteLine(e);
}

Result

3, The user does not have the appropriate permissions to perform the requested operation.

Mock Example - No Unprotect Null User

This section describes an example scenario where in which a user does not have privileges to unprotect data. In this case, if the user tries to unprotect the data, then the unprotect API returns a null value.

Example: Single Data
In the following example, the NO_UNPROTECT_NULL_USER user is first used to protect the Protegrity1 string using the SUCCESS_STR data element. Then, the NO_UNPROTECT_NULL_USER user is used to try and unprotect the protected input data using the same data element. However, the user is unable to unprotect the data and the API returns a null value.

try
{
    protector = Protector.GetProtector();

    string protData = protector.Protect("Protegrity1", MockPolicyUser.NO_UNPROTECT_NULL_USER, MockDataElement.SUCCESS_STR);
    Console.WriteLine(protData);
    string unprotData = protector.Unprotect(protData, MockPolicyUser.NO_UNPROTECT_NULL_USER, MockDataElement.SUCCESS_STR);

    if (unprotData == null)
    {
        Console.WriteLine("The unprotect output is null.");
    }
}
catch (ProtectorException e)
{
    Console.WriteLine(e);
}

Result

ESUgkmSlgtq
The unprotect output is null.

Example: Bulk Data
In the following example, Protegrity1234, Protegrity1, and Protegrity56 strings are added in an array, which is used as the input bulk data. The NO_UNPROTECT_NULL_USER user is first used to protect the input data using the SUCCESS_STR data element. Then, the NO_UNPROTECT_NULL_USER user is used to try and unprotect the protected input data using the same data element.

try
{
    protector = Protector.GetProtector();
    
    string[] bulkInput = { "protegrity1234", "Protegrity1", "Protegrity56" };

    Tuple<string[], int[]> protectedData = protector.Protect(bulkInput, MockPolicyUser.NO_UNPROTECT_NULL_USER, MockDataElement.SUCCESS_STR);
    Tuple<string[], int[]> unprotectedData = protector.Unprotect(protectedData.Item1, MockPolicyUser.NO_UNPROTECT_NULL_USER, MockDataElement.SUCCESS_STR);

    Console.WriteLine("Return codes:");
    for (int i = 0; i < unprotectedData.Item1.Length; i++)
    {
        Console.WriteLine(unprotectedData.Item2[i]);
        if (unprotectedData.Item1[i] == null)
        {
            Console.WriteLine("The unprotect output is null.");
        }
    }
}
catch (ProtectorException e)
{
    Console.WriteLine(e);
}

Result

Return codes:
3
The unprotect output is null.
3
The unprotect output is null.
3
The unprotect output is null.

Mock Example - No Unprotect Exception User

This section describes an example scenario where in which a user does not have privileges to unprotect data. In this case, if the user tries to unprotect the data, then the unprotect API throws an exception.

Example: Single Data
In the following example, the NO_UNPROTECT_EXC_USER user is first used to protect the Protegrity1 string using the SUCCESS_STR data element. Then, the NO_UNPROTECT_EXC_USER user is used to try and unprotect the protected input data using the same data element. However, the user is unable to unprotect the data and the API throws an exception.

try
{
    protector = Protector.GetProtector();

    string protData = protector.Protect("Protegrity1", MockPolicyUser.NO_UNPROTECT_EXC_USER, MockDataElement.SUCCESS_STR);
    string unprotData = protector.Unprotect(protData, MockPolicyUser.NO_UNPROTECT_EXC_USER, MockDataElement.SUCCESS_STR);
}
catch (ProtectorException e)
{
    Console.WriteLine(e);
}

Result

3, The user does not have the appropriate permissions to perform the requested operation.

Mock Example - No Unprotect Protected User

This section provides an example scenario where in which a user does not have privileges to unprotect data. In this case, if the user tries to unprotect the data, then the unprotect API returns the protected input data.

Example: Single Data
In the following example, the NO_UNPROTECT_PROTECTED_USER user is first used to protect the Protegrity1 string using the SUCCESS_STR data element. Then, the NO_UNPROTECT_PROTECTED_USER user is used to try and unprotect the protected input data using the same data element. However, the user is unable to unprotect the data, and the API returns the protected input data.

try
{
    protector = Protector.GetProtector();

    string protData = protector.Protect("Protegrity1", MockPolicyUser.NO_UNPROTECT_PROTECTED_USER, MockDataElement.SUCCESS_STR);
    Console.WriteLine($"Protected Data is: {protData}");
    string unprotData = protector.Unprotect(protData, MockPolicyUser.NO_UNPROTECT_PROTECTED_USER, MockDataElement.SUCCESS_STR);
    Console.WriteLine($"Unprotected Data is:  {unprotData}");
}
catch (ProtectorException e)
{
    Console.WriteLine(e);
}

Result

Protected Data is: ESUgkmSlgtq
Unprotected Data is: ESUgkmSlgtq

Example: Bulk Data
In the following example, Protegrity1234, Protegrity1, and Protegrity56 strings are added in an array, which is used as the input bulk data. The NO_UNPROTECT_PROTECTED_USER user is first used to protect the input data using the SUCCESS_STR data element. Then, the NO_UNPROTECT_PROTECTED_USER user is used to try and unprotect the protected input data using the same data element.

try
{
    protector = Protector.GetProtector();

    string[] bulkInput = { "protegrity1234", "Protegrity1", "Protegrity56" };

    Tuple<string[], int[]> protData = protector.Protect(bulkInput, MockPolicyUser.NO_UNPROTECT_PROTECTED_USER, MockDataElement.SUCCESS_STR);
    Tuple<string[], int[]> unprotData = protector.Unprotect(protData.Item1, MockPolicyUser.NO_UNPROTECT_PROTECTED_USER, MockDataElement.SUCCESS_STR);

    Console.WriteLine($"Protected Data is:  {string.Join(", ", protData.Item1)}");
    Console.WriteLine($"Unprotected Data is:  {string.Join(", ", unprotData.Item1)}");
}
catch (ProtectorException e)
{
    Console.WriteLine(e);
}

Result

Protected Data is: cSUgkmSlgtqwi8, ESUgkmSlgtq, ESUgkmSlgtNK
Unprotected Data is: cSUgkmSlgtqwi8, ESUgkmSlgtq, ESUgkmSlgtNK

3.7 - Additional Topics

Learn about the AP .Net documentation with advanced operational insights and platform-specific guidance.

This section expands the core Application Protector (AP) .Net documentation.

Uninstalling AP .Net on Windows involves removing binaries, configuration files, and dependencies.
Understanding AP .Net’s memory footprint is critical for performance tuning and resource allocation.
Understanding the installation of AP .Net on Windows in a development environment.

3.7.1 - Memory Usage of the AP .Net

The memory usage in the AP .Net for different policy sizes with a sample.

Using the Sample .Net Application to Test Memory Usage for Policies

This article provides information about memory requirements of the AP .Net. A sample .Net application is provided below. It can be used to test the memory requirements of policies of various sizes. Results of that testing are based on the memory usage of a single instance of a .Net process, excluding LogForwarder and RP Agent.

Sample application

The following is a sample .Net application.

using System;
using System.Collections.Generic;
using System.Text;
using Protegrity.Net;
using Protegrity.PException;

namespace APDotNetTest
{
    /**********************************************************************************************/
    /**
     * @class   Program
     *
     * @brief   A sample program for Application .NET Protector.
     *
     **************************************************************************************************/
    class Program
    {
        private const string dataElementName = "alphanum";
        private const string newDataElementName = "alphanumreprot";
        private const string userName = "policyuser";


        /**********************************************************************************************/
        /**
         * @fn  static void Main(string[] args)
         *
         * @brief   Main entry-point for this application
         *
         * @param   args    An array of command-line argument strings.
         **************************************************************************************************/

        static void Main(string[] args)
        { 
            try
            {
                /* Dispose() is a method defined by the IDisposable interface in .NET. 
                 * It’s used to release unmanaged resources.
                 * .NET garbage collector only cleans up managed memory. If your class uses unmanaged resources, 
                 * you must clean them up manually — and that’s what Dispose() is for.
                 * 
                 * ====================
                 * With using 
                 * ====================
                 * You're telling the compiler:
                 * "Create this object, and automatically call Dispose() on it 
                 * when it goes out of scope."
                 * This is called a using declaration, and it ensures that cleanup happens even if
                 * an exception occurs.
                 * 
                 * ======================
                 * Without using
                 * ======================
                 * You have to call dispose manually.
                 */

                using Protector protector = Protector.GetProtector();

                /**
                 * Sample input string data for single operations.
                 */
                string singleInput = "Hello Protegrity";
                byte[] singleByteInput = Encoding.UTF8.GetBytes(singleInput);

                Console.WriteLine("#########################################");
                Console.WriteLine("# Protegrity Application .NET Protector #");
                Console.WriteLine("#########################################\n");

                /**
                 * Calling GetVersion to print APDotNet sdk and Core version.
                 */
                Console.WriteLine(protector.GetVersion() + "\n");
                Console.WriteLine("--------------------------------------");
                Console.WriteLine("-     Single Protect API             -");
                Console.WriteLine("--------------------------------------");
                Console.WriteLine($"Input Data is:        {singleInput}\n");


                /**
                 * Use protector object to call single string Protect API.
                 */
                string protectedData = protector.Protect(singleInput, userName, dataElementName);
                Console.WriteLine("With String Data Type");
                Console.WriteLine("-----------------------");
                Console.WriteLine($"Protected Data is:    {protectedData}");

                /**
                 * Use protector object to call single string Unprotect API
                 */
                string unprotectedData = protector.Unprotect(protectedData, userName, dataElementName);
                Console.WriteLine($"Unprotected Data is:  {unprotectedData}\n");

                /**
                * Use protector object to call single string Reprotect API.
                */
                string reprotectedData = protector.Reprotect(protectedData, userName, dataElementName, newDataElementName);
                Console.WriteLine($"Reprotected Data is:  {reprotectedData}");

                /**
                 * Use protector object to call single string Unprotect API
                 */
                string unprotectReprotectedData = protector.Unprotect(reprotectedData, userName, newDataElementName);
                Console.WriteLine($"Unprotected Data is:  {unprotectReprotectedData}\n");

                /** 
                 * Use protector object to call single byte Protect API.
                 */
                byte[] byteProtectedData = protector.Protect(singleByteInput, userName, dataElementName);
                Console.WriteLine("With Byte Data Type");
                Console.WriteLine("----------------------");
                Console.WriteLine($"Protected Byte Data is:    {Encoding.UTF8.GetString(byteProtectedData)}");

                /**
                 * Use protector object to call single byte Unprotect API
                 */
                byte[] byteUnprotectedData = protector.Unprotect(byteProtectedData, userName, dataElementName);
                Console.WriteLine($"Unprotected Byte Data is:  {Encoding.UTF8.GetString(byteUnprotectedData)}\n");

                /**
                 * Use protector object to call single byte Reprotect API.
                 */
                byte[] byteReprotectedData = protector.Reprotect(byteProtectedData, userName, dataElementName, newDataElementName);
                Console.WriteLine($"Reprotected Byte Data is:  {Encoding.UTF8.GetString(byteReprotectedData)}");

                /**
                 * Use protector object to call single byte Unprotect API
                 */
                byte[] byteUnprotectReprotectedData = protector.Unprotect(byteReprotectedData, userName, newDataElementName);
                Console.WriteLine($"Unprotected Byte Data is:  {Encoding.UTF8.GetString(byteUnprotectReprotectedData)}");
                Console.WriteLine("\n");

                /**
                 * Sample bulk string input data
                 */
                string[] bulkInput = { "The Alpha-numeric token type tokenizes all alphabetic symbols (both lowercase and uppercase letters), as well as digits.", "Digits 0 through 9, Lowercase letters a through z, Uppercase letters A through Z", "alphanumeric data 1234567890 !@#$%^&* with special characters", "ALL THE CHARACTERS IN THIS STRING ARE UPPERCASE", "UPPERCASE WITH 1234567890 NUMBERS AND !@#$%^&*() SPECIAL CHARACTERS" };
                List<byte[]> byteBulkInput = new List<byte[]>(bulkInput.Length);

                Console.WriteLine("--------------------------------------");
                Console.WriteLine("-         Bulk Protect API           -");
                Console.WriteLine("--------------------------------------");

                Console.WriteLine("Input Data is:");

                /**
                 * Converting string data to byte data.
                 */
                for (int i = 0; i < bulkInput.Length; i++)
                {
                    Console.WriteLine($"{bulkInput[i]}");
                    byteBulkInput.Add(Encoding.UTF8.GetBytes(bulkInput[i]));
                }

                Console.WriteLine("\n");
                Console.WriteLine("With String Data Type");
                Console.WriteLine("----------------------");

                /**
                 * Use protector object to call bulk string Protect API
                 */
                Tuple<string[], int[]> bulkProtectedData = protector.Protect(bulkInput, userName, dataElementName);
                Console.WriteLine("Protected Data is: ");
                for (int i = 0; i < bulkProtectedData.Item1.Length; i++)
                {
                    Console.WriteLine(bulkProtectedData.Item1[i] + " " + bulkProtectedData.Item2[i]);
                }
                Console.WriteLine("\n");

                /**
                 * Use protector object to call bulk string Unprotect API
                 */
                Tuple<string[], int[]> bulkUnprotectedData = protector.Unprotect(bulkProtectedData.Item1, userName, dataElementName);
                Console.WriteLine("Unprotected Data is: ");
                for (int i = 0; i < bulkUnprotectedData.Item1.Length; i++)
                {
                    Console.WriteLine(bulkUnprotectedData.Item1[i] + " " + bulkUnprotectedData.Item2[i]);
                }
                Console.WriteLine("\n");

                /**
                 * Use protector object to call bulk string Reprotect API
                 */
                Tuple<string[], int[]> bulkReprotectedData = protector.Reprotect(bulkProtectedData.Item1, userName, dataElementName, newDataElementName);
                Console.WriteLine("Reprotected Data is: ");
                for (int i = 0; i < bulkReprotectedData.Item1.Length; i++)
                {
                    Console.WriteLine(bulkReprotectedData.Item1[i] + " " + bulkReprotectedData.Item2[i]);
                }
                Console.WriteLine("\n");

                /**
                * Use protector object to call bulk string Unprotect API
                */
                Tuple<string[], int[]> bulkUnprotectReprotectedData = protector.Unprotect(bulkReprotectedData.Item1, userName, newDataElementName);
                Console.WriteLine("Unprotected Data is: ");
                for (int i = 0; i < bulkUnprotectReprotectedData.Item1.Length; i++)
                {
                    Console.WriteLine(bulkUnprotectReprotectedData.Item1[i] + " " + bulkUnprotectReprotectedData.Item2[i]);
                }
                Console.WriteLine("\n");

                Console.WriteLine("With Byte Data Type");
                Console.WriteLine("----------------------");

                /**
                 * Use protector object to call bulk byte Protect API
                 */
                Tuple<List<byte[]>, int[]> byteBulkProtectedData = protector.Protect(byteBulkInput, userName, dataElementName);
                Console.WriteLine("Protected Data is: ");
                for (int i = 0; i < byteBulkProtectedData.Item1.Count; i++)
                {
                    Console.WriteLine(Encoding.UTF8.GetString(byteBulkProtectedData.Item1[i]) + " " + byteBulkProtectedData.Item2[i]);
                }
                Console.WriteLine("\n");

                /**
                * Use protector object to call bulk byte Unprotect API
                */
                Tuple<List<byte[]>, int[]> byteBulkUnprotectedData = protector.Unprotect(byteBulkProtectedData.Item1, userName, dataElementName);
                Console.WriteLine("Unprotected Data is: ");
                for (int i = 0; i < byteBulkUnprotectedData.Item1.Count; i++)
                {
                    Console.WriteLine(Encoding.UTF8.GetString(byteBulkUnprotectedData.Item1[i]) + " " + byteBulkUnprotectedData.Item2[i]);
                }
                Console.WriteLine("\n");

                /**
                * Use protector object to call bulk byte Reprotect API
                */
                Tuple<List<byte[]>, int[]> byteBulkReprotectedData = protector.Reprotect(byteBulkProtectedData.Item1, userName, dataElementName, newDataElementName);
                Console.WriteLine("Reprotected Data is: ");
                for (int i = 0; i < byteBulkReprotectedData.Item1.Count; i++)
                {
                    Console.WriteLine(Encoding.UTF8.GetString(byteBulkReprotectedData.Item1[i]) + " " + byteBulkReprotectedData.Item2[i]);
                }
                Console.WriteLine("\n");

                /**
                * Use protector object to call bulk byte Unprotect API
                */
                Tuple<List<byte[]>, int[]> byteBulkUnprotectReprotectedData = protector.Unprotect(byteBulkReprotectedData.Item1, userName, newDataElementName);
                Console.WriteLine("Unprotected Data is: ");
                for (int i = 0; i < byteBulkUnprotectReprotectedData.Item1.Count; i++)
                {
                    Console.WriteLine(Encoding.UTF8.GetString(byteBulkUnprotectReprotectedData.Item1[i]) + " " + byteBulkUnprotectReprotectedData.Item2[i]);
                }
                Console.WriteLine("\n");
            }
            catch (ProtectorException e)
            {
                Console.WriteLine(e);
            }
        } /* End scope of main function */

    } /* End scope of class */

} /* closure of namespace */

Expected Memory Usage

The process to find the policy size and expected memory usage for different policy sizes used by the .Net application is described in this section.

To find the policy size:

On Insights dashboard, under the Discover section, navigate to the troubleshooting index.
Search using the process.module.keyword: coreprovider filter.
Navigate to the logs with description as Policy successfully loaded. The additional_info.memoryUsed field depicts the policy size.

Memory Usage

Dynamic Memory Usage

The following is the expected memory usage for different policy sizes used by the .Net application.

Policy size	Process memory consumption
171 MB	223 MB
240 MB	292 MB
931 MB	982 MB

The process memory increases substantially for a few milliseconds when the application is running in the following cases:

The policy is replaced with another policy
Changes are made in the current policy

DevOps Memory Usage

If we increase the policy size, the time to load the policy file in the memory increases. For example; for 37 MB, it takes 1 min to load the policy file whereas for 370 MB, it takes approximately an hour to load the policy file.

3.7.2 - Setting Up AP .Net Mock on Windows in a Development Environment

Learn about installating AP .Net on Windows in a development environment.

This section describes how to install Application Protector (AP) .Net on a Windows platform for development purposes.

Note: The Log Forwarder and RP Agent should not be installed in a development environment.

Verifying prerequisites

Ensure that the following prerequisites are met:

A supported version of .NET Standard 2.0 is installed on the machine.

Extracting the AP .Net Setup Scripts and Package

To extract the setup scripts and package:

Download the ApplicationProtector_WIN-ALL-64_x86-64_NET-STD-2.0-64_<version>.zip file to any location on the machine where you want to install the protector.
Extract the contents of the ApplicationProtector_WIN-ALL-64_x86-64_NET-STD-2.0-64_<version>.zip file.
The following setup files are extracted:
- ApplicationProtector_WIN-ALL-64_x86-64_NET-STD-2.0-64_<version>.zip
- signatures/ApplicationProtector_WIN-ALL-64_x86-64_NET-STD-2.0-64_<version>.zip_10.0.sig
Verify the digital signature of the signed AP .Net build.
For more information about verifying the signed AP .Net build, refer to Verification of Signed Protector Build.
Extract the contents of the AP .Net installation package again.
The following setup files are extracted:
- LogforwarderSetup_Windows_x64_<version>.exe
- RPAgentSetup_Windows_x64_<version>.exe
- APDotNetSetup_Windows_x64_<version>.exe
- APDotNetMockSetup_Windows_x64_<version>.exe

Installing AP .Net Mock on Windows in a Development Environment

This section describes how to install AP .Net Mock on a Windows platform for development purposes.

Important:
Ensure that the following folders do not exist before installation:
- C:\Users\Administrator\.nuget\packages\dotnetprotector
- C:\Users\Administrator\.nuget\packages\dotnetprotectormocksetup
You can install only one environment at a time either production or development.

Using Windows Wizard

Run the APDotNetMockSetup_Windows_x64_<version>.exe installer from the created directory.
The Select Destination Location screen appears.
Set the installation directory to C:\Program Files\Protegrity\sdk\dotnet.
Click Next.
The Ready to Install screen appears.
Click Install.
The Completing the Defiance AP DOTNET API Setup Wizard screen appears.
Click Finish to exit the installer.
The AP .Net Mock is installed successfully.
The default installation directories for different platforms are given in the following table.
Table: Default Installation Directories
Platform Directory
Windows 64-bit C:\Program Files\Protegrity\sdk\dotnet\lib
API Docs C:\Program Files\Protegrity\sdk\dotnet\doc
Verify that DotNetProtectorMockSetup.<version>.nupkg NuGet package for the AP .NET is installed in the <installation_directory>\dotnet\lib installation directory.
Install the NuGet Package.
a. In Visual Studio, open Solution Explorer.
b. Right-click on Dependencies and select Manage NuGet Packages.
The NuGet Package Manager screen appears.
c. Click the Settings icon next to the Package source list.
d. In the Options dialog box, click the ellipsis next to the Source field.
e. Browse to and select the C:\Program Files\Protegrity\sdk\dotnet\lib lib directory.
f. Enter a name for the package source, for example APDotNetMockLib and click Update.
The lib directory path appears in the Package sources list.
g. Click OK to close the dialog box.
h. In the Package source list, select the newly created source.
i. Click Browse, locate the DotNetProtectorMockSetup package.
The DotNetProtectorMockSetup package appears in the list of packages.
j. Click Install.
The DotNetProtectorMockSetup package is installed.
1. Run the Program.
  After installation, run your application to verify integration.
  For more information about installing a NuGet package, refer to Install and manage packages in Visual Studio using the NuGet Package Manager.

Platform	Directory
Windows 64-bit	`C:\Program Files\Protegrity\sdk\dotnet\lib`
API Docs	`C:\Program Files\Protegrity\sdk\dotnet\doc`

Using Silent Mode

This section describes how to perform a silent installation of AP .Net Mock using command-line parameters.

Silent installation allows you to install AP .Net Mock without user interaction, making it suitable for automated deployments and scripting.

To view usage of the AP .Net Mock installation, use the -help parameter during silent installation.

APDotNetMockSetup_Windows_x64_10.0.0+0.g8606.exe -help

To specify the directory for the AP .Net Mock installation, use the -dir parameter during silent installation.

APDotNetMockSetup_Windows_x64_10.0.0+0.g8606.exe -dir C:\Users\Administrator

Note: -dir is a mandatory parameter for silent installation.

Uninstalling Application Protector .Net Mock on Windows in a Development Environment

This section describes how to completely remove AP .Net Mock from a Windows platform used for development.

To uninstall the .Net Mock from the development environment:

Navigate to the Installation Directory.
a. Go to C:\Program Files\Protegrity\sdk\dotnet.
Run the Uninstall Utility located in the directory.
Delete the Installation Directory.
a. After uninstallation, delete the C:\Program Files\Protegrity\sdk folder.
Uninstall the NuGet Package.
a. Open Visual Studio and go to Manage NuGet Packages for Solution.
b. Browse and select the DotNetProtectorMockSetup package.
c. Click Uninstall.
The AP .Net Mock Setup is uninstalled from the development environment.
The dotnetprotector package will be deleted from the NuGet Package Folder during the unintallation process.

3.7.3 - DevOps Approach for Application Protector

The DevOps approach for package deployment.

Note: The DLL file creation is supported only by .NET Core 8.0 and .NET Core 9.0. The .NET application can be run by using any supported versions.

The DevOps approach enables immutable package deployment. It uses a REST API call to download packages from the ESA in an encrypted format.

Note: The RP Agent should not be installed for immutable package deployments using DevOps.

For more information about package deployment approaches, refer to Resilient Package Deployment.

A REST API call is used to download the package on your local machine. Configure the package path in the config.ini file within the DevOps section and the path to decryptor dll file.

DevOps approach architecture

A REST API call is used to download the policy from the ESA in an envelop encrypted format. A public key is created using a Key Management System (KMS) or Hardware Security Module (HSM). This public key must be passed to the REST API.
The ESA generates a JSON file for the package with policy.
The encrypted DEK needs to be decrypted to perform the security operations. A Decryptor class is implemented using the Decryptor interface, to decrypt the Data Encryption Key (DEK) using a private key.

Before you begin

Ensure the following prerequisites are met:

The installation of the RP Agent is not required for immutable package deployment using the DevOps approach.
The decryptor parameter must have a complete path to a decryptor dll file.
A Decryptor class needs to be implemented using the Decryptor interface, which decrypts the Data Encryption Key (DEK) using a private key. It returns the decrypted DEK in bytes.
For more information on the decryptor interface of AP .Net, refer to Configuring the Decryptor interface.
A decryptor dll file needs to be created using the decryptor interface and decryptor class.
Create a solution project “DotNetDecryptor” where you want to generate the Decryptor DLL file.
Note: To create Decryptor DLL file, we require the IDEKDecryptor.cs, DotNetDecryptor.csproj, Decryptor.cs, and cloud specific decryptor files for AWSKMSDecryptor.cs, AzureKeyVaultDecryptor.cs, and GCPKMSDecryptor.cs.
The data store is properly configured before exporting your Application Protector policy. Define allowed servers for seamless policy deployment and secure access control.
For more information about configuring a data store, refer to -
- Creating a Data Store
- Adding Allowed Servers for the Data Store

AP .Net

Using the DevOps Approach

Perform the following steps to use the DevOps approach for immutable package deployment.

Add the [devops] parameter in the config.ini file.
Ensure the decryptor class has a fully qualified domain name.

[devops]
package.path = /path/to/policyFile
decryptor = /path/to/DotNetDecryptor.dll

The following is an example for adding the [devops] parameter in the config.ini file.

[devops]
package.path = C:\Users\User1\policies\test.json
decryptor = C:\Users\User1\DotNetDecryptor\DotNetDecryptor.dll

Note: For ESA 10.2.0 and later, Application Protector DevOps must use the Encrypted Resilient Package REST APIs using GET method. The legacy Export API using POST method is deprecated and not supported for Teams (PPC). The deprecated API remains supported only for the Enterprise edition for backward compatibility.
For more information about exporting Resilient Package using POST method for 10.0.1 and 10.1.0 ESA, refer to Using the Encrypted Resilient Package REST APIs.

For more information about exporting Resilient Package using GET method for 10.2 ESA, refer to Using the Encrypted Resilient Package REST APIs.

For more information about exporting Resilient Package using GET method for PPC, refer to Using the Encrypted Resilient Package REST APIs.

Sample Code for DevOps Approach

The sample code for DevOps approach for the AP .Net using different cloud platforms is provided in this section.

Configuring the Decryptor Interface

A Decryptor class must implement the IDEKDecryptor interface to decrypt the DEK. This interface includes the decrypt method. The decrypt method provides keyLabel, algorithmId, and encDek parameters. The decrypted DEK must be returned in byte[] format.

The following is the sample code for the decryptor file for using the DevOps Approach with specific cloud platforms.

IDEKDecryptor.cs

The following is a sample code for IDEKDecryptor.cs.

namespace Decryptor
{
    public interface IDEKDecryptor
    {
        byte[] Decrypt(string keyLabel, string algorithmId, byte[] encDEK, out int decryptedDekLength);

    }
}

DotNetDecryptor.csproj

The following is a sample code for DotNetDecryptor.csproj.

<Project Sdk="Microsoft.NET.Sdk">

	<PropertyGroup>
		<TargetFramework>net8.0</TargetFramework>
		<PlatformTarget>AnyCPU</PlatformTarget>
		<PublishAot>true</PublishAot>
		<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
		<EnableDynamicLoading>true</EnableDynamicLoading>
		<RuntimeIdentifier>win-x64</RuntimeIdentifier>
		<UseNativeAot>true</UseNativeAot>
	</PropertyGroup>

</Project>

Decryptor.cs

The following is a sample code for Decryptor.cs.

using System;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;

namespace Decryptor
{

    [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
    public delegate IntPtr DecryptDelegate(
       [MarshalAs(UnmanagedType.LPUTF8Str)] string keyLabel,
       [MarshalAs(UnmanagedType.LPUTF8Str)] string algorithmId,
       IntPtr encData,
       int encLen,
       out int outLen);

   
    public static class DecryptorBridge
    {
        public static IDEKDecryptor Implementation { get; set; }
        static DecryptorBridge()
        {
            Implementation = new RSADecryptor();
        }
        public static IntPtr DecryptEntry(string keyLabel, string algorithmId, IntPtr encData, int encLen, out int outLen)
        {
            if (Implementation == null)
                throw new InvalidOperationException("Decryptor implementation not set.");
            byte[] encryptedDek = new byte[encLen];
            Marshal.Copy(encData, encryptedDek, 0, encLen);
            byte[] result = Implementation.Decrypt(keyLabel, algorithmId, encryptedDek, out outLen);
            IntPtr resultPtr = Marshal.AllocHGlobal(outLen);
            Marshal.Copy(result, 0, resultPtr, outLen);
            return resultPtr;
        }

        [UnmanagedCallersOnly(EntryPoint = "GetDecryptDelegate")]
        public static IntPtr GetDecryptDelegate() 
        {
            DecryptDelegate del = DecryptEntry;
            return Marshal.GetFunctionPointerForDelegate(del);
        }

        [UnmanagedCallersOnly(EntryPoint = "FreeBuffer", CallConvs = new[] { typeof(CallConvCdecl) })]
        public static void FreeBuffer(IntPtr ptr) { Marshal.FreeHGlobal(ptr); }

        

    }

}

Using AWS

For AWS, we require the IDEKDecryptor.cs, DotNetDecryptor.csproj, Decryptor.cs along with AWSKMSDecryptor.cs. The following is a sample implementation using the private key obtained from AWS KMS for decryption.

using System;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;
using Amazon;
using Amazon.KeyManagementService;
using Amazon.KeyManagementService.Model;
using Decryptor;

namespace DotNetDecryptor
{
    public class AWSKMSDecryptor : IDEKDecryptor
    {
        // Replace with your actual AWS region name (e.g., "us-east-1", "ap-south-1")
        private static readonly RegionEndpoint KMSRegion = RegionEndpoint.GetBySystemName("your-default-region");

        // Replace with your actual KMS Key ID 
        private static readonly string KMSKeyId = "your-key-id";
        public byte[] Decrypt(string keyLabel, string algorithmId, byte[] encDek, out int decryptedDekLength)
        {
            Console.WriteLine("Key Label: " + keyLabel);
            Console.WriteLine("AlgorithmID: " + algorithmId);
            Console.WriteLine("Base64 encoded input: " + Convert.ToBase64String(encDek));

            // Initialize the AWS KMS client using the specified region
            var kmsClient = new AmazonKeyManagementServiceClient(KMSRegion); 
            // Specify the encryption algorithm used during encryption
            EncryptionAlgorithmSpec algorithm = EncryptionAlgorithmSpec.RSAES_OAEP_SHA_256;
            // Create a decryption request with the encrypted DEK and algorithm
            var decryptRequest = new DecryptRequest
            {
                KeyId = KMSKeyId,
                CiphertextBlob = new MemoryStream(encDek),
                EncryptionAlgorithm = algorithm
            };
            // Send the decryption request to AWS KMS and wait for the response
            var decryptResponse = kmsClient.DecryptAsync(decryptRequest).Result;
            byte[] plaintext = decryptResponse.Plaintext.ToArray();
            decryptedDekLength = plaintext.Length;

            return plaintext;
        }

    }
}

Using Azure

For Azure, we require the IDEKDecryptor.cs, DotNetDecryptor.csproj, Decryptor.cs along with AzureKeyVaultDecryptor.cs. The following is a sample implementation using the private key obtained from Azure Key Vault for decryption.

using Azure.Identity;
using Azure.Security.KeyVault.Keys;
using Azure.Security.KeyVault.Keys.Cryptography;
using Decryptor;
using System;
using System.Net;
using System.Text;
using System.Threading.Tasks;

namespace Decryptor
{
    public class AzureKeyVaultDecryptor : IDEKDecryptor
    {

        public byte[] Decrypt(string keyLabel, string algorithmId, byte[] encDek, out int decryptedDekLength)
        {
            Console.WriteLine("Key Label:" + keyLabel);
            Console.WriteLine("AlgorithmID:" + algorithmId);
            Console.WriteLine("Base64 encoded input: " + Convert.ToBase64String(encDek));
            var keyVaultUrl = "https://devops-key.vault.azure.net/";
            var keyName = "testkey";
            var credential = new DefaultAzureCredential();
            var keyClient = new KeyClient(new Uri(keyVaultUrl), credential);
            KeyVaultKey key = keyClient.GetKey(keyName);
            CryptographyClient _cryptoClient = new CryptographyClient(key.Id, credential);
            EncryptionAlgorithm algorithm = EncryptionAlgorithm.RsaOaep256;
            DecryptResult result = _cryptoClient.Decrypt(algorithm, encDek);
            decryptedDekLength = result.Plaintext.Length;
            Console.WriteLine("Base64 encoded output: " + Convert.ToBase64String(result.Plaintext));
            return result.Plaintext;
        }
    }
}

Using GCP

For GCP, we require the IDEKDecryptor.cs, DotNetDecryptor.csproj, Decryptor.cs along with GCPKMSDecryptor.cs. The following is a sample implementation using the private key obtained from Google Cloud KMS for decryption.

using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Net.Http;
using System.Reflection.Metadata;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
using Decryptor;
using Microsoft.IdentityModel.Tokens;
using Newtonsoft.Json;

namespace DotNetDecryptor
{
    public class GCPKMSDecryptor : IDEKDecryptor
    {
        public byte[] Decrypt(string keyLabel, string algorithmId, byte[] encDEK, out int decryptedDekLength)
        {
            Console.WriteLine("Key Name: " + keyLabel);
            Console.WriteLine("AlgorithmID: " + algorithmId);
            Console.WriteLine("Base64 encoded input: " + Convert.ToBase64String(encDEK));

            // TODO: Replace the below path with the full path to your service account key JSON file
            // Example: @"C:\Path\To\Your\File\your-file-name.json"

            string jsonPath = @"C:\Path\To\Your\File\your-file-name.json";
            var serviceAccount = JsonConvert.DeserializeObject<Dictionary<string, string>>(System.IO.File.ReadAllText(jsonPath));

            string privateKey = serviceAccount["private_key"];
            string clientEmail = serviceAccount["client_email"];
            string tokenUri = serviceAccount["token_uri"];

            var rsa = RSA.Create();
            rsa.ImportFromPem(privateKey.ToCharArray());

            var creds = new SigningCredentials(new RsaSecurityKey(rsa), SecurityAlgorithms.RsaSha256);

            var now = DateTimeOffset.UtcNow;
            var jwtHeader = new JwtHeader(creds);
            var jwtPayload = new JwtPayload
            {
                { "iss", clientEmail },
                { "scope", "https://www.googleapis.com/auth/cloud-platform" },
                { "aud", tokenUri },
                { "iat", now.ToUnixTimeSeconds() },
                { "exp", now.AddMinutes(60).ToUnixTimeSeconds() }
            };

            var jwt = new JwtSecurityToken(jwtHeader, jwtPayload);
            string signedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);

            var httpClient = new HttpClient();
            var tokenResponse = httpClient.PostAsync(tokenUri, new FormUrlEncodedContent(new Dictionary<string, string>
            {
                { "grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer" },
                { "assertion", signedJwt }
            })).Result;

            var tokenJson = JsonConvert.DeserializeObject<Dictionary<string, string>>(tokenResponse.Content.ReadAsStringAsync().Result);
            string accessToken = tokenJson["access_token"];

            string ciphertext = Convert.ToBase64String(encDEK);

            // TODO: Replace the below URL with your actual Google Cloud KMS key version URL
            // Format: https://cloudkms.googleapis.com/v1/projects/{PROJECT_ID}/locations/{LOCATION}/keyRings/{KEY_RING}/cryptoKeys/{KEY_NAME}/cryptoKeyVersions/{VERSION}:asymmetricDecrypt
            string kmsUrl = "https://cloudkms.googleapis.com/v1/projects/{PROJECT_ID}/locations/{LOCATION}/keyRings/{KEY_RING}/cryptoKeys/{KEY_NAME}/cryptoKeyVersions/{VERSION}:asymmetricDecrypt";

            var payload = new Dictionary<string, string>
            {
                { "ciphertext", ciphertext }
            };

            var kmsRequest = new StringContent(JsonConvert.SerializeObject(payload), Encoding.UTF8, "application/json");

            httpClient.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accessToken);

            var kmsResponse = httpClient.PostAsync(kmsUrl, kmsRequest).Result;
            
            var responseContent = kmsResponse.Content.ReadAsStringAsync().Result;

            if (!kmsResponse.IsSuccessStatusCode)
            {
                Console.WriteLine("KMS API Error:");
                Console.WriteLine(responseContent);
                throw new Exception("KMS decryption failed.");
            }

            var kmsJson = JsonConvert.DeserializeObject<Dictionary<string, string>>(responseContent);
            string plaintextBase64 = kmsJson["plaintext"];

            byte[] plaintext = Convert.FromBase64String(plaintextBase64);

            decryptedDekLength = plaintext.Length;
          
            return plaintext;
        }
    }
}

Create a DotNetDecryptor.dll File

To create a DLL file:

Open x64 Native Tools Command Prompt for VS.
Navigate to the folder where you have saved the DevOps Approach files using the following command.
```
cd path\to\your\directory
```
To build the Decryptor DLL, run the following command:
```
dotnet publish -r win-x64 -c Release
```
Navigate to the bin\x64\Release\net8.0\win-x64\publish\ folder.
The DotNetDecryptor.dll is created in the publish folder.
Note: It is recommended to move the DotNetDecryptor file to a shorter path location.
Update the decryptor parameter to the DotNetDecryptor.dll full path in the config.ini file.

3.7.4 - Application Protector API Return Codes

Learn about the Application Protector API Return Codes.

Sample Log for AP Return Codes

The following is a sample log generated in Discover on the Audit Store Dashboards in ESA.

Sample log for AP return codes

Protection audit logs are stored in the Audit Store. Select the pty_insight_*audit* index to view the protection logs.

For more information about viewing the logs, refer to Working with Discover.

3.7.5 - Config.ini file for Application Protector

Sample config.ini file for Application Protector.

The Application Protector can be configured using the config.ini file. By default, this file is located in the <installation directory>/sdk/<protector>/data/ directory.

The various configurations required for setting up the Application Protector are described in this section.

Sample config.ini file

The following represents a sample config.ini file.

# -----------------------------
# Protector configuration
# ----------------------------- 
[protector]

# Cadence determines how often the protector connects with shared memory to fetch the policy updates in background.
# Default is 60 seconds. So by default, every 60 seconds protector tries to fetch the policy updates.
#
# Default 60.
cadence = 60

# The time during which a session object is valid. Default = 15 minutes.
session.sessiontimeout = 15

###############################################################################
# Log Provider Config
###############################################################################
[log]

# In case that connection to fluent-bit is lost, set how audits/logs are handled
# 
# drop  : (default) Protector throws logs away if connection to the fluentbit is lost
# error : Protector returns error without protecting/unprotecting 
#         data if connection to the fluentbit is lost
mode = drop

# Host/IP to fluent-bit where audits/logs will be forwarded from the protector
#
# Default localhost
host = localhost

Different configurations for Application Protector

The following are the various configurations:

Protector configurations

cadence: The interval at which the protector synchronizes with the shared memory for fetching the package with policy. The default value for cadence is 60 seconds. The maximum and minimum value that can be set for cadence are 86400 seconds (24 hours) and 1 respectively.
For more information about the policy deployment with different cadence configurations, refer to Policy Deployment.
For more information about the Resilient Package sync configuration parameters, refer to Resilient Package Sync Configuration Parameters.
For more information about changing protector status interval, refer to Resilient Package Status Configuration Parameter.
session.sessiontimeout: The time during which a session object is valid. The default value for session.sessiontimeout is 15 minutes.
Note: The session.sessiontimeout parameter is a feature of AP Java and not valid for AP Python and AP .Net.

Log Provider configurations

mode: This describes how the protector logs are handled if you lose connection to the Log Forwarder host, can be set to one of the following values:
- drop: The logs are dropped when the connection to the Log Forwarder is lost. The default mode is drop.
- error: The data security operations are stopped and an error is generated when the connection to the Log Forwarder is lost.
host: The Log Forwarder hostname or IP address where the logs will be forwarded from the protector. The default host for Log Forwarder is localhost.

For more information about the configuration parameters for forwarding the audits and logs, refer to Configuration Parameters for Forwarding Audits and Logs.

3.7.6 - Multi-node Application Protector Architecture

Architecture for multi-node Application Protector.

The multi-node Application Protector (AP) architecture, its individual components, and how logs are collected using the Log Forwarder are described in this section.

The following figure describes the multi-node AP architecture.

Multi-node AP architecture

For example, some AP nodes are connected to an ESA, which includes the Audit Store component. Each AP node contains a Log Forwarder, RP Agent, and AP instance for sending logs to the ESA.

Protector: The AP can be configured using the config.ini file.
For more information about the configurations, refer to Config.ini file for Application Protector.

3.7.7 - Uninstalling the Application Protector

Uninstalling Application Protector .Net in a Production Environment

This section provides step-by-step instructions to uninstall Application Protector .Net (AP .Net) and its associated components from a Windows platform.

Uninstalling the Log Forwarder

Follow these instructions to uninstall the Log Forwarder.

Before you begin

To preserve all the configurations during an upgrade, ensure that all the files present under the C:\Program Files\Protegrity\logforwarder\data\config.d directory are backed up.
Close all AP .Net files and folders.

Instructions

For more information about uninstalling the Log Forwarder, refer to Uninstalling Log Forwarder on Windows.

Uninstalling the RPAgent

Follow these instructions to uninstall the RPAgent

Before you begin

To preserve all the configurations during an upgrade, ensure that all the files present under the C:\Program Files\Protegrity\sdk\data directory are backed up.
Close all AP .Net files and folders.

Instructions

For more information about uninstalling the RP Agent, refer to Unstalling RP Agent on Windows.

Uninstalling Application Protector .Net

To uninstall the AP .Net:

Run the Uninstall Utility.
a. Navigate to C:\Program Files\Protegrity\sdk\dotnet directory.
b. Run the unins000 file located in this directory.
Delete the Installation Directory.
a. After uninstallation, delete the C:\Program Files\Protegrity\sdk folder.
Remove the Environment Variable.
a. Delete the path to the dotnetprovider.plm file from the Environment Variables.
Uninstall the NuGet Package.
a. Open Visual Studio and go to Manage NuGet Packages for Solution.
b. Search for and select DotNetProtector.
c. Click Uninstall.

The Application Protector .Net and its components are successfully uninstalled from the Windows platform.
The dotnetprotector package will be deleted from the NuGet Package Folder during the unintallation process.