The AES Decryption decodes the value in the target file or object which is encrypted using the AES Encryption.
When decrypting the data, it is mandatory to add a role of the user and give the access rights to the user using Access Control screen. This step gives permission to decrypt the file.
The directory added in the domain specifies the location where the decrypted file will be kept once the decryption is successful.
In Access Control, perform the following steps:
In the Role Management screen, add a role of the user and check the checkbox next to the names of sensitive types that user wants to decrypt. In the same screen, specify the days and time intervals for decrypting the file.
In ACL Management screen, assign the roles to the users/groups associated to a specific Module and Cluster.
During the decryption process, it is necessary to add the directory in the domain. This specifies the source and destination path of the encrypted and decrypted file, respectively.
Similarly, it is necessary to map the structure to the source directory in the Map Structure tab of Structure Management screen. The source directory specifies the path of the encrypted file which needs to be decrypted when process is executed. Now, push the details of the structure to the associated IDP.
*Note: None of the above steps/processes is required to execute AES Decryption in RDBMS module, except OTF decryption. To know more about OTF decryption, refer OTF Decryption .
E.g., with reference to below image, to decrypt the Telephone using AES Decryption option, follow the below steps.
Give access to the user in the Access Control to decrypt the file or object. First, add a role to assign to a user in the Role Management screen.
In this screen, select either Full Access for RegexGroups or select any of the listed sensitive types that user can decrypt. Also, give access rights for the days on which the decryption process can be triggered. The rights can be given for whole day or for specific time interval in a day.
In the ACL Management screen, assign the roles to the users/groups listed in the Groups/Users List panel, where roles are associated to the specific cluster of a module. Once the role is defined, go to Role Management screen. Select Module from the drop-down and role in the Manage Roles panel. Click Update ACL button.
The next step is to map the structure to the source directory in the Map Structure tab of Structure Management screen. The source directory specifies the path of the encrypted file which needs to be decrypted when the process is executed.
To sync these details, push these details to the associated IDP. Click Push To IDP icon under Actions column next to the associated structure under Structure List screen.
This opens a slider window where you need to specify the module and the cluster information where the structure details need to be pushed. Select the module from Select Module drop-down and the cluster, where structure details are being pushed to, from Select Cluster drop-down. Now, click Save to execute the operation else, click Cancel.
The third step is to add the directory in the domain. The directory in the domain specifies the location where the decrypted file will be kept, once the decryption is successful.
Select the directory from the Selected:<database_directory> drop-down in the bottom panel. Click the Add Directory button to add the directory where the source file is kept. The below window pops up.
Click Browse button to search for the source directory. The browser panel appears as below. Navigate to the directory where the file to be decrypted is kept. Click Select to select the directory path navigated on this screen, else click Cancel.
Once all the above steps are done, create a task in the Add New Task Definition screen. Enter the details such as Task Name, Task Description. Select the Decryption in the Task Type drop-down. In case of RDBMS, select AES Decryption as masking option against the AES encrypted column while creating the task to decrypt that column.
Select the file or object to include for decryption in the Manage Scan Locations panel by clicking on Select Directories button. On selecting, it displays the structure and the domain to which the selected file or object is associated.
The compliance policy automatically gets selected in the Select Policy panel when a file is selected in the Manage Scan Locations for encryption. The sensitive types associated with the policy are displayed in the Sensitive Data Types panel.
Click Save and Execute to save and execute the task.
Once the task has been executed successfully, you can view the decrypted file in the destination location specified in the domain. For the above example, the destination location of the decrypted file is ‘/home/dataguise/Desktop/files/decrypt’.
In the below image, the column Telephone is decrypted using the AESDecryption option, as selected during the task creation.