Encryption masking applies encryption algorithms to mask source data.
Mask string data types with format preserving encryption.
You can choose to preserve the format and length of the source data or the length of the source data. You can also choose to change the format and length of the source data after encryption.
You can choose characters that you do not want to encrypt.
After you encrypt the source data, you can also decrypt it to get back the original data. To decrypt the data, you must create and run a mapping that uses the same encryption technique with the same pass phrase that you used to encrypt the source data. Set the mode to Decryption.
If the source data contains UTF-8 four byte characters, you cannot use encryption to mask the data.
Select one of the following encryption techniques:
Preserve Format and Metadata
Use the Preserve Format and Metadata encryption option to preserve the format and the length of the source data. When you choose to preserve format and metadata, all uppercase characters are replaced with uppercase characters, lowercase characters are replaced with lowercase characters, numbers are replaced with numbers, and special characters are replaced with special characters after encryption. For example, an email address Abc123@xyz.com might become Mpz849#dje!kuw. In this example, if you configure "@" and "." characters as Do Not Encrypt Characters, the email might become Mpz849@dje.kuw.
Preserve Metadata
Use the Preserve Metadata encryption option to preserve the length of the source data. When you choose to preserve metadata, the length of the data remains the same after encryption. For example, a first name Alexender might become jl6#HB91v, where the length remains the same as in the source data.
Change Metadata
Use the Change Metadata encryption option to change the length of the source data after encryption. When you choose to change metadata, the encrypted data does not retain the length and format of the source data. For example, a city name London might become Xuep@8f5, fmch529, or 6ky#ke33h*we.
Before you use the Change Metadata encryption option, you must change the precision of the column you want to apply encryption on in the database.
Use the following formula to calculate the precision and round up the value to the next higher integer:
Required Precision = (1.33*Original Precision)+24
After you change the column precision in the database, you must update the column precision in the mapping. To update the column precision you can either reimport the metadata from the updated database, or manually change the column precision in each transformation in the mapping.