Class: Google::Privacy::Dlp::V2beta1::CryptoReplaceFfxFpeConfig

Inherits:

Object

• Object
• Google::Privacy::Dlp::V2beta1::CryptoReplaceFfxFpeConfig

Defined in:

lib/google/cloud/dlp/v2beta1/doc/google/privacy/dlp/v2beta1/dlp.rb

Overview

Replaces an identifier with a surrogate using FPE with the FFX mode of operation. The identifier must be representable by the US-ASCII character set. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped.

Defined Under Namespace

Modules: FfxCommonNativeAlphabet

Instance Attribute Summary

• #common_alphabet ⇒ Google::Privacy::Dlp::V2beta1::CryptoReplaceFfxFpeConfig::FfxCommonNativeAlphabet
• #context ⇒ Google::Privacy::Dlp::V2beta1::FieldId

  A context may be used for higher security since the same identifier in two different contexts likely will be given a distinct surrogate.

• #crypto_key ⇒ Google::Privacy::Dlp::V2beta1::CryptoKey

  The key used by the encryption algorithm.

• #custom_alphabet ⇒ String

  This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports.

• #radix ⇒ Integer

  The native way to select the alphabet.

Instance Attribute Details

#common_alphabet ⇒ Google::Privacy::Dlp::V2beta1::CryptoReplaceFfxFpeConfig::FfxCommonNativeAlphabet

Returns:

• (Google::Privacy::Dlp::V2beta1::CryptoReplaceFfxFpeConfig::FfxCommonNativeAlphabet)

# File 'lib/google/cloud/dlp/v2beta1/doc/google/privacy/dlp/v2beta1/dlp.rb', line 961

class CryptoReplaceFfxFpeConfig
  # These are commonly used subsets of the alphabet that the FFX mode
  # natively supports. In the algorithm, the alphabet is selected using
  # the "radix". Therefore each corresponds to particular radix.
  module FfxCommonNativeAlphabet
    FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED = 0

    # [0-9] (radix of 10)
    NUMERIC = 1

    # [0-9A-F] (radix of 16)
    HEXADECIMAL = 2

    # [0-9A-Z] (radix of 36)
    UPPER_CASE_ALPHA_NUMERIC = 3

    # [0-9A-Za-z] (radix of 62)
    ALPHA_NUMERIC = 4
  end
end

#context ⇒ Google::Privacy::Dlp::V2beta1::FieldId

Returns A context may be used for higher security since the same identifier in two different contexts likely will be given a distinct surrogate. The principle is that the likeliness is inversely related to the ratio of the number of distinct identifiers per context over the number of possible surrogates: As long as this ratio is small, the likehood is large.

If the context is not set, a default tweak will be used. If the context is set but:

1. there is no record present when transforming a given value or
2. the field is not present when transforming a given value,

a default tweak will be used.

Note that case (1) is expected when an +InfoTypeTransformation+ is applied to both structured and non-structured +ContentItem+s. Currently, the referenced field may be of value type integer or string.

The tweak is constructed as a sequence of bytes in big endian byte order such that:

• a 64 bit integer is encoded followed by a single byte of value 1
• a string is encoded in UTF-8 format followed by a single byte of value 2

This is also known as the 'tweak', as in tweakable encryption.

Returns:

• (Google::Privacy::Dlp::V2beta1::FieldId) —

  A context may be used for higher security since the same identifier in two different contexts likely will be given a distinct surrogate. The principle is that the likeliness is inversely related to the ratio of the number of distinct identifiers per context over the number of possible surrogates: As long as this ratio is small, the likehood is large.

  If the context is not set, a default tweak will be used. If the context is set but:

  1. there is no record present when transforming a given value or
  2. the field is not present when transforming a given value,

  a default tweak will be used.

  Note that case (1) is expected when an +InfoTypeTransformation+ is applied to both structured and non-structured +ContentItem+s. Currently, the referenced field may be of value type integer or string.

  The tweak is constructed as a sequence of bytes in big endian byte order such that:

  • a 64 bit integer is encoded followed by a single byte of value 1
  • a string is encoded in UTF-8 format followed by a single byte of value 2

  This is also known as the 'tweak', as in tweakable encryption.

# File 'lib/google/cloud/dlp/v2beta1/doc/google/privacy/dlp/v2beta1/dlp.rb', line 961

class CryptoReplaceFfxFpeConfig
  # These are commonly used subsets of the alphabet that the FFX mode
  # natively supports. In the algorithm, the alphabet is selected using
  # the "radix". Therefore each corresponds to particular radix.
  module FfxCommonNativeAlphabet
    FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED = 0

    # [0-9] (radix of 10)
    NUMERIC = 1

    # [0-9A-F] (radix of 16)
    HEXADECIMAL = 2

    # [0-9A-Z] (radix of 36)
    UPPER_CASE_ALPHA_NUMERIC = 3

    # [0-9A-Za-z] (radix of 62)
    ALPHA_NUMERIC = 4
  end
end

#crypto_key ⇒ Google::Privacy::Dlp::V2beta1::CryptoKey

Returns The key used by the encryption algorithm. [required]

Returns:

• (Google::Privacy::Dlp::V2beta1::CryptoKey) —

  The key used by the encryption algorithm. [required]

# File 'lib/google/cloud/dlp/v2beta1/doc/google/privacy/dlp/v2beta1/dlp.rb', line 961

class CryptoReplaceFfxFpeConfig
  # These are commonly used subsets of the alphabet that the FFX mode
  # natively supports. In the algorithm, the alphabet is selected using
  # the "radix". Therefore each corresponds to particular radix.
  module FfxCommonNativeAlphabet
    FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED = 0

    # [0-9] (radix of 10)
    NUMERIC = 1

    # [0-9A-F] (radix of 16)
    HEXADECIMAL = 2

    # [0-9A-Z] (radix of 36)
    UPPER_CASE_ALPHA_NUMERIC = 3

    # [0-9A-Za-z] (radix of 62)
    ALPHA_NUMERIC = 4
  end
end

#custom_alphabet ⇒ String

Returns This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 62]. This must be encoded as ASCII. The order of characters does not matter.

Returns:

• (String) —

  This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 62]. This must be encoded as ASCII. The order of characters does not matter.

# File 'lib/google/cloud/dlp/v2beta1/doc/google/privacy/dlp/v2beta1/dlp.rb', line 961

class CryptoReplaceFfxFpeConfig
  # These are commonly used subsets of the alphabet that the FFX mode
  # natively supports. In the algorithm, the alphabet is selected using
  # the "radix". Therefore each corresponds to particular radix.
  module FfxCommonNativeAlphabet
    FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED = 0

    # [0-9] (radix of 10)
    NUMERIC = 1

    # [0-9A-F] (radix of 16)
    HEXADECIMAL = 2

    # [0-9A-Z] (radix of 36)
    UPPER_CASE_ALPHA_NUMERIC = 3

    # [0-9A-Za-z] (radix of 62)
    ALPHA_NUMERIC = 4
  end
end

#radix ⇒ Integer

Returns The native way to select the alphabet. Must be in the range [2, 62].

Returns:

• (Integer) —

  The native way to select the alphabet. Must be in the range [2, 62].

# File 'lib/google/cloud/dlp/v2beta1/doc/google/privacy/dlp/v2beta1/dlp.rb', line 961

class CryptoReplaceFfxFpeConfig
  # These are commonly used subsets of the alphabet that the FFX mode
  # natively supports. In the algorithm, the alphabet is selected using
  # the "radix". Therefore each corresponds to particular radix.
  module FfxCommonNativeAlphabet
    FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED = 0

    # [0-9] (radix of 10)
    NUMERIC = 1

    # [0-9A-F] (radix of 16)
    HEXADECIMAL = 2

    # [0-9A-Z] (radix of 36)
    UPPER_CASE_ALPHA_NUMERIC = 3

    # [0-9A-Za-z] (radix of 62)
    ALPHA_NUMERIC = 4
  end
end