AES-128 and AES-256
The Protegrity solutions work with AES-128 and AES-256 encryption algorithms. The Advanced Encryption Standard (AES) is an encryption algorithm for electronic data that was established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
AES is based on a substitution-permutation network design principle, and is fast in both software and hardware.
AES is used in three versions, such as, AES-128, AES-192, and AES-256. These numbers represent the encryption key sizes, 128 bits, 192 bits, and 256 bits. The number of rounds based on the encryption key sizes are 10, 12, and 14 respectively.
AES-128 and AES-256
AES-128 is a version of AES encryption algorithm that has a fixed block size of 16 bytes and a key size of 128 bit. AES-256 is a version of AES encryption algorithm that has a fixed block size of 16 bytes and a key size of 256 bit.
Table: AES-128 and AES-256 Encryption Algorithm Properties
| Properties | Values |
|---|---|
| Name | AES-128 AES-256 |
| Operation Mode | CBC – Cipher Block Chaining |
| Encryption Properties | IV, CRC, Key ID |
| Length Preservation with padding formula for non-length preserving algorithms | No For explanation on calculating data length, refer to the section Data Length and Padding in Encryption. |
| Minimum Length | None |
| Maximum Length | 2147483610 bytes |
| Specifics of algorithm | AES-128 - A block cipher with 128 bit key AES-256 - A block cipher with 256 bit key |
The table shows examples of the way in which the value “Protegrity” will be encrypted with the AES-128 and AES-256 encryption algorithm.
Table: Examples of AES-128 and AES-256 Encryption
| Encryption Algorithm | Output Value | Comments |
|---|---|---|
| AES-128 | 0xA2EA9C9BC53D77BA7F8E85C124296BF3 | The input value, which is 10 bytes long, is padded to become 16 bytes. This represents one block of 16 bytes. The output value consists of 16 bytes. |
| AES-128-CRC | 0x86315F21FA70F7AC1A7D9DB04B22C87A | The input value, which is 10 bytes long with a checksum of 4 bytes, is padded to become 16 bytes. This represents one block of 16 bytes. The output value consists of 16 bytes. |
| AES-128-IV | 0x0560F196024CCD1CD8213C6657B1BB58CE3047C316EC300BB0BF3C3F5949C157 | 16 bytes IV is added. The output value consists of 32 bytes. This represents two blocks of 16 bytes. |
| AES-128-KeyID | 0x2002E3DE3D7AB6CCBEB96A6A60248559C094 | 2 bytes are added for the Key ID. The output value consists of 18 bytes. |
| AES-128-IV-CRC-KeyID | 0x20031F55A327AFD11DA9E0FEA2499484825E2EABC2B28D162737E867BE0726E7131F | The input value, which is 10 bytes long with a checksum of 4 bytes, is padded to a total length of 16 bytes. Additionally, 16 bytes IV and 2 bytes of Key ID are added to the output. The final output value consists of 34 bytes. |
| AES-256 | 0x0A4771DAD552DA29512BE13BCCF2538A | The input value, which is 10 bytes long, is padded to become 16 bytes. This represents one block of 16 bytes. The output value consists of 16 bytes. |
| AES-256-CRC | 0x29445B1AEED293D341E9634BD7B7BA4C | The input value, which is 10 bytes long with a checksum of 4 bytes, is padded to become 16 bytes. This represents one block of 16 bytes. The output value consists of 16 bytes. |
| AES-256-IV | 0x2C9D5D8AF80C4614F2C6D063A94BB624C19B14EB40C919F7053DA636ACAE3BEE | 16 bytes IV is added. The output value consists of 32 bytes. This represents two blocks of 16 bytes. |
| AES-256-KeyID | 0x20157C0E98A1C9E4E6F4D1DCB6FE72B2DA69 | 2 bytes are added for the Key ID. The output value consists of 18 bytes. |
| AES-256-IV-CRC-KeyID | 0x200AA6570EBA6A866F985839C4C189038705C6FC48B2459650940904E76009E300D2 | The input value, which is 10 bytes long with a checksum of 4 bytes, is padded to a total length of 16 bytes. Additionally, 16 bytes IV and 2 bytes of Key ID are added to the output. The final output value consists of 34 bytes. |
AES-128 and AES-256 Encryption Properties for Protectors
The Application Protector, Big Data Protector, and Database Protector can use AES-128 and AES-256 encryption algorithms. All protectors support encryption properties, such as, IV, CRC, and Key ID. The Key ID is a part of the encrypted data.
The AES-128 and AES-256 encryption algorithms can also be used with File Protectors.
For the protect operation, the Input type / Character set can be any value depending upon the DB, then the Output type / Character set is Binary. For the unprotect operation, the Input type / Character set is binary and the Output type / Character set can be any value depending upon the DB.
Application Protector
For the Input type / Character set property, refer to Supported Input Data Types by Application Protectors for supported data types.
Big Data Protector
For the Input type / Character set property, refer to Supported Input Data Types by Big Data Protectors for supported data types.
Feedback
Was this page helpful?