FAQs
Can I download keys from CipherTrust Manager and use them in CDP?
Yes. You can download keys from CipherTrust Manager. Once the keys are cached, the cryptographic operations can continue without access to the server, and thus improves the performance.
Can I use versioned keys for encryption?
Yes. CDP supports encryption using versioned keys. However, you can encrypt only with the active versions of a key.
What happens to the primary key during encryption?
The primary keys are dropped during encryption. You must manually recreate primary keys if you want to preserve the conditions established by the primary keys.
Can I delete un-needed data after encryption/decryption?
Yes. After you encrypt your table, a new row of encrypted data is added, but the original data still exists in plaintext. Likewise, after decryption your data, the ciphertext remains on the table. We strongly recommend that you delete this data.
Can I encrypt data while retaining the format?
Yes. CDP supports encryption of well formatted data and preserves the formatting even after encryption. Refer to Format Preserving Encryption (FPE) for details.
How will I ensure the integrity of the encryption key?
The best way to ensure the integrity of the key is to rotate them on regular basis. Key rotation should be included as a regular part of your security maintenance plan.