Protegrity Encryption
Encryption algorithms vary by input and output data types they support. Some preserve length, while others do not.
Table: Encryption Algorithms - Supported Length
Encryption Algorithm | Preserves Length | Maximum Length |
|---|---|---|
3DES | No | Depends on protector and data type. |
AES-128 | No | |
AES-256 | No | |
CUSP 3DES | Yes*1 | |
CUSP AES-128 | Yes*1 | |
CUSP AES-256 | Yes*1 |
*1 - All CUSP are length preserving as long as no CRC or Key ID is configured.
Encryption Algorithms for Protectors
Application Protector
The Protegrity solutions can encode data with the following encryption algorithms:
Table: Input Data Types Supported by Application Protectors
| Encryption Algorithm | AP Java*1*2 | AP Python | AP C |
|---|---|---|---|
| 3DES AES-128 AES-256 CUSP 3DES CUSP AES-128 CUSP AES-256 | STRING CHAR[] BYTE[] | STRING BYTES INT LONG FLOAT | STRING CHAR[] BYTE[] |
*1 - If the input and output types of the API are BYTE [], the customer application should convert the input to a byte array. Then, call the API and convert the output from the byte array.
*2 - The output type is BYTE[] only. The input type String or Char is supported with the API that provides BYTE[] output type.
*3 - You must pass the encrypt_to=bytes keyword argument to the AP Python protect API for encrypting data. However, if you are encrypting or re-encrypting data already in bytes format, you do not need to pass the encrypt_to=bytes argument to the protect and reprotect APIs.
Data Warehouse Protector
The Protegrity solutions can encode data with the following encryption algorithms:
Table: Input Data Types Supported by Data Warehouse Protectors
| Encryption Algorithm | Teradata |
|---|---|
| 3DES AES-128 AES-256 CUSP 3DES CUSP AES-128 CUSP AES-256 | VARCHAR LATIN CHAR FLOAT DECIMAL DATE VARCHAR UNICODE SMALLINT INTEGER BIGINT JSON XML |