tDataEncrypt
Protects data by transforming it into unreadable cipher
text.
Only users with the user-defined password and the cryptographic file can
decrypt this cipher text and read the original data.
Note: The minimum required Java version for this component is Java
8u161.
8u161.
Why encrypting data?
Encryption is used to protect your assets, your organization, or customers’ sensitive
data. Encryption can protect data from internal or external leakage.
In Big Data environments, large volumes of data from many sources are collected,
manipulated and stored in various formats. Encryption helps reduce the risk of
sensitive data exposure.
Encryption is also recommended or required for compliance with data protection
laws.
Considerations for data encryption
- Define the type of the data to be protected: data in transit or
data at rest. - Identify the scope of the data to be protected: purpose,
ownership, access, etc. - Provide strong passwords for the cryptographic file.
- Do not reuse passwords for different data encryption
operations. - Store passwords in a secure password management system.
- Make sure only authorized users get access to the password and
the cryptographic file necessary to decrypt back data. - Strong encryption methods generally increase required resources.
- Separate the cryptographic file from the encrypted data to keep
your data secure. - It is advised to use different cryptographic files to encrypt
different datasets. - Data encryption is not a complete security approach. Combining different
security layers help address concerns about sensitive data. Security layers
include vulnerability assessment and management or anti-malware solutions.
Data encryption methods
The tDataEncrypt component
encrypts data using the AES-GCM and Blowfish encryption methods:
encrypts data using the AES-GCM and Blowfish encryption methods:
AES-GCM | Blowfish |
---|---|
128-bit block cipher | 64-bit block cipher |
Integrity check | No integrity check |
Faster on modern CPUs | Computationally faster |
Patented | Unpatented |
Standardized by the National Institute of Standards and Technology (NIST) |
 |
Used by SSL/TLS | Â |
The data encryption process
To encrypt data, you can either generate a password protected
cryptographic file or use an existing one.
The cryptographic file contains:
- A randomly generated salt
- A randomly generated key encrypted with AES-GCM and the user-defined
password - The encryption method encrypted with AES-GCM and the user-defined
password
The data encryption process includes the following steps:
- When using an existing cryptographic file, the salt is used to derive a
cryptographic key from the password using the PBKDF2 key derivation
function. - Using this key, the remaining of the cryptographic file is decrypted. If
the password is correct, the component can now access the randomly generated
key stored in the cryptographic file and the encryption method. If the
password is not correct, an exception is thrown. - Encrypting the data, using the randomly generated password
stored in the cryptographic file and the encryption method.
- tDataEncrypt Standard properties
These properties are used to configure tDataEncrypt running in the Standard Job framework. - Encrypting and decrypting back sensitive data
This scenarios uses two Jobs. The first Job encrypts last names, postal codes and dates of births. The second Job decrypts back the encrypted sensitive data. - tDataEncrypt properties for Apache Spark Batch
These properties are used to configure tDataEncrypt running in the Spark Batch Job framework. - tDataEncrypt properties for Apache Spark Streaming
These properties are used to configure tDataEncrypt running in the Spark Streaming Job framework.
Document get from Talend https://help.talend.com
Thank you for watching.
Subscribe
Login
0 Comments