Table of Contents

Search

  1. Preface
  2. Introduction to Test Data Management
  3. Test Data Manager
  4. Projects
  5. Policies
  6. Data Discovery
  7. Creating a Data Subset
  8. Performing a Data Masking Operation
  9. Data Masking Techniques and Parameters
  10. Data Generation
  11. Data Generation Techniques and Parameters
  12. Working with Test Data Warehouse
  13. Analyzing Test Data with Data Coverage
  14. Plans and Workflows
  15. Monitor
  16. Reports
  17. ilmcmd
  18. tdwcmd
  19. tdwquery
  20. Data Type Reference
  21. Data Type Reference for Test Data Warehouse
  22. Glossary

Encryption Masking

Encryption Masking

Encryption masking applies encryption algorithms to mask source data.
Mask string data types with encryption masking. You can choose the algorithm to encrypt the data.
Select one of the following encryption types:
  • Standard Encryption. To configure standard encryption masking, enter an encryption key that is 16 characters or less. Select from the following encryption algorithms:
    AES
    Advanced Encryption Standard with 128-bit encoding.
    CRC
    Cyclic Redundancy Check. Finds data transmission errors or verifies that data is not modified. Computes a checksum.
    MD5
    MD5 Message-Digest Algorithm. One-way cryptographic hash function with a 128-bit hash value.
  • Format Preserving Encryption. You can choose to preserve the format and length of the source data or the length of the source data. You can also choose to change the format and length of the source data after encryption.
    You can choose characters that you do not want to encrypt.
    After you encrypt the source data, you can also decrypt it to get back the original data. To decrypt the data, you must run a plan that uses the same pass phrase and the same format preserving encryption rule configuration that you used to encrypt the source data.
    If the source data contains UTF-8 four byte characters, you cannot use format preserving encryption to mask the data.
    Select one of the following encryption options:
    Preserve Format and Metadata
    Use the Preserve Format and Metadata encryption option to preserve the format and the length of the source data. When you choose to preserve format and metadata, all uppercase characters are replaced with uppercase characters, lowercase characters are replaced with lowercase characters, numbers are replaced with numbers, and special characters are replaced with special characters after encryption. For example, an email address Abc123@xyz.com might become Mpz849#dje!kuw. In this example, if you configure "@" and "." characters as Do Not Encrypt Characters, the email might become Mpz849@dje.kuw.
    Preserve Metadata
    Use the Preserve Metadata encryption option to preserve the length of the source data. When you choose to preserve metadata, the length of the data remains the same after encryption. For example, a first name Alexender might become jl6#HB91v, where the length remains the same as in the source data.
    Change Metadata
    Use the Change Metadata encryption option to change the length of the source data after encryption. When you choose to change metadata, the encrypted data does not retain the length and format of the source data. For example, a city name London might become Xuep@8f5, fmch529, or 6ky#ke33h*we.
    Before you use the Change Metadata encryption option, you must change the precision of the column you want to apply encryption on in the database.
    Use the following formula to calculate the precision and round up the value to the next higher integer:
    Required Precision = (1.33*Original Precision)+24
    After you change the column precision in the database, you must update the column precision in TDM. To update the column precision you can either reimport the metadata from the updated database, or manually change the column precision in Test Data Manager.