Skip to main content

How to Perform FP Encryption and FP Decryption in HDFS

This section of the page elaborates the process of FP Encryption and Decryption.

Pre-requisites

Following are the pre-requisites to implement FP Encryption and Decryption:

  1. Controller must be installed. For detailed information about the installation process, refer Install DSM Administrator in Linux and Install DSM Administrator in Windows.

  2. HDFS IDP must be Installed. To know more on how to install HDFS IDP in Linux environment, refer to HDFS IDP.

FP Encryption

The FP (Format Preserving) Encryption encodes the original value in the target file with system generated value. This option preserves the format of the data when encryption is done. The data is encrypted in such a way that output is in the same format as the input.

For in-depth detail of how to perform FP Encryption, refer FP Encryption example.

Steps to Perform FP Encryption

The following section of this page outlines the step-by-step procedure to perform FP Encryption:

  1. The first step is to create a policy in the PK Protect. Policy allows you to create a set of Sensitive Data Types which are presented in the files. To know how to create a policy, refer Hadoop & Files Policy.

  2. The next step is to define Domain before encryption of the data. In Domain screen, source and destination directories are specified for files that are marked sensitive for encryption. To know more about each field, refer Domain.

  3. The third step is to define the structure of the data in the Structure Management screen. Structures are used to specify columns that should be masked/encrypted in the tables or objects. To know more, refer Create a Structure.

  4. The next step is to Map the Structure and push the structure details to the IDP. To know more about mapping a structure and push to IDP, refer Map a Structure and List a Task.

  5. The last step is to create a task with FP Encryption option opted in the Task Type. The Task screen enables a user to select locations of the saved objects in the Manage Scan Locations where sensitive information is stored and needs to be protected based on the selected Task Type. To know more on how to create a task, refer Create Task in HDFS.

View Results

Once the task is executed successfully, the results are generated which depict the summary of the FP Encryption process. A list of detailed information in displayed in the Results screen. To know more about each Result tab, refer HDFS Results.

FP Decryption

The FP (Format Preserve) Decryption decodes the value in the target file or object which is encrypted using the FP Encryption.

For in-depth detail of how to perform FP Encryption, refer FP Decryption example.

Steps to Perform FP Decryption

The following section of this page outlines the step-by-step procedure to perform FP Encryption:

  1. An already FP Encrypted task must exist in order to perform FP Decryption. To know more on how to create a task, Refer Create a Task in HDFS.

  2. The second step is to grant access rights to a user through ACL (Access Control List) in order to decrypt a file.

    1. In ACL, you’ve to to grant permission to particular user, you need to define its role in the Role Management screen. To access Role Management, go to ACL > Role Management. Click Add New Role button on top of the screen. To know more about each field, refer Role Management.

    2. To manage user access in order to decrypt the encrypted data in the selected data source, you need to add user in the Group/User List of the ACL Management screen. To access ACL Management, go to ACL > ACL Management and add user details. To know more, refer ACL Management.

  3. The third step is to define Domain before decrypting the data. In Domain screen, source and destination directories are specified for Hive data that are encrypted. To know more about each field, refer Domain.

  4. The next step is to map the structure details to the source directory of the encrypted file in the Map a Structure tab of the Structure Management screen. Post mapping the structure details, you need to push the structure details to the IDP. To know more about mapping a structure and pushing details on IDP, refer Map a Structure and List a Structure respectively.

  5. The last step in the process of performing FP Decryption, is to create a task. The Task screen enables a user to select the locations of the encrypted data in the Manage Scan Locations panel. To know more on how to create a task, refer Create Task in HDFS.

View Results

Once the task is executed successfully, the results are generated which depict the summary of the FP Decryption process. A list of detailed information in displayed in the Results screen. To know more about each Result tab, refer HDFS Results.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.