Configure advanced algorithms for Field Encryption Enterprise

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Create a cryptographic specification to define the algorithm for a cryptographic module. Customize the encryption specifications with advanced options that are available for Field Encryption Enterprise.

    Before you begin

    Role required: admin

    Procedure

    1. Navigate to All > System Security > Field Encryption > Field Encryption Experience tab, click New.
    2. Select View module details from the Field Encryption overview to open the module record you want to configure.
    3. Select Manage Specification Settings in the Cryptographic Specification section.Manage Specification Settings button.
    4. Select Back to navigate to the Algorithm Definition tab.
    5. On the form, fill in the fields, selecting Next through each tab.
      Table 1. Algorithm Definition form
      Field Description
      Crypto module

      Name of the selected cryptographic module populates.
      Crypto purpose

      The value is Symmetric Data Encryption/Decryption for Field Encryption Enterprise.
      Algorithm

      The value is AES for Field Encryption Enterprise.
      Operation mode

      The value is CBC for Field Encryption Enterprise.
      Size
      Possible values are 256 and 128.
      Note:
      256-bit size is most secure for encryption and is used for Symmetric Data Encryption/Decryption for Field Encryption Enterprise.
      Equality preserving

      Option to enable deterministic encryption.

      Note:
      Selecting this option means that the encrypted value of a field should be the same when the field value remains the same.

      Option to enable Symmetric Data Encryption/Decryption with AES in Cipher Block Chaining (CBC) mode.
      Integrity

      Option to provide Integrity in GCM operation and does not apply for Field Encryption Enterprise functionality.
    6. Click Submit.

      The following example shows AES 256 CBC encryption. When Field Encryption Enterprise is active and the parent module is column_level_encryption, only Symmetric Data Encryption/Decryption AES 256 CBC applies as the crypto purpose. See Cryptographic specification overview for details.

      Shows the AES 256 CBC encryption configuration options.

    What to do next

    Perform one of the following operations: