Crypto Operations
The CipherTrust Manager supports the following crypto operations:
Symmetric Encryption
Symmetric encryption uses AES, TDES, or AES-GCM (with or without authentication data).
A variety of modes and key sizes are supported. Operations can be chained to encrypt a stream of data, split over multiple requests.
| Algorithm | Mode | Padding (* = default) |
|---|---|---|
| AES | GCM | |
| AES | ECB, CBC | none, PKCS7* |
| TDES | CBC | none, PKCS5* |
Asymmetric Encryption
Asymmetric encryption uses RSA keys. A variety of paddings are supported.
| Algorithm | Mode | Padding (* = default) |
|---|---|---|
| RSA | OAEP, PKCS1* |
Asymmetric Sign and Verify
| Algorithm |
|---|
| SHA1 |
| SHA256 |
| SHA384 |
| SHA512 |
MAC and MAC Verify
| Algorithm |
|---|
| SHA1 |
| SHA256 |
| SHA384 |
| SHA512 |
Format Preserving Encryption
Format–Preserving Encryption is a special type of encryption that keeps the output of the algorithm in the same format and length as the input. This can be important when the result is stored in a database that expects a certain format. A common use case is for Credit Card Numbers, zip codes, telephone numbers, names, addresses etc.
Using this service/api/product does not confer compliance with any regulation regarding the use, storage and processing of Credit Card data.
Normally FPE algorithms limit the size of the data that can be encrypted to a number based on the size of the alphabet. Selecting the "alphabet" determines two things - how long your input can be - and what characters will be encrypted and which ones will be left in place.
| sample | alphabet | sample result |
|---|---|---|
| 443-555-1055 | digit | 231-601-4293 |
| 443-555-1055 | alphabet | 443-555-1055 |
| 443-555-1055 | alphanumeric | ab4-56k-DG3e |
| 443-555-1055 | printable | &08yfh210f8$5 |
| Hello World! | digit | Hello World! |
| Hello World! | alphabet | djheF dkoRE! |
| Hello World! | alphanumeric | 4JhR6 0e5w2! |
| Hello World! | printable | 3J;e6#0e^1&d |
| Alphabet | Maximum size |
|---|---|
| digit | 56 |
| alphabet | 32 |
| alphanumeric | 32 |
| printable | 28 |
The algorithm handles ASCII chars Ox20 through Ox7E. Apart from ASCII, other characters are supported through unicode character set.
The FPE implementation also supports inputs that are longer than the limits imposed above. However using the API this way is more complicated and additional parameters must be passed.
Unicode
The Unicode charset must be present on the server and its the size should be greater than 10 and less than 256 characters. The number of characters provided in the character set will be treated as cardinality for the input data.
This table provides the cardinality size and the corresponding IV/block-size for the FPE/AES/UNICODE usage. In FPE/AES/UNICODE, the cardinality and IV/block-size is defined in character length.
| Cardinality | IV/Block-size | Cardinality | IV/Block-size | Cardinality | IV/Block-size |
|---|---|---|---|---|---|
| 10 | 56 | 92 | 28 | 174 | 24 |
| 11 | 54 | 93 | 28 | 175 | 24 |
| 12 | 52 | 94 | 28 | 176 | 24 |
| 13 | 50 | 95 | 28 | 177 | 24 |
| 14 | 50 | 96 | 28 | 178 | 24 |
| 15 | 48 | 97 | 28 | 179 | 24 |
| 16 | 48 | 98 | 28 | 180 | 24 |
| 17 | 46 | 99 | 28 | 181 | 24 |
| 18 | 46 | 100 | 28 | 182 | 24 |
| 19 | 44 | 101 | 28 | 183 | 24 |
| 20 | 44 | 102 | 28 | 184 | 24 |
| 21 | 42 | 103 | 28 | 185 | 24 |
| 22 | 42 | 104 | 28 | 186 | 24 |
| 23 | 42 | 105 | 28 | 187 | 24 |
| 24 | 40 | 106 | 28 | 188 | 24 |
| 25 | 40 | 107 | 28 | 189 | 24 |
| 26 | 40 | 108 | 28 | 190 | 24 |
| 27 | 40 | 109 | 28 | 191 | 24 |
| 28 | 38 | 110 | 28 | 192 | 24 |
| 29 | 38 | 111 | 28 | 193 | 24 |
| 30 | 38 | 112 | 28 | 194 | 24 |
| 31 | 38 | 113 | 28 | 195 | 24 |
| 32 | 38 | 114 | 28 | 196 | 24 |
| 33 | 38 | 115 | 28 | 197 | 24 |
| 34 | 36 | 116 | 26 | 198 | 24 |
| 35 | 36 | 117 | 26 | 199 | 24 |
| 36 | 36 | 118 | 26 | 200 | 24 |
| 37 | 36 | 119 | 26 | 201 | 24 |
| 38 | 36 | 120 | 26 | 202 | 24 |
| 39 | 36 | 121 | 26 | 203 | 24 |
| 40 | 36 | 122 | 26 | 204 | 24 |
| 41 | 34 | 123 | 26 | 205 | 24 |
| 42 | 34 | 124 | 26 | 206 | 24 |
| 43 | 34 | 125 | 26 | 207 | 24 |
| 44 | 34 | 126 | 26 | 208 | 24 |
| 45 | 34 | 127 | 26 | 209 | 24 |
| 46 | 34 | 128 | 26 | 210 | 24 |
| 47 | 34 | 129 | 26 | 211 | 24 |
| 48 | 34 | 130 | 26 | 212 | 24 |
| 49 | 34 | 131 | 26 | 213 | 24 |
| 50 | 34 | 132 | 26 | 214 | 24 |
| 51 | 32 | 133 | 26 | 215 | 24 |
| 52 | 32 | 134 | 26 | 216 | 24 |
| 53 | 32 | 135 | 26 | 217 | 24 |
| 54 | 32 | 136 | 26 | 218 | 24 |
| 55 | 32 | 137 | 26 | 219 | 24 |
| 56 | 32 | 138 | 26 | 220 | 24 |
| 57 | 32 | 139 | 26 | 221 | 24 |
| 58 | 32 | 140 | 26 | 222 | 24 |
| 59 | 32 | 141 | 26 | 223 | 24 |
| 60 | 32 | 142 | 26 | 224 | 24 |
| 61 | 32 | 143 | 26 | 225 | 24 |
| 62 | 32 | 144 | 26 | 226 | 24 |
| 63 | 32 | 145 | 26 | 227 | 24 |
| 64 | 32 | 146 | 26 | 228 | 24 |
| 65 | 30 | 147 | 26 | 229 | 24 |
| 66 | 30 | 148 | 26 | 230 | 24 |
| 67 | 30 | 149 | 26 | 231 | 24 |
| 68 | 30 | 150 | 26 | 232 | 24 |
| 69 | 30 | 151 | 26 | 233 | 24 |
| 70 | 30 | 152 | 26 | 234 | 24 |
| 71 | 30 | 153 | 26 | 235 | 24 |
| 72 | 30 | 154 | 26 | 236 | 24 |
| 73 | 30 | 155 | 26 | 237 | 24 |
| 74 | 30 | 156 | 26 | 238 | 24 |
| 75 | 30 | 157 | 26 | 239 | 24 |
| 76 | 30 | 158 | 26 | 240 | 24 |
| 77 | 30 | 159 | 26 | 241 | 24 |
| 78 | 30 | 160 | 26 | 242 | 24 |
| 79 | 30 | 161 | 26 | 243 | 24 |
| 80 | 30 | 162 | 26 | 244 | 24 |
| 81 | 30 | 163 | 26 | 245 | 24 |
| 82 | 30 | 164 | 26 | 246 | 24 |
| 83 | 30 | 165 | 26 | 247 | 24 |
| 84 | 30 | 166 | 26 | 248 | 24 |
| 85 | 28 | 167 | 26 | 249 | 24 |
| 86 | 28 | 168 | 24 | 250 | 24 |
| 87 | 28 | 169 | 24 | 251 | 24 |
| 88 | 28 | 170 | 24 | 252 | 24 |
| 89 | 28 | 171 | 24 | 253 | 24 |
| 90 | 28 | 172 | 24 | 254 | 24 |
| 91 | 28 | 173 | 24 | 255 | 24 |