Class: Google::Privacy::Dlp::V2::CryptoReplaceFfxFpeConfig
- Inherits:
-
Object
- Object
- Google::Privacy::Dlp::V2::CryptoReplaceFfxFpeConfig
- Defined in:
- lib/google/cloud/dlp/v2/doc/google/privacy/dlp/v2/dlp.rb
Overview
Replaces an identifier with a surrogate using FPE with the FFX mode of operation; however when used in the +ReidentifyContent+ API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See Pseudonymization for example usage.
Defined Under Namespace
Modules: FfxCommonNativeAlphabet
Instance Attribute Summary collapse
- #common_alphabet ⇒ Google::Privacy::Dlp::V2::CryptoReplaceFfxFpeConfig::FfxCommonNativeAlphabet
-
#context ⇒ Google::Privacy::Dlp::V2::FieldId
The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate.
-
#crypto_key ⇒ Google::Privacy::Dlp::V2::CryptoKey
The key used by the encryption algorithm.
-
#custom_alphabet ⇒ String
This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports.
-
#radix ⇒ Integer
The native way to select the alphabet.
-
#surrogate_info_type ⇒ Google::Privacy::Dlp::V2::InfoType
The custom infoType to annotate the surrogate with.
Instance Attribute Details
#common_alphabet ⇒ Google::Privacy::Dlp::V2::CryptoReplaceFfxFpeConfig::FfxCommonNativeAlphabet
1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 |
# File 'lib/google/cloud/dlp/v2/doc/google/privacy/dlp/v2/dlp.rb', line 1231 class CryptoReplaceFfxFpeConfig # These are commonly used subsets of the alphabet that the FFX mode # natively supports. In the algorithm, the alphabet is selected using # the "radix". Therefore each corresponds to particular radix. module FfxCommonNativeAlphabet FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED = 0 # [0-9] (radix of 10) NUMERIC = 1 # [0-9A-F] (radix of 16) HEXADECIMAL = 2 # [0-9A-Z] (radix of 36) UPPER_CASE_ALPHA_NUMERIC = 3 # [0-9A-Za-z] (radix of 62) ALPHA_NUMERIC = 4 end end |
#context ⇒ Google::Privacy::Dlp::V2::FieldId
Returns The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.
If the context is set but:
- there is no record present when transforming a given value or
- the field is not present when transforming a given value,
a default tweak will be used.
Note that case (1) is expected when an +InfoTypeTransformation+ is applied to both structured and non-structured +ContentItem+s. Currently, the referenced field may be of value type integer or string.
The tweak is constructed as a sequence of bytes in big endian byte order such that:
- a 64 bit integer is encoded followed by a single byte of value 1
- a string is encoded in UTF-8 format followed by a single byte of value å 2
1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 |
# File 'lib/google/cloud/dlp/v2/doc/google/privacy/dlp/v2/dlp.rb', line 1231 class CryptoReplaceFfxFpeConfig # These are commonly used subsets of the alphabet that the FFX mode # natively supports. In the algorithm, the alphabet is selected using # the "radix". Therefore each corresponds to particular radix. module FfxCommonNativeAlphabet FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED = 0 # [0-9] (radix of 10) NUMERIC = 1 # [0-9A-F] (radix of 16) HEXADECIMAL = 2 # [0-9A-Z] (radix of 36) UPPER_CASE_ALPHA_NUMERIC = 3 # [0-9A-Za-z] (radix of 62) ALPHA_NUMERIC = 4 end end |
#crypto_key ⇒ Google::Privacy::Dlp::V2::CryptoKey
Returns The key used by the encryption algorithm. [required]
1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 |
# File 'lib/google/cloud/dlp/v2/doc/google/privacy/dlp/v2/dlp.rb', line 1231 class CryptoReplaceFfxFpeConfig # These are commonly used subsets of the alphabet that the FFX mode # natively supports. In the algorithm, the alphabet is selected using # the "radix". Therefore each corresponds to particular radix. module FfxCommonNativeAlphabet FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED = 0 # [0-9] (radix of 10) NUMERIC = 1 # [0-9A-F] (radix of 16) HEXADECIMAL = 2 # [0-9A-Z] (radix of 36) UPPER_CASE_ALPHA_NUMERIC = 3 # [0-9A-Za-z] (radix of 62) ALPHA_NUMERIC = 4 end end |
#custom_alphabet ⇒ String
Returns This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 62]. This must be encoded as ASCII. The order of characters does not matter.
1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 |
# File 'lib/google/cloud/dlp/v2/doc/google/privacy/dlp/v2/dlp.rb', line 1231 class CryptoReplaceFfxFpeConfig # These are commonly used subsets of the alphabet that the FFX mode # natively supports. In the algorithm, the alphabet is selected using # the "radix". Therefore each corresponds to particular radix. module FfxCommonNativeAlphabet FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED = 0 # [0-9] (radix of 10) NUMERIC = 1 # [0-9A-F] (radix of 16) HEXADECIMAL = 2 # [0-9A-Z] (radix of 36) UPPER_CASE_ALPHA_NUMERIC = 3 # [0-9A-Za-z] (radix of 62) ALPHA_NUMERIC = 4 end end |
#radix ⇒ Integer
Returns The native way to select the alphabet. Must be in the range [2, 62].
1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 |
# File 'lib/google/cloud/dlp/v2/doc/google/privacy/dlp/v2/dlp.rb', line 1231 class CryptoReplaceFfxFpeConfig # These are commonly used subsets of the alphabet that the FFX mode # natively supports. In the algorithm, the alphabet is selected using # the "radix". Therefore each corresponds to particular radix. module FfxCommonNativeAlphabet FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED = 0 # [0-9] (radix of 10) NUMERIC = 1 # [0-9A-F] (radix of 16) HEXADECIMAL = 2 # [0-9A-Z] (radix of 36) UPPER_CASE_ALPHA_NUMERIC = 3 # [0-9A-Za-z] (radix of 62) ALPHA_NUMERIC = 4 end end |
#surrogate_info_type ⇒ Google::Privacy::Dlp::V2::InfoType
Returns The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate
For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc'
This annotation identifies the surrogate when inspecting content using the custom infoType +SurrogateType+. This facilitates reversal of the surrogate when it occurs in free text.
In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 |
# File 'lib/google/cloud/dlp/v2/doc/google/privacy/dlp/v2/dlp.rb', line 1231 class CryptoReplaceFfxFpeConfig # These are commonly used subsets of the alphabet that the FFX mode # natively supports. In the algorithm, the alphabet is selected using # the "radix". Therefore each corresponds to particular radix. module FfxCommonNativeAlphabet FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED = 0 # [0-9] (radix of 10) NUMERIC = 1 # [0-9A-F] (radix of 16) HEXADECIMAL = 2 # [0-9A-Z] (radix of 36) UPPER_CASE_ALPHA_NUMERIC = 3 # [0-9A-Za-z] (radix of 62) ALPHA_NUMERIC = 4 end end |