Question
United health group
IN
Last activity: 8 Sep 2015 4:12 EDT
How to encrypt at filed level?
Hi Team I have a requirement to encrypt SSN in Pega could you please suggest me the process to achieve it.
Pegasystems
IN
You might want to take a look at this article - https://community.pega.com/sites/default/files/help_v719/procomhelpmain.htm
United health group
IN
Hi Rajiv
I tried this but in below Link its mentioned that this feature cannot be used for securing data in production so can u please suggest how to proceed.
https://docs-previous.pega.com/encrypting-properties-and-blobs
Pegasystems
IN
Hi Pavani,
I am assuming you referring to this text from the PDN article
In both cases you must provide your own cipher algorithm. Out of the box, PRPC contains a sample algorithm but it is NOT meant for production use. The class com.pega.pegarules.crypto.PRCipherSampleBF can be used for testing this functionality, but you must create an appropriate cipher for production use. Instructions on building a cipher can be found under the help topic Working with the PegaRULES Database - How to Encrypt the Storage Streams of Selected Classes.
This clearly states that the out of the box cipher algorithm provided in the platform is not meant for production use. But if you provide your own cipher algorithm which meets your internal security standards, then you can use it for production.
-Rajiv
United health group
IN
Rajiv,
Thank u for your prompt responses. Can I use data type PASSWORD for SSN as this control also encrypts data and in this case do I need to use any custom cipher algorithm?.
Can you explain me when to choose data types password and textencrypted types?
Accepted Solution
Pegasystems
IN
Hi Pavani,
The initial link that I pasted had the differences. But the key difference is this
A password field hashes the text (using MD5) and stored the hashed value. It is one way hashing so the value is never decrypted to get the original text.
A text encrypted field uses a cipher that you provide to encrypt and store its value and also gives you the option to decrypt and display if required.
So in essence, if you want to get back the original text that you saved after modifying it (hash / encrypt), you should use text encrypted.
-Rajiv
Excerpt from the link - https://community.pega.com/sites/default/files/help_v719/procomhelpmain.htm
When choosing which Type value to use, consider these factors:
Hi Pavani,
The initial link that I pasted had the differences. But the key difference is this
A password field hashes the text (using MD5) and stored the hashed value. It is one way hashing so the value is never decrypted to get the original text.
A text encrypted field uses a cipher that you provide to encrypt and store its value and also gives you the option to decrypt and display if required.
So in essence, if you want to get back the original text that you saved after modifying it (hash / encrypt), you should use text encrypted.
-Rajiv
Excerpt from the link - https://community.pega.com/sites/default/files/help_v719/procomhelpmain.htm
When choosing which Type value to use, consider these factors:
- The Password type requires no advanced configuration or Java skills to set up. Several standard properties implement this type; for example, the property Data-Admin-Operator-ID.pyPwdCurrent. Pega 7 Platform applies the one-way MD5 algorithm to this value, which is never sent to any external system.
- The TextEncrypted type requires one-time Java coding of encryption Java functions of your choice to implement a Public API Interface.
- On Pega 7 Platform forms, the display of a value of a Password property is a string of asterisks, for all users, in all situations. The Password value is never decrypted. In contrast, the value of a TextEncrypted property can appear in clear text or as asterisks, depending on the runtime outcome of an access when rule (Rule-Access-When rule type). Thus your application can make the clear-text value visible to specific users, or on certain reports, or during specified time periods.
- Password properties are initially added to the clipboard as unencrypted, clear text values. The system computes the hashed value only as the page is committed to the PegaRULES database. Thereafter, the hashed value appears in both the clipboard and the database row. Properties for passwords for the Operator IDs, rulesets, and ruleset versions are of mode Password.
- TextEncrypted values are always encrypted on the clipboard and in server-to-database network messages.