July 30, 2023

tDataEncrypt – Docs for ESB 7.x

tDataEncrypt

Protects data by transforming it into unreadable cipher
text.

Only users with the user-defined password and the cryptographic file can
decrypt this cipher text and read the original data.

Note: The minimum required Java version for this component is Java
8u161.

Why encrypting data?

Encryption is used to protect your assets, your organization, or customers’ sensitive
data. Encryption can protect data from internal or external leakage.

In Big Data environments, large volumes of data from many sources are collected,
manipulated and stored in various formats. Encryption helps reduce the risk of
sensitive data exposure.

Encryption is also recommended or required for compliance with data protection
laws.

Considerations for data encryption

  • Define the type of the data to be protected: data in transit or
    data at rest.
  • Identify the scope of the data to be protected: purpose,
    ownership, access, etc.
  • Provide strong passwords for the cryptographic file.
  • Do not reuse passwords for different data encryption
    operations.
  • Store passwords in a secure password management system.
  • Make sure only authorized users get access to the password and
    the cryptographic file necessary to decrypt back data.
  • Strong encryption methods generally increase required resources.
  • Separate the cryptographic file from the encrypted data to keep
    your data secure.
  • It is advised to use different cryptographic files to encrypt
    different datasets.
  • Data encryption is not a complete security approach. Combining different
    security layers help address concerns about sensitive data. Security layers
    include vulnerability assessment and management or anti-malware solutions.

Data encryption methods

The tDataEncrypt component
encrypts data using the AES-GCM and Blowfish encryption methods:

AES-GCM Blowfish
128-bit block cipher 64-bit block cipher
Integrity check No integrity check
Faster on modern CPUs Computationally faster
Patented Unpatented
Standardized by the National Institute of Standards and Technology
(NIST)
 
Used by SSL/TLS  

The data encryption process

To encrypt data, you can either generate a password protected
cryptographic file or use an existing one.

The cryptographic file contains:

  • A randomly generated salt
  • A randomly generated key encrypted with AES-GCM and the user-defined
    password
  • The encryption method encrypted with AES-GCM and the user-defined
    password
The data encryption process includes the following steps:

  1. When using an existing cryptographic file, the salt is used to derive a
    cryptographic key from the password using the PBKDF2 key derivation
    function.
  2. Using this key, the remaining of the cryptographic file is decrypted. If
    the password is correct, the component can now access the randomly generated
    key stored in the cryptographic file and the encryption method. If the
    password is not correct, an exception is thrown.
  3. Encrypting the data, using the randomly generated password
    stored in the cryptographic file and the encryption method.


Document get from Talend https://help.talend.com
Thank you for watching.
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x