PrivaceraCloud Documentation

Masking schemes

Unlike some encryption schemes, which allow for decryption, a masking scheme is always a one-way transformation. There is no reversing the mask. The original string is completely replaced and cannot be unmasked.

Masking techniques

Masking has the following transformations, or techniques:

  • Nullify: the original string is nulled, completely removed.

  • Redaction: The original string is overwritten with a masking character you specify or with the default x. You can redact the string with that character, which is repeated five times. You can also redact with that character but retain the format and length of the original string, which preserves all special characters in the original string but replaces the alphanumeric characters with the specified masking character. Examples with masking character x:

    • Original string:

    • Result without maintaining format and length: xxxxx

    • Result with maintaining format and length:

Masking with the Encryption REST API

You use a masking scheme on the /protect REST API endpoint, with input to /protect in the a JSON structure similar to that used with an encryption scheme.

Because masking is one-way, you should not use it with the /unprotect endpoint, which is for decryption. Using a masking scheme with /unprotect returns an error.

You can combine masking and encryption in a single API request, so that you encrypt some fields and mask other fields at the same time.

Create custom masking scheme

You can create a custom masking scheme for use with the encryption REST API.

  • Choose an easy-to-remember name for the masking scheme.

  • Think of a helpful description for the masking scheme.

  • Decide which format you want to use for the masking scheme.Encryption formats, algorithms, and scopes

  • Decide if the masking scheme should use the nullify or redaction masking technique.

  • If the scheme is to redact:

    • Decide on a suitable masking character to replace the original characters.

    • Decide if you want to retain the original string's format and length.

Create a masking scheme
To create a masking scheme
  1. Go to Encryption & Masking > Schemes.

  2. Click the MASKING SCHEME tab.

  3. Enter an easy-to-remember name for the masking scheme.

  4. Supply a useful description.

  5. From the Format Type list, select the desired format.

  6. For Masking Technique, select either Nullify or Redaction.

  7. If you choose Redaction:

    1. Enter the desired character to replace all other characters in the original string, or rely on the default x.

    2. To maintain the original string's format and length, click that checkbox.

  8. Click SAVE.