Fabric encrypts each LUI using the AES-256 mode encryption algorithm. Hence, the key length is 256 bytes.
The underlying key, using the SHA-256 algorithm, is the hash of the following parts:
Since each Instance ID has a different value, Fabric creates a different key for each Instance ID. Fabric saves the key description of each Instance ID in the ENTITY table in Cassandra. This way, Fabric can decrypt the entity when necessary. The encrypted master key used to encrypt the Instance ID can be taken from the KEYS table according to the key's description.
By default, when creating a Logical Unit, the Enable data encryption field is set to False.
To encrypt each instance (LUI), set the Enable data encryption property of the LU schema to True.
See the screenshot below:
To encrypt only selected fields on the LU Instance, first set the FULL_ENTITY_ENCRYPTION=false
parameter to false in the config.ini file and then encrypt specific fields in the implementation using the following built-in functions:
public static String luEncrypt(String plainData) throws Exception
This function encrypts data in text format using the latest master key and LUI key and can be used to encrypt individual fields in the LUI micro-database
Parameters:
The function returns the following:
public static String luDecrypt(String encryptedData, String luName, String entityID) throws Exception
This function decrypts a string previously encrypted using the luEncrypt
method:
Parameters:
This function returns the following:
public static String luRekey(String encryptedData) throws Exception
This function decrypts data using its key and encrypts it using the latest master key. For a system to support the Rekey option, data must be rekeyed when resyncing the LUI.
Parameters:
encryptedData, encrypted data to be rekeyed
This function returns the following:
Fabric encrypts each LUI using the AES-256 mode encryption algorithm. Hence, the key length is 256 bytes.
The underlying key, using the SHA-256 algorithm, is the hash of the following parts:
Since each Instance ID has a different value, Fabric creates a different key for each Instance ID. Fabric saves the key description of each Instance ID in the ENTITY table in Cassandra. This way, Fabric can decrypt the entity when necessary. The encrypted master key used to encrypt the Instance ID can be taken from the KEYS table according to the key's description.
By default, when creating a Logical Unit, the Enable data encryption field is set to False.
To encrypt each instance (LUI), set the Enable data encryption property of the LU schema to True.
See the screenshot below:
To encrypt only selected fields on the LU Instance, first set the FULL_ENTITY_ENCRYPTION=false
parameter to false in the config.ini file and then encrypt specific fields in the implementation using the following built-in functions:
public static String luEncrypt(String plainData) throws Exception
This function encrypts data in text format using the latest master key and LUI key and can be used to encrypt individual fields in the LUI micro-database
Parameters:
The function returns the following:
public static String luDecrypt(String encryptedData, String luName, String entityID) throws Exception
This function decrypts a string previously encrypted using the luEncrypt
method:
Parameters:
This function returns the following:
public static String luRekey(String encryptedData) throws Exception
This function decrypts data using its key and encrypts it using the latest master key. For a system to support the Rekey option, data must be rekeyed when resyncing the LUI.
Parameters:
encryptedData, encrypted data to be rekeyed
This function returns the following: