Format-preserving encryption (FPE)

Using format-preserving encryption (FPE) means to encrypt data in such a way that the output is in the same format as the input. For example, a number in the input produces a number in the generated output.

Generators that use FPE

For the following generators, Tonic Structural uses FPE to encrypt the generated values. Note that the Structural implementation of FPE might not guarantee compliance with standards. For example, the ASCII Key generator does not guarantee that the length of the output data matches the length of the input data.

• Alphanumeric String Key

• ASCII Key

• Integer Key

• MAC Address

• Numeric String Key

• SIN

• UUID Key

Addressing encryption errors from FPE

Each generator supports a specific input character set or domain.

When a generator attempts to process data that is not within the expected domain, it results in encryption errors. For example, the Numeric String Key generator cannot process a string that includes non-numeric characters such as letters or symbols. The UUID Key generator cannot process any value that is not a valid UUID.

If you see encryption errors, then it probably means that the column contains values that are incompatible with the selected generator. To address this, you need to choose a different generator.

One option is the ASCII Key generator, which has very few restrictions on the allowed values.

Another option is to use the Conditional generator, which allows you to assign different generators based on column values.