# Format-preserving encryption (FPE)

Using format-preserving encryption (FPE) means to encrypt data in such a way that the output is in the same format as the input. For example, a number in the input produces a number in the generated output.

## Generators that use FPE <a href="#generators-fpe-generator-list" id="generators-fpe-generator-list"></a>

For the following generators, Tonic Structural uses FPE to encrypt the generated values. Note that the Structural implementation of FPE might not guarantee compliance with standards. For example, the ASCII Key generator does not guarantee that the length of the output data matches the length of the input data.

* [Alphanumeric String Key](/app/generation/generators/generator-reference/alphanumeric-string-key.md)
* [ASCII Key](/app/generation/generators/generator-reference/ascii-key.md)
* [Finnish Personal Identity Code](/app/generation/generators/generator-reference/finnish-personal-identity-code.md)
* [IBAN ](/app/generation/generators/generator-reference/iban.md)- Only when consistency is enabled or when assigned to a primary key column
* [Integer Key](/app/generation/generators/generator-reference/integer-key.md)
* [MAC Address](/app/generation/generators/generator-reference/mac-address.md)
* [Numeric String Key](/app/generation/generators/generator-reference/numeric-string-key.md)
* [SIN](/app/generation/generators/generator-reference/sin.md)
* [UUID Key](/app/generation/generators/generator-reference/uuid-key.md)

## Addressing encryption errors from FPE <a href="#generators-fpe-encryption-errors" id="generators-fpe-encryption-errors"></a>

Each generator supports a specific input character set or domain.

When a generator attempts to process data that is not within the expected domain, it results in encryption errors. For example, the [Numeric String Key](/app/generation/generators/generator-reference/numeric-string-key.md) generator cannot process a string that includes non-numeric characters such as letters or symbols. The [UUID Key](/app/generation/generators/generator-reference/uuid-key.md) generator cannot process any value that is not a valid UUID.

If you get encryption errors, then it probably means that the column contains values that are incompatible with the selected generator. To address this, you need to choose a different generator.

One option is the [ASCII Key](/app/generation/generators/generator-reference/ascii-key.md) generator, which has very few restrictions on the allowed values.

Another option is to use the [Conditional](/app/generation/generators/generator-reference/conditional.md) generator, which allows you to assign different generators based on column values.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.tonic.ai/app/generation/generators/generator-characteristics/generators-fpe.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.