public final class CryptoReplaceFfxFpeConfig extends GeneratedMessageV3 implements CryptoReplaceFfxFpeConfigOrBuilder
Replaces an identifier with a surrogate using Format Preserving Encryption
(FPE) with the FFX mode of operation; however when used in the
ReidentifyContent
API method, it serves the opposite function by reversing
the surrogate back into the original identifier. The identifier must be
encoded as ASCII. For a given crypto key and context, the same identifier
will be replaced with the same surrogate. Identifiers must be at least two
characters long. In the case that the identifier is the empty string, it will
be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
more.
Note: We recommend using CryptoDeterministicConfig for all use cases which
do not require preserving the input alphabet space and size, plus warrant
referential integrity.
Protobuf type google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig
Inherited Members
com.google.protobuf.GeneratedMessageV3.<ListT>makeMutableCopy(ListT)
Static Fields
COMMON_ALPHABET_FIELD_NUMBER
public static final int COMMON_ALPHABET_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
CONTEXT_FIELD_NUMBER
public static final int CONTEXT_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
CRYPTO_KEY_FIELD_NUMBER
public static final int CRYPTO_KEY_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
CUSTOM_ALPHABET_FIELD_NUMBER
public static final int CUSTOM_ALPHABET_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
RADIX_FIELD_NUMBER
public static final int RADIX_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
SURROGATE_INFO_TYPE_FIELD_NUMBER
public static final int SURROGATE_INFO_TYPE_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
Static Methods
getDefaultInstance()
public static CryptoReplaceFfxFpeConfig getDefaultInstance()
getDescriptor()
public static final Descriptors.Descriptor getDescriptor()
newBuilder()
public static CryptoReplaceFfxFpeConfig.Builder newBuilder()
newBuilder(CryptoReplaceFfxFpeConfig prototype)
public static CryptoReplaceFfxFpeConfig.Builder newBuilder(CryptoReplaceFfxFpeConfig prototype)
public static CryptoReplaceFfxFpeConfig parseDelimitedFrom(InputStream input)
public static CryptoReplaceFfxFpeConfig parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
parseFrom(byte[] data)
public static CryptoReplaceFfxFpeConfig parseFrom(byte[] data)
Parameter |
---|
Name | Description |
data | byte[]
|
parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
public static CryptoReplaceFfxFpeConfig parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
parseFrom(ByteString data)
public static CryptoReplaceFfxFpeConfig parseFrom(ByteString data)
parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
public static CryptoReplaceFfxFpeConfig parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
public static CryptoReplaceFfxFpeConfig parseFrom(CodedInputStream input)
public static CryptoReplaceFfxFpeConfig parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
public static CryptoReplaceFfxFpeConfig parseFrom(InputStream input)
public static CryptoReplaceFfxFpeConfig parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
parseFrom(ByteBuffer data)
public static CryptoReplaceFfxFpeConfig parseFrom(ByteBuffer data)
parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
public static CryptoReplaceFfxFpeConfig parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
parser()
public static Parser<CryptoReplaceFfxFpeConfig> parser()
Methods
equals(Object obj)
public boolean equals(Object obj)
Parameter |
---|
Name | Description |
obj | Object
|
Overrides
getAlphabetCase()
public CryptoReplaceFfxFpeConfig.AlphabetCase getAlphabetCase()
getCommonAlphabet()
public CryptoReplaceFfxFpeConfig.FfxCommonNativeAlphabet getCommonAlphabet()
Common alphabets.
.google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig.FfxCommonNativeAlphabet common_alphabet = 4;
getCommonAlphabetValue()
public int getCommonAlphabetValue()
Common alphabets.
.google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig.FfxCommonNativeAlphabet common_alphabet = 4;
Returns |
---|
Type | Description |
int | The enum numeric value on the wire for commonAlphabet.
|
getContext()
public FieldId getContext()
The 'tweak', a context may be used for higher security since the same
identifier in two different contexts won't be given the same surrogate. If
the context is not set, a default tweak will be used.
If the context is set but:
- there is no record present when transforming a given value or
- the field is not present when transforming a given value,
a default tweak will be used.
Note that case (1) is expected when an
InfoTypeTransformation
is
applied to both structured and unstructured ContentItem
s.
Currently, the referenced field may be of value type integer or string.
The tweak is constructed as a sequence of bytes in big endian byte order
such that:
- a 64 bit integer is encoded followed by a single byte of value 1
- a string is encoded in UTF-8 format followed by a single byte of value 2
.google.privacy.dlp.v2.FieldId context = 2;
Returns |
---|
Type | Description |
FieldId | The context.
|
getContextOrBuilder()
public FieldIdOrBuilder getContextOrBuilder()
The 'tweak', a context may be used for higher security since the same
identifier in two different contexts won't be given the same surrogate. If
the context is not set, a default tweak will be used.
If the context is set but:
- there is no record present when transforming a given value or
- the field is not present when transforming a given value,
a default tweak will be used.
Note that case (1) is expected when an
InfoTypeTransformation
is
applied to both structured and unstructured ContentItem
s.
Currently, the referenced field may be of value type integer or string.
The tweak is constructed as a sequence of bytes in big endian byte order
such that:
- a 64 bit integer is encoded followed by a single byte of value 1
- a string is encoded in UTF-8 format followed by a single byte of value 2
.google.privacy.dlp.v2.FieldId context = 2;
getCryptoKey()
public CryptoKey getCryptoKey()
Required. The key used by the encryption algorithm.
.google.privacy.dlp.v2.CryptoKey crypto_key = 1 [(.google.api.field_behavior) = REQUIRED];
Returns |
---|
Type | Description |
CryptoKey | The cryptoKey.
|
getCryptoKeyOrBuilder()
public CryptoKeyOrBuilder getCryptoKeyOrBuilder()
Required. The key used by the encryption algorithm.
.google.privacy.dlp.v2.CryptoKey crypto_key = 1 [(.google.api.field_behavior) = REQUIRED];
getCustomAlphabet()
public String getCustomAlphabet()
This is supported by mapping these to the alphanumeric characters
that the FFX mode natively supports. This happens before/after
encryption/decryption.
Each character listed must appear only once.
Number of characters must be in the range [2, 95].
This must be encoded as ASCII.
The order of characters does not matter.
The full list of allowed characters is:
<code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
string custom_alphabet = 5;
Returns |
---|
Type | Description |
String | The customAlphabet.
|
getCustomAlphabetBytes()
public ByteString getCustomAlphabetBytes()
This is supported by mapping these to the alphanumeric characters
that the FFX mode natively supports. This happens before/after
encryption/decryption.
Each character listed must appear only once.
Number of characters must be in the range [2, 95].
This must be encoded as ASCII.
The order of characters does not matter.
The full list of allowed characters is:
<code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
string custom_alphabet = 5;
Returns |
---|
Type | Description |
ByteString | The bytes for customAlphabet.
|
getDefaultInstanceForType()
public CryptoReplaceFfxFpeConfig getDefaultInstanceForType()
getParserForType()
public Parser<CryptoReplaceFfxFpeConfig> getParserForType()
Overrides
getRadix()
The native way to select the alphabet. Must be in the range [2, 95].
int32 radix = 6;
Returns |
---|
Type | Description |
int | The radix.
|
getSerializedSize()
public int getSerializedSize()
Returns |
---|
Type | Description |
int | |
Overrides
getSurrogateInfoType()
public InfoType getSurrogateInfoType()
The custom infoType to annotate the surrogate with.
This annotation will be applied to the surrogate by prefixing it with
the name of the custom infoType followed by the number of
characters comprising the surrogate. The following scheme defines the
format: info_type_name(surrogate_character_count):surrogate
For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
the surrogate is 'abc', the full replacement value
will be: 'MY_TOKEN_INFO_TYPE(3):abc'
This annotation identifies the surrogate when inspecting content using the
custom infoType
SurrogateType
.
This facilitates reversal of the surrogate when it occurs in free text.
In order for inspection to work properly, the name of this infoType must
not occur naturally anywhere in your data; otherwise, inspection may
find a surrogate that does not correspond to an actual identifier.
Therefore, choose your custom infoType name carefully after considering
what your data looks like. One way to select a name that has a high chance
of yielding reliable detection is to include one or more unicode characters
that are highly improbable to exist in your data.
For example, assuming your data is entered from a regular ASCII keyboard,
the symbol with the hex code point 29DD might be used like so:
⧝MY_TOKEN_TYPE
.google.privacy.dlp.v2.InfoType surrogate_info_type = 8;
Returns |
---|
Type | Description |
InfoType | The surrogateInfoType.
|
getSurrogateInfoTypeOrBuilder()
public InfoTypeOrBuilder getSurrogateInfoTypeOrBuilder()
The custom infoType to annotate the surrogate with.
This annotation will be applied to the surrogate by prefixing it with
the name of the custom infoType followed by the number of
characters comprising the surrogate. The following scheme defines the
format: info_type_name(surrogate_character_count):surrogate
For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
the surrogate is 'abc', the full replacement value
will be: 'MY_TOKEN_INFO_TYPE(3):abc'
This annotation identifies the surrogate when inspecting content using the
custom infoType
SurrogateType
.
This facilitates reversal of the surrogate when it occurs in free text.
In order for inspection to work properly, the name of this infoType must
not occur naturally anywhere in your data; otherwise, inspection may
find a surrogate that does not correspond to an actual identifier.
Therefore, choose your custom infoType name carefully after considering
what your data looks like. One way to select a name that has a high chance
of yielding reliable detection is to include one or more unicode characters
that are highly improbable to exist in your data.
For example, assuming your data is entered from a regular ASCII keyboard,
the symbol with the hex code point 29DD might be used like so:
⧝MY_TOKEN_TYPE
.google.privacy.dlp.v2.InfoType surrogate_info_type = 8;
getUnknownFields()
public final UnknownFieldSet getUnknownFields()
Overrides
hasCommonAlphabet()
public boolean hasCommonAlphabet()
Common alphabets.
.google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig.FfxCommonNativeAlphabet common_alphabet = 4;
Returns |
---|
Type | Description |
boolean | Whether the commonAlphabet field is set.
|
hasContext()
public boolean hasContext()
The 'tweak', a context may be used for higher security since the same
identifier in two different contexts won't be given the same surrogate. If
the context is not set, a default tweak will be used.
If the context is set but:
- there is no record present when transforming a given value or
- the field is not present when transforming a given value,
a default tweak will be used.
Note that case (1) is expected when an
InfoTypeTransformation
is
applied to both structured and unstructured ContentItem
s.
Currently, the referenced field may be of value type integer or string.
The tweak is constructed as a sequence of bytes in big endian byte order
such that:
- a 64 bit integer is encoded followed by a single byte of value 1
- a string is encoded in UTF-8 format followed by a single byte of value 2
.google.privacy.dlp.v2.FieldId context = 2;
Returns |
---|
Type | Description |
boolean | Whether the context field is set.
|
hasCryptoKey()
public boolean hasCryptoKey()
Required. The key used by the encryption algorithm.
.google.privacy.dlp.v2.CryptoKey crypto_key = 1 [(.google.api.field_behavior) = REQUIRED];
Returns |
---|
Type | Description |
boolean | Whether the cryptoKey field is set.
|
hasCustomAlphabet()
public boolean hasCustomAlphabet()
This is supported by mapping these to the alphanumeric characters
that the FFX mode natively supports. This happens before/after
encryption/decryption.
Each character listed must appear only once.
Number of characters must be in the range [2, 95].
This must be encoded as ASCII.
The order of characters does not matter.
The full list of allowed characters is:
<code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>
string custom_alphabet = 5;
Returns |
---|
Type | Description |
boolean | Whether the customAlphabet field is set.
|
hasRadix()
public boolean hasRadix()
The native way to select the alphabet. Must be in the range [2, 95].
int32 radix = 6;
Returns |
---|
Type | Description |
boolean | Whether the radix field is set.
|
hasSurrogateInfoType()
public boolean hasSurrogateInfoType()
The custom infoType to annotate the surrogate with.
This annotation will be applied to the surrogate by prefixing it with
the name of the custom infoType followed by the number of
characters comprising the surrogate. The following scheme defines the
format: info_type_name(surrogate_character_count):surrogate
For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and
the surrogate is 'abc', the full replacement value
will be: 'MY_TOKEN_INFO_TYPE(3):abc'
This annotation identifies the surrogate when inspecting content using the
custom infoType
SurrogateType
.
This facilitates reversal of the surrogate when it occurs in free text.
In order for inspection to work properly, the name of this infoType must
not occur naturally anywhere in your data; otherwise, inspection may
find a surrogate that does not correspond to an actual identifier.
Therefore, choose your custom infoType name carefully after considering
what your data looks like. One way to select a name that has a high chance
of yielding reliable detection is to include one or more unicode characters
that are highly improbable to exist in your data.
For example, assuming your data is entered from a regular ASCII keyboard,
the symbol with the hex code point 29DD might be used like so:
⧝MY_TOKEN_TYPE
.google.privacy.dlp.v2.InfoType surrogate_info_type = 8;
Returns |
---|
Type | Description |
boolean | Whether the surrogateInfoType field is set.
|
hashCode()
Returns |
---|
Type | Description |
int | |
Overrides
internalGetFieldAccessorTable()
protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Overrides
isInitialized()
public final boolean isInitialized()
Overrides
newBuilderForType()
public CryptoReplaceFfxFpeConfig.Builder newBuilderForType()
newBuilderForType(GeneratedMessageV3.BuilderParent parent)
protected CryptoReplaceFfxFpeConfig.Builder newBuilderForType(GeneratedMessageV3.BuilderParent parent)
Overrides
newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
protected Object newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
Overrides
toBuilder()
public CryptoReplaceFfxFpeConfig.Builder toBuilder()
writeTo(CodedOutputStream output)
public void writeTo(CodedOutputStream output)
Overrides