Encryption Algorithms
An encryption algorithm is a process to convert data into ciphertext.
Protegrity Encryption
Encryption is the conversion of data into a ciphertext using an algorithmic scheme.
Encryption algorithms vary by input and output data types they support. Some preserve length, while others do not.
Table: Encryption Algorithms - Supported Length
Encryption Algorithm | Preserves Length | Maximum Length |
|---|---|---|
3DES | No | Depends on protector and data type. |
AES-128 | No | |
AES-256 | No | |
CUSP 3DES | Yes*1 | |
CUSP AES-128 | Yes*1 | |
CUSP AES-256 | Yes*1 |
*1 - All CUSP are length preserving as long as no CRC or Key ID is configured.
Encryption Algorithms for Protectors
Application Protector
The Protegrity solutions can encode data with the following encryption algorithms:
Table: Input Data Types Supported by Application Protectors
| Encryption Algorithm | AP Java*1*2 | AP Python | AP C |
|---|---|---|---|
| 3DES AES-128 AES-256 CUSP 3DES CUSP AES-128 CUSP AES-256 | STRING CHAR[] BYTE[] | STRING BYTES INT LONG FLOAT | STRING CHAR[] BYTE[] |
*1 - If the input and output types of the API are BYTE [], the customer application should convert the input to a byte array. Then, call the API and convert the output from the byte array.
*2 - The output type is BYTE[] only. The input type String or Char is supported with the API that provides BYTE[] output type.
*3 - You must pass the encrypt_to=bytes keyword argument to the AP Python protect API for encrypting data. However, if you are encrypting or re-encrypting data already in bytes format, you do not need to pass the encrypt_to=bytes argument to the protect and reprotect APIs.
Big Data Protector
The Protegrity solutions can encode data with the following encryption algorithms:
- Big Data Protectors - 3DES, AES-128, AES-256, CUSP 3DES, CUSP AES-128, and CUSP AES-256.
Table: Input Data Types Supported by Big Data Protectors
| Encryption Algorithm | MapReduce*1 | Hive | Pig | HBase*1 | Impala | Spark | Spark SQL | Trino |
|---|---|---|---|---|---|---|---|---|
| 3DES AES-128 AES-256 CUSP 3DES CUSP AES-128 CUSP AES-256 | BYTE[] | STRING*3 | Not supported | BYTE[] | STRING SMALLINT INT BIGINT FLOAT DOUBLE | BYTE[] STRING*2 | STRING*3 | VARCHAR*4 VARBINARY |
*1 - The customer application should convert the input to and output from byte array.
*2 - The input type STRING is supported with the API that provides the BYTE[] output type.
*3 - The string encryption UDFs for Hive and SparkSQL are limited to accept 2 GB data size at maximum as input. Ensure that the file size for the protected binary data after the required encoding does not exceed the 2 GB input limit.
*4 - The input type VARCHAR is supported by AES-128 and AES-256.
Data Warehouse Protector
The Protegrity solutions can encode data with the following encryption algorithms:
Table: Input Data Types Supported by Data Warehouse Protectors
| Encryption Algorithm | Teradata |
|---|---|
| 3DES AES-128 AES-256 CUSP 3DES CUSP AES-128 CUSP AES-256 | VARCHAR LATIN CHAR FLOAT DECIMAL DATE VARCHAR UNICODE SMALLINT INTEGER BIGINT JSON XML |
Database Protector
The Protegrity solutions can encode data with the following encryption algorithms:
Table: Input Data Types Supported by Database Protectors
| Encryption Algorithm | Oracle | MSSQL |
|---|---|---|
| 3DES | varchar2 | varchar |
| AES-128 | char | char |
| AES-256 | number | decimal |
| CUSP 3DES | real | real |
| CUSP AES-128 | float | float |
| CUSP AES-256 | date | date |
| raw | varbinary | |
| blob | varbinary(max) | |
| clob | varchar(max) |
Encryption Properties - IV, CRC, Key ID
List details about Encryption properties.
Data Length and Padding in Encryption
Data length and padding in encryption refers to the padding used to fill the blocks of data with padding bytes in a block cipher.
Feedback
Was this page helpful?