Crypto

This tab is activated only when the Crypto masking method is selected in the Fields tab. The following settings are available in the Crypto masking method in the Data Masking profile.

Setting	Description

Setting	Description
Derive Key from Passphrase	Select this option if you would like to specify a directly configured key. The Passphrase and Algorithm fields will be enabled.
Passphrase	Enter a passphrase manually or click the Random button to generate a random key. The passphrase is then hashed and it is use as the key. Note! If you use a random passphrase and it has been changed, you will not be able to unmask any of the data that has been masked prior to the change.
Algorithm	Select one of the following algorithms to be used: AES-128 - uses 128-bit key for data encryption and decryption. AES-256 - uses 256-bit key for data encryption and decryption.
Read Key from Keystore	Select this option if you would like a key to be read from a specific keystore. The keystore must be a JCEKS. Example - Creating a symmetric crypto key `$ keytool -keystore test.ks -storepass password -storetype jceks -genseckey -keysize 128 -alias testkey -keyalg AES` Selecting this option will enable the Keystore Path, Keystore Password, Key Name and Key Password fields.
	Keystore Path	Enter the location of the JCEKS type keystore from which you would like the key to be read.
	Keystore Password	Enter the password to the keystore.
	Key Name	This field is optional. Enter the field name if required.
	Key Password	This field is optional. Enter the password if required, otherwise the Keystore Password is used as the default password.