Skip to content

Encryption formats, algorithms, and scopes

These are allowable combinations of encryption input data formats, the supported algorithms for those formats, and the scope of the data that is encrypted.

The combinations are subdivided into groups based on the underlying API:

  • Privacera API
  • Bouncy Castle API

Other Schemes Now Deprecated

The schemes listed here are the only supported certified schemes.

All other schemes not listed here are deprecated.

Numeric formats with FPE algorithm: input must be string

For a scheme with Numeric format type and FPE algorithm, the numeric data on the calls to /protect and /unprotect must be a string.

To preserve the format and length, the encrypted output must also be stored as a string.

Example: Encrypting a number via FPE like 123456 might result in output like 027931.

To preserve the format and length the 0 prefix needs to be retained.

Storing this result in string format ensures that future decryption/encryption functions correctly.

Privacera API

The following combinations can be used with the Privacera API.

The request and response examples show the datalist JSON element with the Privacera Encryption REST API /protect endpoint.

Format: Alphanumeric

  • Algorithm: Alphanumeric, Scope: All

Example

  • Request:
"datalist": [
    [
        "TUCSON AZ 85705,USA",
        "testdata115",
        "105 Sikes Hall, Clemson, SC 29634, USA",
        "177A Bleecker Street",
        null
    ]
]
  • Response:
"datalist": [
    [
        "hGL8f5ycfDDrxguRRZhDTPINOfHZmlxik5bW2xz9Mbg=",
        "7GEWk9XuIigzkTczc9Ntzg==",
        "9e6obWu6mh9vK2xkEcFvOeXSYwve2Ws9jQ1AEBVxc3zj5lFGNcBPxxLpgyyZin0u",
        "MDtays2tyyOv5egH+OXbk9UqL2RDTZRhqNYxaEULsjs=",
        null
    ]
]

Format: ASCII

7-bit ASCII character set, excluding control characters.

  • Algorithm: FPE, Scope: All

Example

  • Request:
"datalist": [
    [
        "testvalue123",
        "This is a sample text",
        "This is sample 123 alphanumeric text 123.",
        "123456789098765",
        "123!@#R)(*&^4567JHG",
        null
    ]
]
  • Response:
"datalist": [
    [
       "[pa&xA_)1qs=",
        "?xUs.H';NIy>BJ0@y9{qq",
        "o/|R7&k)d>dmp^Am}.%-F]_Ym7c]@B~Xm)eOB+=w*",
        "/apLBEweK)?| *t",
        "{lD+U%cMLKM]k+`lt}.",
        null
      ]
  ],

Format: CC

Credit card. Numeric from 14 to 19 digits. Hyphens and spaces allowed.

  • Algorithm: FPE, Scope: All
  • Algorithm: FPE, Scope: First 4 digits
  • Algorithm: FPE, Scope: Last 4 digits

Example of FPE, All

  • Request: 

    "datalist": [
    [
        "236864479139819",
        "160201209940524",
        "41228020889831",
        "7529274609013685",
        null,
        "6536921047107462",
        "4766530513049409"
      ]
  ]

  • Response: 

    "datalist": [
    [
        "524312768689370",
        "535332579591178",
        "79759512315352",
        "1072002057261056",
        null,
        "3907516129227718",
        "6712017221140690"
    ]
]

Formats: DATE and Date_DD_MM

  • Algorithm: FPE, Scope: All

For details on allowable formats, see Date Input Formats and Ranges

Example

  • Request: 

    "datalist": [
    [
        "16/12/3352",
        "09/02/3508",
        "16-12-3352",
        "21-03-3421",
        "19/12/3224 21:01:24:202",
        null
    ]
]

  • Response: 

    "datalist": [
    [
        "16/12/3352",
        "09/02/3508",
        "16-12-3352",
        "21-03-3421",
        "12/07/3871 20:44:36:480",
        null
    ]
]

Format: Driver License

  • Algorithm: FPE, Scope: All

Example

  • Request: 

    "datalist": [
    [
        "A123456789012",
        "12345678X",
        null,
        "123456789",
        "m1234567",
        "12345678123456789",
        "123456789",
        null,
        "113654424",
        "999000680",
        "B13654424",
        "G544-061-73-925-0",
        "AA123456Z",
        null
    ]
]

  • Response: 

    "datalist": [
    [
        "09HnovI2QR9jw",
        "pIJijAhlj",
        null,
        "pnZaDghd0",
        "ICSdAHiD",
        "92SRB3QE5S6TunSRA",
        "pnZaDghd0",
        null,
        "J1XT5UuBq",
        "SHdt78Two",
        "PMGoghnkh",
        "rusP-R4U-EG-nVV-r",
        "YslNiR2As",
        null
    ]
]

Format: Email

Must include @ sign.

  • Algorithm: FPE, Scope: All
  • Algorithm: FPE, Scope: masked username
  • Algorithm: FPE, Scope: masked domain

Example of FPE, All

  • Request: 

    "datalist": [
    [
        "test@domain.com",
        "lastname@domain.com",
        "test.email.with+symbol@domain.com",
        "id-with-dash@domain.com",
        "example-abc@abc-domain.com",
        "admin@mailserver1",
        "#!$%&'*+-/=?^_{}|~@domain.org",
        "example@localhost",
        "example@s.solutions",
        "test@com",
        "test@localserver",
        null
    ]
]

  • Response: 

    "datalist": [
    [
        "T~oi@GaRxEU.ZFq",
        "R82`Rs7E@GaRxEU.ZFq",
        "s%x{.&FEi!.qPEjpST2gK#@GaRxEU.ZFq",
        "t+g_4s+Vn_?7@GaRxEU.ZFq",
        "bPVRw9_x_J`@DmF-AyWNGj.gxA",
        "BnAIk@lhGbMXvogj1",
        "GZhp3&iMy^X|0Jij%s@WCXdsf.BYi",
        "vUnO=Fb@IWyJfKkFW",
        "vUnO=Fb@X.wpkHRwTbu",
        "T~oi@nZF",
        "T~oi@EfwTCYFFfgu",
        null
    ]
]

Format: FPE_ALPHA_NUMERIC

  • Algorithm: Alphanumeric, Scope: All
  • Algorithm: FPE, Scope: All
  • Algorithm: Standard, Scope: All
  • Algorithm: Standard 256-bit, Scope: All

Example of FPE, All

  • Request: 

    "datalist": [
    [
        "Acc965121354",
        "testdata123samplevalue",
        "sample value 2nd instance",
        "221, baker street",
        null
    ]
]

  • Response: 

    "datalist": [
    [
        "4eOPie2yXN1f",
        "SsGfMkh12uH1ndQnsDaa1V",
        "j8pHr5 CdFLR LUc 0zw1ZuhK",
        "om5, KUR9R bBjjd2",
        null
    ]
]

Format: HASHING

Same as ASCII. These are one-way hashes.

  • Algorithm: SHA-256, Scope: All
  • Algorithm: SHA-512, Scope: All

Example of SHA-256, All

  • Request: 

    "datalist": [
    [
        "8743b52063cd84097a65d1633f5c74f5",
        "hashvalue115",
        "Test123Text",
        null
    ]
]

  • Response: 

    "datalist": [
    [
        "74ee1fae245edd6f27bf36efc3604942479fceefbadab5dc5c0b538c196eb0f1",
        "492c94273948d5140dcfef60b15a99b9c2cd5e730a5d40d2991548255825d473",
        "c9ecc7cecff05b064da8a89befa266e84da87409a7d8624ec15252affb70d732",
        null
    ]
]

Format: Host/Domain

Internet standard domain name, or portion thereof, with periods.

  • Algorithm: FPE, Scope: All

Example

  • Request: 

    "datalist": [
    [
        "cornell.edu",
        "www.google.com",
        "en.wikipedia.org",
        ".com",
        "www.privacera.com",
        "www.privacera.com",
        ".edu",
        "10.211.95.191",
        null
    ]
]

  • Response: 

    "datalist": [
    [
        "uf8T8tY.u54",
        "1Wr.f6NCmk.M9m",
        "fj.dbwLIn9DR.BfV",
        ".qCB",
        "XGY.GPRNgo1Wo.x7t",
        "XGY.GPRNgo1Wo.x7t",
        ".B56",
        "y4.VTB.Uh.V2H",
        null
    ]
]

Format: IP

Internet Protocol v4 or v6 standard address

  • Algorithm: FPE, Scope: All

Example

  • Request: 

    "datalist": [
    [
        null,
        "10.211.95.191",
        "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789",
        "2001:DB8:0:0:8:800:200C:417A",
        "123.123.12.1",
        null,
        "0.0.0.0",
        "10.31.31.54",
        null
    ]
]

  • Response: 

    "datalist": [
    [
        null,
        "184.54.42.61",
        "ABCD:EF6a:e277:216a:ABCD:EFf9:5b8c:3a24",
        "9623:DB5:5:6:4:b3a:34cC:9ecA",
        "33.71.6.126",
        null,
        "223.195.44.37",
        "138.217.142.157",
        null
    ]
]

Format: LITERAL

Free-form: no specific format required.

  • Algorithm: FPE, Scope: All
  • Algorithm: Standard 256-bit, Scope: All

Example of FPE, All

  • Request: 

    "datalist": [
    [
        "TRUE",
        "FALSE",
        "123876.0988",
        "123876",
        "Literal",
        "Test123Text",
        null
    ]
]

  • Response: 

    "datalist": [
    [
        "",
        "",
        "",
        "",
        "",
        "",
        null
    ]
]

Format: Numeric

Digits from 0 through 9.

  • Algorithm: FPE, Scope: All

Example

  • Request: 

    "datalist": [
    [
        null,
        "a9876543211098",
        "9876543211098",
        "a9876543211098",
        "acn9876543211098",
        null,
        "1234567890897654321",
        "1ab4 df56 7qwer2343",
        "1234543 5434 23454",
        "priv9876543211098",
        "acn9876543211098",
        null
    ]
]

  • Response: 

    "datalist": [
    [
        null,
        "a8440422448831",
        "5980689261168",
        "a8440422448831",
        "acn1390446821808",
        null,
        "3963413609305412090",
        "4ab6 df25 4qwer6711",
        "3073815 5226 34978",
        "priv1617217642784",
        "acn1390446821808",
        null
    ]
]

  • Algorithm: FPE, Scope: All

Format: SSN

US Social Security Number. Nine digits. Hyphens and spaces allowed.

  • Algorithm: FPE, Scope: Last 4 digits
  • Algorithm: FPE, Scope: All

Example of FPE, All

  • Request: 

    "datalist": [
    [
        "778-62-8144",
        "030 72 7381",
        "709066491",
        "163254042",
        null,
        "805 14 1893",
        "401318448"
    ]
]

  • Response: 

    "datalist": [
    [
        "932-88-1456",
        "828 92 5898",
        "954061516",
        "998726200",
        null,
        "980 21 5905",
        "191897078"
    ]
]

Format: Text

  • Algorithm: FPE, Scope: All

Example of FPE, All

  • Request: 
    "datalist": [
    [
        "778-62-8144",
        "030 72 7381",
        "709066491",
        "163254042",
        null,
        "805 14 1893",
        "401318448"
    ]
]
  • Response: 
    "datalist": [
    [
        "932-88-1456",
        "828 92 5898",
        "954061516",
        "998726200",
        null,
        "980 21 5905",
        "191897078"
    ]
]

Bouncy Castle API

The following combinations can be used with the Bouncy Castle API.

The only allowable scope for schemes that use the Bouncy Castle API is All.

Format Algorithm Scope
Alphanumeric
  • AES 128
  • AES 256
 All
ASCII
  • AES 128
  • AES 256
 All
CC
  • AES 128
  • AES 256
 All
Date
  • AES 128
  • AES 256
 All
DateTime
  • AES 128
  • AES 256
 All
Email
  • AES 128
  • AES 256
 All
Host/Domain
  • AES 128
  • AES 256
 All
IP
  • AES 128
  • AES 256
 All
Numeric
  • AES 128
  • AES 256
 All
SSN
  • AES 128
  • AES 256
 All
Text
  • AES 128
  • AES 256
 All

Date input formats and ranges

For examples of these formats, see Examples of Allowable Date Input Formats.

Supported date range

The range of dates supported by DateTime is from 1900/01/01 to 2099/12/31, inclusive.

Note

This range is irrespective of delimiters in the input. It specifies only the lower and upper limits of the values of year, month, and day, and does not apply to any specific hour, day, or minute.

Legend for date input formats

  • yyyy or uuuu is 4-digit year. uuuu is a year format that does not need the specification of the era CE (Common Era) or BCE (Before Common Era). A positive number indicates CE, while a negative number indicates BCE.
  • MM is the 2-digit, zero-padded month of yyyy or uuuu.
  • dd is the 2-digit, zero-padded day of MM.
  • HH is the 2-digit, zero-padded 24-hour clock hour of dd.
  • mm is the 2-digit, zero-padded minute of HH.
  • ss is the 2-digit, zero-padded second of mm.
  • SSS is the 3-digit, zero-padded microsecond of ss.
  • The literal T is the time indicator and the literal Z is the indicator for time zone offset, as described in W3C's Time & date: Essential concepts. Note: The time zone offset is not encrypted.
  • The string literals AM and PM are before noon and afternoon in the analog 12-hour clock.

Day-first formats

Date begins with the numeric, zero-padded day.

  • dd/mm/uuuu
  • dd/mm/uuuu HH:mm:ss:SSS

Month-first formats

Data begins with the numeric, zero-padded month.

  • mm/dd/uuuu HH:mm:ss,SSS
  • mm/dd/uuuu HH:mm:ss,SSSZ
  • mm/dd/uuuu HH:mm:ss.SSS
  • mm/dd/uuuu HH:mm:ss.SSSZ
  • mm/dd/uuuu HH:mm:ss
  • mm/dd/uuuu HH:mm:ss AM
  • mm/dd/uuuu HH:mm:ss PM
  • mm/dd/uuuu HH:mm:ssZ
  • mm/dd/uuuu HH:mm
  • mm/dd/uuuu HH:mmZ
  • mm/dd/uuuu
  • mm/dd/uuuuTHH:mm:ss,SSS
  • mm/dd/uuuuTHH:mm:ss,SSSZ
  • mm/dd/uuuuTHH:mm:ss.SSS
  • mm/dd/uuuuTHH:mm:ss.SSSZ
  • mm/dd/uuuuTHH:mm:ss
  • mm/dd/uuuuTHH:mm:ssZ
  • mm/dd/uuuuTHH:mm
  • mm/dd/uuuuTHH:mmZ

Year-first formats

Date begins with the year.

  • uuuu-mm-dd
  • uuuu-mm-dd AM
  • uuuu-mm-dd PM
  • uuuu-mm-dd HH:mm AM
  • uuuu-mm-dd HH:mm PM
  • uuuu-mm-dd HH:mm:ss,SSS
  • uuuu-mm-dd HH:mm:ss.SSS
  • uuuu-mm-dd HH:mm:ss,SSS AM
  • uuuu-mm-dd HH:mm:ss,SSS PM
  • uuuu-mm-dd HH:mm:ss.SSS AM
  • uuuu-mm-dd HH:mm:ss.SSS PM
  • uuuu-mm-dd HH:mm:ss
  • uuuu-mm-dd HH:mm
  • uuuu-mm-ddTHH:mm:ss,SSS
  • uuuu-mm-ddTHH:mm:ss,SSSZ
  • uuuu-mm-ddTHH:mm:ss.SSS
  • uuuu-mm-ddTHH:mm:ss.SSSZ
  • uuuu-mm-ddTHH:mm:ss
  • uuuu-mm-ddTHH:mm:ssZ
  • uuuu-mm-ddTHH:mm
  • uuuu-mm-ddTHH:mmZ
  • uuuu/mm/dd HH:mm:ss,SSS
  • uuuu/mm/dd HH:mm:ss.SSS
  • uuuu/mm/dd HH:mm:ss
  • uuuu/mm/dd HH:mm
  • uuuu/mm/dd
  • uuuu/mm/ddTHH:mm:ss,SSS
  • uuuu/mm/ddTHH:mm:ss,SSSZ
  • uuuu/mm/ddTHH:mm:ss.SSS
  • uuuu/mm/ddTHH:mm:ss.SSSZ
  • uuuu/mm/ddTHH:mm:ss
  • uuuu/mm/ddTHH:mm:ssZ
  • uuuu/mm/ddTHH:mm
  • uuuu/mm/ddTHH:mmZ

Examples of allowable date input formats

  • 1900-01-01
  • 1912/01/02
  • 1912-01-02 03:10:50
  • 1912/01/02 03:10:50
  • 1912-01-02 03:10:50.000
  • 1912/01/02 03:10:50.000
  • 1950/02/03T05:20:30.213+1000
  • 2099-12-31T05:20:30.213+1000