Encryption Algorithms #
AES Encryption Algorithm #
Type: AES
Configurable Properties:
| Name | Data Type | Description |
|---|---|---|
| aes-key-value | String | Key used by AES |
| digest-algorithm-name | String | Digest algorithm for AES key, optional configuration. Default: SHA-512. Configurable options: “MD2”, “MD5”, “SHA-1”, “SHA-224”, “SHA-256”, “SHA-384”, “SHA-512”, “SHA-512/224”, “SHA-512/256”, “SHA3-224”, “SHA3-256”, “SHA3-384”, “SHA3-512” |
| key-manager | String | Name of the key management algorithm |
Explanation: Configure either aes-key-value or key-manager.
RC4 Encryption Algorithm #
Type: RC4
Configurable Properties:
| Name | Data Type | Description |
|---|---|---|
| rc4-key-value | String | Key used by RC4 |
| key-manager | String | Name of the key management algorithm |
Explanation: Configure either rc4-key-value or key-manager.
SM3 Encryption Algorithm #
Type: SM3
Configurable Properties:
| Name | Data Type | Description |
|---|---|---|
| sm3-salt | String | Salt used by SM3 (empty or 8 Bytes) |
| key-manager | String | Name of the key management algorithm |
Explanation: Configure either sm3-salt or key-manager.
SM4 Encryption Algorithm #
Type: SM4
Configurable Properties:
| Name | Data Type | Description |
|---|---|---|
| sm4-key | String | Key used by SM4 (16 Bytes) |
| sm4-mode | String | Mode used by SM4 (CBC or ECB) |
| sm4-iv | String | IV used by SM4 (required for CBC mode, 16 Bytes) |
| sm4-padding | String | Padding used by SM4 (PKCS5Padding, PKCS7Padding, NoPadding(ECB mode cannot be used with NoPadding)) |
| key-manager | String | Name of the key management algorithm |
Explanation: Configure either SM4 settings (sm4-key, sm4-mode, sm4-iv, sm4-padding) or key-manager.
Fuzzy Encryption Algorithms #
Character Digest Algorithm #
Explanation: The character set of underlying storage nodes should be set to utf8 or utf8mb4.
Type: SphereEx:CHAR_TRANSFORM_LIKE
Configurable Properties:
| Name | Data Type | Description |
|---|---|---|
| key-manager | String | Name of the key management algorithm |
Desensitization Character Digest Algorithm #
Explanation: The character set of the underlying storage node needs to be set to utf8 or utf8mb4.
Principle: 1. First, use the configured desensitization algorithm to desensitize the plaintext data; 2. Use the configured digest algorithm to generate a digest for the desensitized data from step 1.
Type: SphereEx:COMPLEX_MASK_LIKE
Configurable Properties:
| Name | Data Type | Description |
|---|---|---|
| like-algorithm-name | String | The name of the like encryption algorithm, optional configuration, default is SphereEx:CHAR_TRANSFORM_LIKE |
| mask-algorithm-name | String | The name of the desensitization algorithm, optional configuration, default is KEEP_FIRST_N_LAST_M |
Explanation: For other configurable properties, refer to the specific like encryption algorithm and desensitization algorithm configuration properties.
Order-Preserving Encryption Algorithm #
OPE Encryption Algorithm #
Type: SphereEx:FASTOPE
Explanation: This algorithm can also be directly used as a standard algorithm, without the need to configure the orderQuery column, and can achieve sorting, comparison, and range queries.
Configurable Properties:
| Name | Data Type | Description |
|---|---|---|
| alpha-key | String | A random double used by the OPE algorithm, which can be generated using java.security.SecureRandom#nextDouble, with a value range of 0.8-1 |
| factor-e-key | String | A random double used by the OPE algorithm, which can be generated using java.security.SecureRandom#nextDouble, with a value range of 0-1 |
| factor-k-key | String | A random long used by the OPE algorithm, which can be generated using java.security.SecureRandom#nextLong |
Query Assist Algorithms #
MD5 Encryption Algorithm #
Type: MD5
Configurable Properties:
| Name | Data Type | Description |
|---|---|---|
| salt | String | Salt value (optional) |
Key Management #
Built-in encryption algorithms (AES, RC4, SM3, SM4) can use key management to centrally manage key configurations, supporting both local and cloud-based key management.
Local Key Management #
Type: LOCAL
Configurable Properties:
| Name | Data Type | Description |
|---|---|---|
| aes-key-value | String | Key used by SphereEx:AES |
| rc4-key-value | String | Key used by SphereEx:RC4 |
| sm3-salt | String | Salt used by SM3 (empty or 8 Bytes) |
| sm4-key | String | Key used by SM4 (16 Bytes) |
| sm4-mode | String | Mode used by SM4 (CBC or ECB) |
| sm4-iv | String | IV used by SM4 (required for CBC mode, 16 Bytes) |
| sm4-padding | String | Padding used by SM4 (PKCS5Padding or PKCS7Padding, NoPadding not supported) |
AWS Cloud Key Management #
Type: SphereEx:AWS_KMS
Configurable Properties:
| Name | Data Type | Description |
|---|---|---|
| access-key | String | AWS access key configuration |
| secret-key | String | AWS secret key configuration |
| aws-region | String | AWS region configuration |
| secret-name | String | AWS secret name configuration |