Configure advanced algorithms for Column Level Encryption Enterprise

Xanadu Platform security

Release

xanadu

ft:locale

en-US

ft:publication_title

Xanadu Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

Configure advanced algorithms for Column Level Encryption Enterprise

Release version: Xanadu

Updated October 22, 2024

1 minute to read

Create a cryptographic specification to define the algorithm for a cryptographic module. Customize the encryption specifications with advanced options that are available for Column Level Encryption Enterprise.

Before you begin

Role required: admin

Procedure

On the Crypto Specifications (#) tab, click New.

On the form, fill in the fields.

Table 1. Algorithm Definition form
Field	Description
Crypto module	Name of the selected cryptographic module populates.
Crypto purpose	The value is Symmetric Data Encryption/Decryption for Column Level Encryption Enterprise.
Algorithm	The value is AES for Column Level Encryption Enterprise.
Operation mode	The value is CBC for Column Level Encryption Enterprise.
Size	Possible values are 256 and 128. Note: 256-bit size is most secure for encryption and is used for Symmetric Data Encryption/Decryption for Column Level Encryption Enterprise.
Equality preserving	Option to enable deterministic encryption. Note: Selecting this option means that the encrypted value of a field should be the same when the field value remains the same. Option to enable Symmetric Data Encryption/Decryption with AES in Cipher Block Chaining (CBC) mode.
Integrity	Option to provide Integrity in GCM operation and does not apply for Column Level Encryption Enterprise functionality.

Click Submit.

The following example shows AES CBC-256 encryption. When Column Level Encryption Enterprise is active and the parent module is column_level_encryption, only Symmetric Data Encryption/Decryption AES CBC-256 applies as the crypto purpose. See Cryptographic specification for details.

What to do next

Perform one of the following operations:

Select an entry in the Key Lifecycle table to define key lifecycle behavior. See Configure key lifecycle states for details to complete the lifecycle definition for the key.
Select Next to create a cryptographic key. See one of the following tasks for key generation: