This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Encrypt and decrypt sensitive data in a source

pavan
Former Employee

โ€Ž10-22-2018 02:10 PM

Created by @pavan

This pipeline pattern will encrypt fields passed as JSON docs using a defined transform type (AES), and decrypts and gives back the original message. This pattern is useful for encrypting sensitive messages (credit card info, SSN, patients name, DOB etc).

encrypt-decrypt

Configuration

Within the JSON Generator, replace โ€œEnter certificate hereโ€ with your own certificate.

Sources: JSON
Targets: JSON
Snaps used: JSON Generator, Encrypt Field, Mapper, Decrypt Field

Downloads

Encrypt & Decrypt Fields.slp (9.1 KB)

Encrypt & Decrypt Fields.slp
0 Kudos
6 REPLIES 6

Deepak
New Contributor II
In response to tstack

โ€Ž07-15-2019 09:48 AM

@tstack

Those give away key information on what stratergy is used by an organization for encryption. Also, the attributes I mentioned are key attributes required for encryption.
These are sensitive data.

Pipeline exec vs Iltra ppipeline decision would take this chain in a different direction. Letโ€™s consider the fact that we need to utilize this Ultra pipelines.

0 Kudos

tstack
Former Employee
In response to Deepak

โ€Ž07-15-2019 10:18 AM

The encryption algorithm in use is not a secret. You can hardcode the algorithm if you want, but it wonโ€™t increase security. In some use cases, it can make things less secure since the interface will be stuck with a single algorithm. Then, if that algorithm becomes vulnerable, it will be difficult to change while remaining backwards compatible during the transition period.

No, they are not sensitive. If you donโ€™t want to believe me, please do some of your own research.

Here is a section on IVs in Wikipedia to start:

An initialization vector has different security requirements than a key, so the IV usually does not need to be secret.

0 Kudos