Security algorithm description
Dataphin supports multiple security algorithms for encryption and decryption, hashing, and masking.
Description of encryption and decryption security algorithms
|
Algorithm name |
Algorithm description |
|
RSA native private key encryption/decryption |
RSA is an asymmetric encryption algorithm that uses separate keys for encryption and decryption, providing enhanced security. |
|
FPE format-preserving encryption/decryption (FF1) |
A symmetric encryption method that preserves the plaintext format after encryption and decryption. It requires no changes to the database schema, and the computed data can still participate in calculations. This method is commonly used in financial services or applications that must comply with data privacy standards. |
|
AES native encryption/decryption |
AES is a symmetric encryption algorithm that uses the same key for encryption and decryption. |
|
3DES native encryption/decryption, DES native encryption/decryption |
3DES and DES are symmetric encryption algorithms that use the same key for encryption and decryption. |
|
FPE format-preserving native encryption/decryption (FF1) |
A symmetric encryption method that preserves the plaintext format after encryption and decryption. It requires no changes to the database schema, and the computed data can still participate in calculations. This method is commonly used in financial services or applications that must comply with data privacy standards. |
|
RSA native public key encryption/decryption |
RSA is an asymmetric encryption algorithm that uses separate keys for encryption and decryption, providing enhanced security. |
|
SM2 native public key encryption |
SM2 is an asymmetric encryption algorithm that uses separate keys for encryption and decryption, providing enhanced security. |
|
SM2 native private key decryption |
SM2 is an asymmetric encryption algorithm that uses separate keys for encryption and decryption, providing enhanced security. |
|
SM4 native encryption/decryption |
SM4 is a symmetric encryption algorithm that uses the same key for encryption and decryption. |
Description of masking security algorithms
|
Algorithm name |
Algorithm description |
|
Chinese name |
Desensitizes the surname in a Chinese name, retaining only the given name. |
|
Chinese name (given name masking) |
Desensitizes the given name in a Chinese name, retaining only the surname. |
|
Mobile phone |
Desensitizes mobile phone numbers. |
|
Mobile phone (hidden length) |
Desensitizes mobile phone numbers with a configurable masking length. |
|
Landline |
Desensitizes landline numbers. |
|
Landline (hidden length) |
Desensitizes landline numbers with a configurable masking length. |
|
ID card number |
Desensitizes ID card numbers. |
|
ID card number (hidden length) |
Desensitizes ID card numbers with a configurable masking length. |
|
Bank card number |
Desensitizes bank card numbers. |
|
Bank card number (hidden length) |
Desensitizes bank card numbers with a configurable masking length. |
|
Address |
Desensitizes addresses. |
|
|
Desensitizes email addresses. Example: Input username@example.com, output u***@example.com. |
|
Taobao nickname |
Desensitizes Taobao nicknames. Example: Input Taobao talent 001, output Tao***1. |
|
Birthday |
Example: Input 2019-08-15, output ****-08-15. |
|
Keyword replacement |
Masks a string at positions that match a regular expression. Takes three parameters: the string to mask, a regular expression that identifies the portion to mask, and a replacement string. For example, given string1, exp, and string2, the portion of string1 that matches exp is replaced with string2. |
|
Custom mask |
Masks a string at custom positions. Parameters are specified in pairs: each pair (n, m) masks the characters from position n to position m. |
|
Custom mask (custom replacement value) |
Masks a string at custom positions with a custom replacement value. Parameters are specified in groups of three: each group (n, m, k) replaces the characters from position n to position m with k. |
Description of hashing security algorithms
|
Algorithm name |
Algorithm description |
|
SHA256 |
SHA256 produces a 256-bit (64-character hexadecimal) hash result. |
|
SHA384 |
SHA384 produces a 384-bit (96-character hexadecimal) hash result. |
|
SHA512 |
SHA512 produces a 512-bit (128-character hexadecimal) hash result. |
|
Salted SHA256 |
SHA256 with an added salt value for stronger security. Salting effectively prevents dictionary attacks. Produces a 256-bit (64-character hexadecimal) hash result. |
|
Salted SHA384 |
SHA384 with an added salt value for stronger security. Salting effectively prevents dictionary attacks. Produces a 384-bit (96-character hexadecimal) hash result. |
|
Salted SHA512 |
SHA512 with an added salt value for stronger security. Salting effectively prevents dictionary attacks. Produces a 512-bit (128-character hexadecimal) hash result. |
|
MD5 |
MD5 produces a 128-bit (32-character hexadecimal) hash result. |
|
Salted MD5 |
MD5 produces a 128-bit (32-character hexadecimal) hash result. |
|
Base64 |
Base64 encodes binary data using 64 printable characters. Because Base64-encoded data can be directly decoded, it provides minimal security. |
Description of other security algorithms
|
Algorithm name |
Algorithm description |
|
Gaussian noise |
Applies Gaussian noise to numeric fields. Takes a numeric input and outputs a randomized value that follows a Gaussian distribution. |