Versions Compared

Old Version 4

changes.mady.by.user Mattias Lundström

Saved on

compared with

New Version Current

changes.mady.by.user Jenni Wallin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The masking method that is selected in the Fields tab determines which of the other four tabs that will be active as these tabs contain masking method specific configurations. 

The Data Masking profile configurationThe Fields tab in the Data Masking profile configuration contains the following settings:

...

Setting

Description

Masking Method

Select the masking method to be used from the drop-down list.

Storage Fields

Add the fields to map the UDR fields to.

This section is only applicable to Database Storage and Hash/Database masking methods.

UDR Field Mappings

Add all the UDR types and fields for the profile to process.

Random Algorithm (Only for String type)

Specify the algorithm to be used for generating the random character.

The supported algorithms are:

  • Default: Default random algorithm. For Crypto, it only supports Base64 format where the Hash or Database are using mixture of alphanumeric and special characters. The supported characters list are: 

    Code Block
    [!, ", #, $, %, &, ', (, ), *, +, ,, -, ., /, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, :, ;, <, =, >, ?, @, A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z, [, \, ], ^, _, `, a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p, q, r, s, t, u, v, w, x, y, z, {, |, }, ~]

  • UUID 4: Generate UUID string in 8-4-4-4-12 format xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

  • Custom: Filtered character based on Default character sets, filter condition can be configured through Regex Pattern

For more information on the algorithms for each masking method, see Supported Random Algorithm Type.

This section is only applicable to Database Storage, Hash and Hash/Database masking methods. This section is disabled if other masking method is selected.

Regex Pattern

This is field is enabled when the Custom option is selected. It is a regular expression to extract characters based on the default characters list.

String Length

This is field is enabled when the Custom option is selected. Specify the length of the output string.

Output Format

This field is non-editable. It displays the supported character list and sample output preview.

...

This tab is enabled only when the Crypto masking method is selected in the Fields tab. DataMaskingCrypto.pngImage Removed

...

Setting Description

Description

Cipher Mode

Cipher Mode to use.

The two modes CTR and GCM are non-deterministic in the sense that they will give different outputs for the same input. This means that it will not be possible to correlate data from separate UDRs, but if this is not a requirement then it gives a more complete anonymization.

The CBC mode is deterministic and can be used when correlation must be possible on pseudonymized data. It includes a transposition scrambling to protect against prefix matching.

The ECB mode is not recommended since it allows for prefix and suffix matching and thus gives weaker security than the CBC mode. It is only included for backwards compatibility.

Derive Key from Passphrase

Select this option for the cryptographic engine to use a key from the passphrase. The Passphrase and Algorithm fields will be enabled.

Passphrase

Enter a passphrase manually or click the Random button to generate a random key. The passphrase is then hashed and it is use as the key.

If you use a random passphrase and it has been changed, you will not be able to unmask any masked data prior to the change.

Algorithm

Select the algorithm to be used, either the AES-128 or AES-256.

This can only be used for fields of string and bytearray types.

Read Key from Keystore

Select this option to use a key from a designated keystore. The keystore must be a JCEKS. The Keystore PathKeystore PasswordKey Name and Key Password fields will be enabled.

Example - Creating a symmetric crypto key

Code Block
$ keytool -keystore test.ks -storepass password -storetype jceks -genseckey -keysize 128 -alias testkey -keyalg AES

Keystore Path

Enter the path to the keystore file.

Keystore Password

Enter the associated password.

Key Name

This field is optional. Enter the associated key name.

Key Password

This field is optional. Enter the associated key password if required, otherwise the Keystore Password is used as the default password.

...

This tab is enabled only when the Database Storage masking method is selected in the Fields the Fields tab. 

...

Setting

Description

Database Model

Database

Browse and select the Database profile to use.

Table

Select the database table to view the following information:

  • Field: Shows the field name

  • Unmasked: Shows the unmasked content

  • Masked: Shows the masked content

  • Key: The selected checkbox shows the fields that will be searched when unmasking data.

    If you have a large table or huge amount of lookups, you may consider to select the necessary fields only for searching when unmasking data

Advanced

Queue Size 

Set the queue size for the workers. The queue size will be split between the workers.

Max Number of Workers 

Enter the maximum number of workers.

Max Select Batch Size

Enter the maximum size of the batch when making large select statements to retrieve data.

...

This tab is enabled only when the Hash masking method is selected in the Fields tab. 

...

Setting

Description

Salt

Enter the entry of the relevant hash or click the Random button to generate a random entry.

...

This tab is enabled only when the Hash/Database masking method is selected in the Fields tab. 

...

Setting

Description

Data Model

Database

Browse and select the Database profile to use.

Table

Select the database table to view the following information:

  • Field: Shows the field name

  • Unmasked: Shows the unmasked content

  • Masked: Shows the masked content

  • Key: The selected checkbox shows the fields that will be searched when unmasking data.

    If you have a large table or huge amount of lookups, you may consider to select the necessary fields only for searching when unmasking data

Hash

Salt

Enter the entry of the relevant hash or click the Random button to generate a random entry.

Advanced

Queue Size 

Set the queue size for the workers. The queue size will be split between the workers.

Max Number of Workers

Enter the number of workers.

Max Select Batch Size

Enter the maximum size of the batch when making large select statements to retrieve data.

...

The supported data types for each masking method are as follows:

Data type

Crypto

Database

Hash

Hash/Database

string

(tick)

(tick)

(tick)

(tick)

integer

(error)

(tick)

(tick)

(tick)

long

(error)

(tick)

(tick)

(tick)

short

(error)

(tick)

(tick)

(tick)

double

(error)

(tick)

(tick)

(tick)

byte

(error)

(tick)

(tick)

(tick)

bytearray

(tick)

(tick)

(error)

(error)