Class CryptoReplaceFfxFpeConfig (3.43.0)

public final class CryptoReplaceFfxFpeConfig extends GeneratedMessageV3 implements CryptoReplaceFfxFpeConfigOrBuilder

Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the ReidentifyContent API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/sensitive-data-protection/docs/pseudonymization to learn more.

Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.

Protobuf type google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig

Static Fields

COMMON_ALPHABET_FIELD_NUMBER

public static final int COMMON_ALPHABET_FIELD_NUMBER
Field Value
TypeDescription
int

CONTEXT_FIELD_NUMBER

public static final int CONTEXT_FIELD_NUMBER
Field Value
TypeDescription
int

CRYPTO_KEY_FIELD_NUMBER

public static final int CRYPTO_KEY_FIELD_NUMBER
Field Value
TypeDescription
int

CUSTOM_ALPHABET_FIELD_NUMBER

public static final int CUSTOM_ALPHABET_FIELD_NUMBER
Field Value
TypeDescription
int

RADIX_FIELD_NUMBER

public static final int RADIX_FIELD_NUMBER
Field Value
TypeDescription
int

SURROGATE_INFO_TYPE_FIELD_NUMBER

public static final int SURROGATE_INFO_TYPE_FIELD_NUMBER
Field Value
TypeDescription
int

Static Methods

getDefaultInstance()

public static CryptoReplaceFfxFpeConfig getDefaultInstance()
Returns
TypeDescription
CryptoReplaceFfxFpeConfig

getDescriptor()

public static final Descriptors.Descriptor getDescriptor()
Returns
TypeDescription
Descriptor

newBuilder()

public static CryptoReplaceFfxFpeConfig.Builder newBuilder()
Returns
TypeDescription
CryptoReplaceFfxFpeConfig.Builder

newBuilder(CryptoReplaceFfxFpeConfig prototype)

public static CryptoReplaceFfxFpeConfig.Builder newBuilder(CryptoReplaceFfxFpeConfig prototype)
Parameter
NameDescription
prototypeCryptoReplaceFfxFpeConfig
Returns
TypeDescription
CryptoReplaceFfxFpeConfig.Builder

parseDelimitedFrom(InputStream input)

public static CryptoReplaceFfxFpeConfig parseDelimitedFrom(InputStream input)
Parameter
NameDescription
inputInputStream
Returns
TypeDescription
CryptoReplaceFfxFpeConfig
Exceptions
TypeDescription
IOException

parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)

public static CryptoReplaceFfxFpeConfig parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
inputInputStream
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
CryptoReplaceFfxFpeConfig
Exceptions
TypeDescription
IOException

parseFrom(byte[] data)

public static CryptoReplaceFfxFpeConfig parseFrom(byte[] data)
Parameter
NameDescription
databyte[]
Returns
TypeDescription
CryptoReplaceFfxFpeConfig
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)

public static CryptoReplaceFfxFpeConfig parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
databyte[]
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
CryptoReplaceFfxFpeConfig
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(ByteString data)

public static CryptoReplaceFfxFpeConfig parseFrom(ByteString data)
Parameter
NameDescription
dataByteString
Returns
TypeDescription
CryptoReplaceFfxFpeConfig
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)

public static CryptoReplaceFfxFpeConfig parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
dataByteString
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
CryptoReplaceFfxFpeConfig
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(CodedInputStream input)

public static CryptoReplaceFfxFpeConfig parseFrom(CodedInputStream input)
Parameter
NameDescription
inputCodedInputStream
Returns
TypeDescription
CryptoReplaceFfxFpeConfig
Exceptions
TypeDescription
IOException

parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)

public static CryptoReplaceFfxFpeConfig parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
inputCodedInputStream
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
CryptoReplaceFfxFpeConfig
Exceptions
TypeDescription
IOException

parseFrom(InputStream input)

public static CryptoReplaceFfxFpeConfig parseFrom(InputStream input)
Parameter
NameDescription
inputInputStream
Returns
TypeDescription
CryptoReplaceFfxFpeConfig
Exceptions
TypeDescription
IOException

parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)

public static CryptoReplaceFfxFpeConfig parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
inputInputStream
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
CryptoReplaceFfxFpeConfig
Exceptions
TypeDescription
IOException

parseFrom(ByteBuffer data)

public static CryptoReplaceFfxFpeConfig parseFrom(ByteBuffer data)
Parameter
NameDescription
dataByteBuffer
Returns
TypeDescription
CryptoReplaceFfxFpeConfig
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)

public static CryptoReplaceFfxFpeConfig parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
dataByteBuffer
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
CryptoReplaceFfxFpeConfig
Exceptions
TypeDescription
InvalidProtocolBufferException

parser()

public static Parser<CryptoReplaceFfxFpeConfig> parser()
Returns
TypeDescription
Parser<CryptoReplaceFfxFpeConfig>

Methods

equals(Object obj)

public boolean equals(Object obj)
Parameter
NameDescription
objObject
Returns
TypeDescription
boolean
Overrides

getAlphabetCase()

public CryptoReplaceFfxFpeConfig.AlphabetCase getAlphabetCase()
Returns
TypeDescription
CryptoReplaceFfxFpeConfig.AlphabetCase

getCommonAlphabet()

public CryptoReplaceFfxFpeConfig.FfxCommonNativeAlphabet getCommonAlphabet()

Common alphabets.

.google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig.FfxCommonNativeAlphabet common_alphabet = 4;

Returns
TypeDescription
CryptoReplaceFfxFpeConfig.FfxCommonNativeAlphabet

The commonAlphabet.

getCommonAlphabetValue()

public int getCommonAlphabetValue()

Common alphabets.

.google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig.FfxCommonNativeAlphabet common_alphabet = 4;

Returns
TypeDescription
int

The enum numeric value on the wire for commonAlphabet.

getContext()

public FieldId getContext()

The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.

If the context is set but:

  1. there is no record present when transforming a given value or
  2. the field is not present when transforming a given value,

    a default tweak will be used.

    Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems. Currently, the referenced field may be of value type integer or string.

    The tweak is constructed as a sequence of bytes in big endian byte order such that:

  3. a 64 bit integer is encoded followed by a single byte of value 1

  4. a string is encoded in UTF-8 format followed by a single byte of value 2

.google.privacy.dlp.v2.FieldId context = 2;

Returns
TypeDescription
FieldId

The context.

getContextOrBuilder()

public FieldIdOrBuilder getContextOrBuilder()

The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.

If the context is set but:

  1. there is no record present when transforming a given value or
  2. the field is not present when transforming a given value,

    a default tweak will be used.

    Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems. Currently, the referenced field may be of value type integer or string.

    The tweak is constructed as a sequence of bytes in big endian byte order such that:

  3. a 64 bit integer is encoded followed by a single byte of value 1

  4. a string is encoded in UTF-8 format followed by a single byte of value 2

.google.privacy.dlp.v2.FieldId context = 2;

Returns
TypeDescription
FieldIdOrBuilder

getCryptoKey()

public CryptoKey getCryptoKey()

Required. The key used by the encryption algorithm.

.google.privacy.dlp.v2.CryptoKey crypto_key = 1 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
CryptoKey

The cryptoKey.

getCryptoKeyOrBuilder()

public CryptoKeyOrBuilder getCryptoKeyOrBuilder()

Required. The key used by the encryption algorithm.

.google.privacy.dlp.v2.CryptoKey crypto_key = 1 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
CryptoKeyOrBuilder

getCustomAlphabet()

public String getCustomAlphabet()

This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>

string custom_alphabet = 5;

Returns
TypeDescription
String

The customAlphabet.

getCustomAlphabetBytes()

public ByteString getCustomAlphabetBytes()

This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>

string custom_alphabet = 5;

Returns
TypeDescription
ByteString

The bytes for customAlphabet.

getDefaultInstanceForType()

public CryptoReplaceFfxFpeConfig getDefaultInstanceForType()
Returns
TypeDescription
CryptoReplaceFfxFpeConfig

getParserForType()

public Parser<CryptoReplaceFfxFpeConfig> getParserForType()
Returns
TypeDescription
Parser<CryptoReplaceFfxFpeConfig>
Overrides

getRadix()

public int getRadix()

The native way to select the alphabet. Must be in the range [2, 95].

int32 radix = 6;

Returns
TypeDescription
int

The radix.

getSerializedSize()

public int getSerializedSize()
Returns
TypeDescription
int
Overrides

getSurrogateInfoType()

public InfoType getSurrogateInfoType()

The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate

For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc'

This annotation identifies the surrogate when inspecting content using the custom infoType SurrogateType. This facilitates reversal of the surrogate when it occurs in free text.

In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

.google.privacy.dlp.v2.InfoType surrogate_info_type = 8;

Returns
TypeDescription
InfoType

The surrogateInfoType.

getSurrogateInfoTypeOrBuilder()

public InfoTypeOrBuilder getSurrogateInfoTypeOrBuilder()

The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate

For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc'

This annotation identifies the surrogate when inspecting content using the custom infoType SurrogateType. This facilitates reversal of the surrogate when it occurs in free text.

In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

.google.privacy.dlp.v2.InfoType surrogate_info_type = 8;

Returns
TypeDescription
InfoTypeOrBuilder

hasCommonAlphabet()

public boolean hasCommonAlphabet()

Common alphabets.

.google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig.FfxCommonNativeAlphabet common_alphabet = 4;

Returns
TypeDescription
boolean

Whether the commonAlphabet field is set.

hasContext()

public boolean hasContext()

The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.

If the context is set but:

  1. there is no record present when transforming a given value or
  2. the field is not present when transforming a given value,

    a default tweak will be used.

    Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems. Currently, the referenced field may be of value type integer or string.

    The tweak is constructed as a sequence of bytes in big endian byte order such that:

  3. a 64 bit integer is encoded followed by a single byte of value 1

  4. a string is encoded in UTF-8 format followed by a single byte of value 2

.google.privacy.dlp.v2.FieldId context = 2;

Returns
TypeDescription
boolean

Whether the context field is set.

hasCryptoKey()

public boolean hasCryptoKey()

Required. The key used by the encryption algorithm.

.google.privacy.dlp.v2.CryptoKey crypto_key = 1 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
boolean

Whether the cryptoKey field is set.

hasCustomAlphabet()

public boolean hasCustomAlphabet()

This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: <code>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/</code>

string custom_alphabet = 5;

Returns
TypeDescription
boolean

Whether the customAlphabet field is set.

hasRadix()

public boolean hasRadix()

The native way to select the alphabet. Must be in the range [2, 95].

int32 radix = 6;

Returns
TypeDescription
boolean

Whether the radix field is set.

hasSurrogateInfoType()

public boolean hasSurrogateInfoType()

The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate

For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc'

This annotation identifies the surrogate when inspecting content using the custom infoType SurrogateType. This facilitates reversal of the surrogate when it occurs in free text.

In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE

.google.privacy.dlp.v2.InfoType surrogate_info_type = 8;

Returns
TypeDescription
boolean

Whether the surrogateInfoType field is set.

hashCode()

public int hashCode()
Returns
TypeDescription
int
Overrides

internalGetFieldAccessorTable()

protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Returns
TypeDescription
FieldAccessorTable
Overrides

isInitialized()

public final boolean isInitialized()
Returns
TypeDescription
boolean
Overrides

newBuilderForType()

public CryptoReplaceFfxFpeConfig.Builder newBuilderForType()
Returns
TypeDescription
CryptoReplaceFfxFpeConfig.Builder

newBuilderForType(GeneratedMessageV3.BuilderParent parent)

protected CryptoReplaceFfxFpeConfig.Builder newBuilderForType(GeneratedMessageV3.BuilderParent parent)
Parameter
NameDescription
parentBuilderParent
Returns
TypeDescription
CryptoReplaceFfxFpeConfig.Builder
Overrides

newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)

protected Object newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
Parameter
NameDescription
unusedUnusedPrivateParameter
Returns
TypeDescription
Object
Overrides

toBuilder()

public CryptoReplaceFfxFpeConfig.Builder toBuilder()
Returns
TypeDescription
CryptoReplaceFfxFpeConfig.Builder

writeTo(CodedOutputStream output)

public void writeTo(CodedOutputStream output)
Parameter
NameDescription
outputCodedOutputStream
Overrides
Exceptions
TypeDescription
IOException