Replaces an identifier with a surrogate using Format
Preserving Encryption (FPE) with the FFX mode of operation; however when
used in the ReidentifyContent API method, it serves the opposite
function by reversing the surrogate back into the original identifier.
The identifier must be encoded as ASCII. For a given crypto key and
context, the same identifier will be replaced with the same surrogate.
Identifiers must be at least two characters long. In the case that the
identifier is the empty string, it will be skipped. See
https://cloud.google.com/dlp/docs/pseudonymization to learn more.
Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.
The ‘tweak’, a context may be used for higher security since
the same identifier in two different contexts won’t be given
the same surrogate. If the context is not set, a default tweak
will be used. If the context is set but: 1. there is no
record present when transforming a given value or 2. the field
is not present when transforming a given value, a default
tweak will be used. Note that case (1) is expected when an
InfoTypeTransformation is applied to both structured and
non-structured ContentItem\ s. Currently, the referenced
field may be of value type integer or string. The tweak is
constructed as a sequence of bytes in big endian byte order
such that: - a 64 bit integer is encoded followed by a
single byte of value 1 - a string is encoded in UTF-8 format
followed by a single byte of value 2
Common alphabets.
The native way to select the alphabet. Must be in the range [2, 95].