Skip to main content

FP Decryption

The FP (Format Preserve) Decryption decodes the value in the target file or object which is encrypted using the FP Encryption.

When decrypting the data in the file or object, encrypted using FP Encryption, it is a mandatory to add a role of the user in the Access Control. This step gives permission to the user to decrypt the file or object. In the Access Control, there are two steps that need to be performed.

  1. In the Role Management screen, add a role of the user and check the checkbox next to the names of sensitive types that user wants to decrypt. In the same screen, specify the days and time intervals for decrypting the file.

  2. In ACL Management screen, assign the roles to the users/groups which are associated to a specific Module and Cluster.

During the decryption process, it is necessary to add the directory in the domain. This specifies the source and destination path of the encrypted and decrypted file, respectively.

Similarly, map the structure to the source directory in the Map Structure tab of Structure Management screen. The source directory specifies the path of the encrypted file which needs to be decrypted when process is executed. Post these steps, push the structure details to the IDP.

*Note: None of the above steps/processes is required to execute FP Decryption in RDBMS module, except OTF decryption. To know more about OTF decryption, refer OTF Decryption.

E.g., with the reference to below image, to decrypt the FULL_NAME, CONTACTNUMBER, EMAIL_ADDRESS, ADDR_LINE1 and ADDR_LINE2 using FP Decryption option, follow the below steps for implementing the same.

  1. Add a role to assign to a user in Access Control. This provides access rights to the user for decrypting the file. In Access Control, add a role in the Role Management screen. Assign the role to the user/group in the ACL Management screen.

    In the Role Management screen, after adding a role, select either Full Access for RegexGroups or select any of the listed sensitive types that user can decrypt. Give access rights permission for the days on which the decryption process can be triggered. The access right can be given either for the whole day or for a specific time interval.


    In the ACL Management screen, assign the roles to the users/groups listed in the Groups/Users List panel to grant them access for executing decryption tasks. The role(s) along with their users/groups must be associated to the relevant Module and Cluster. Only then, the decryption process in the module can be executed successfully.


    Once the role is defined, go to Role Management screen, select the Module from the drop-down and the role in Manage Roles panel. Click Update ACL button. This updated the current ACL with newly saved details of the user/groups in Access Control.

  2. The next step is to map the structure details to the source directory in the Map Structure tab of Structure Management screen. The source directory specifies the path of the encrypted file which needs to be decrypted when the process is executed.

    To map a structure to the source directory, click the + Browse Source Directory button and search for the location of source directory where the file is kept. Select the directory by clicking and click Select button. This will add the selected directory in the left panel of the Map Structure screen. Click Save button and this will map the selected directory with the structure.


    Now, push the structure details to the IDP by clicking Push To IDP button in the Actions column under Structure List screen.


    This opens a slider window where you need to specify the module and the cluster information where the structure details need to be pushed. Select the module from Select Module drop-down and the cluster, where structure details are being pushed to, from Select Cluster drop-down. Now, click Save to execute the operation else, click Cancel.

  3. The third step is to add the directory in the domain. This specifies the source path of the encrypted file and the destination path of the decrypted file.


    Select the directory from the Selected:<database_directory> drop-down in the bottom panel. Click the Add Directory button to add the directory where the source file is kept. The below window pops up.


    Click Browse button to search for the source directory. The browser panel appears. Navigate to the directory where the file is kept for decryption. Click Select to select the directory path navigated on this screen, else click Cancel.

  4. Once all the above steps are done, create a task in the Add New Task Definition screen. Enter the details such as Task Name, Task Description. Select the FP Decryption in the Task Type drop-down. In case of RDBMS, select FP Decryption as masking option against the FP encrypted column while creating the task to decrypt that column.

    Select the file or object to include for decryption in the Manage Scan Locations panel by clicking on Select Directories button. On selecting, it displays the structure and the domain to which the selected file or object is associated.

    The compliance policy automatically gets selected in the Select Policy panel when a file is selected in the Manage Scan Locations for encryption. The sensitive types associated with the policy are displayed in the Sensitive Data Types panel.

    Click Save and Execute to save and execute the task.

Once the task has been executed successfully, you can view the decrypted file in the destination location specified in the domain. For the above example, the destination location of the decrypted file is ‘/home/dataguise/Desktop/decrypt’.

In the below image, as per the structure defined in the Structure Management screen. The columns FULL_NAME, ADDR_LINE1 and ADDR_LINE2 has been decrypted with FP decryption.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.