Struct googapis::google::privacy::dlp::v2::CryptoReplaceFfxFpeConfig [−][src]
pub struct CryptoReplaceFfxFpeConfig {
pub crypto_key: Option<CryptoKey>,
pub context: Option<FieldId>,
pub surrogate_info_type: Option<InfoType>,
pub alphabet: Option<Alphabet>,
}
Expand description
Replaces an identifier with a surrogate using Format Preserving Encryption
(FPE) with the FFX mode of operation; however when used in the
ReidentifyContent
API method, it serves the opposite function by reversing
the surrogate back into the original identifier. The identifier must be
encoded as ASCII. For a given crypto key and context, the same identifier
will be replaced with the same surrogate. Identifiers must be at least two
characters long. In the case that the identifier is the empty string, it will
be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn
more.
Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.
Fields
crypto_key: Option<CryptoKey>
Required. The key used by the encryption algorithm.
context: Option<FieldId>
The ‘tweak’, a context may be used for higher security since the same identifier in two different contexts won’t be given the same surrogate. If the context is not set, a default tweak will be used.
If the context is set but:
- there is no record present when transforming a given value or
- the field is not present when transforming a given value,
a default tweak will be used.
Note that case (1) is expected when an InfoTypeTransformation
is
applied to both structured and non-structured ContentItem
s.
Currently, the referenced field may be of value type integer or string.
The tweak is constructed as a sequence of bytes in big endian byte order such that:
- a 64 bit integer is encoded followed by a single byte of value 1
- a string is encoded in UTF-8 format followed by a single byte of value 2
surrogate_info_type: Option<InfoType>
The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate
For example, if the name of custom infoType is ‘MY_TOKEN_INFO_TYPE’ and the surrogate is ‘abc’, the full replacement value will be: ‘MY_TOKEN_INFO_TYPE(3):abc’
This annotation identifies the surrogate when inspecting content using the
custom infoType
[SurrogateType
](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype).
This facilitates reversal of the surrogate when it occurs in free text.
In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE
alphabet: Option<Alphabet>
Choose an alphabet which the data being transformed will be made up of.
Trait Implementations
fn merge_field<B>(
&mut self,
tag: u32,
wire_type: WireType,
buf: &mut B,
ctx: DecodeContext
) -> Result<(), DecodeError> where
B: Buf,
Returns the encoded length of the message without a length delimiter.
Encodes the message to a buffer. Read more
Encodes the message to a newly allocated buffer.
Encodes the message with a length-delimiter to a buffer. Read more
Encodes the message with a length-delimiter to a newly allocated buffer.
Decodes an instance of the message from a buffer. Read more
fn decode_length_delimited<B>(buf: B) -> Result<Self, DecodeError> where
Self: Default,
B: Buf,
fn decode_length_delimited<B>(buf: B) -> Result<Self, DecodeError> where
Self: Default,
B: Buf,
Decodes a length-delimited instance of the message from the buffer.
Decodes an instance of the message from a buffer, and merges it into self
. Read more
Decodes a length-delimited instance of the message from buffer, and
merges it into self
. Read more
This method tests for self
and other
values to be equal, and is used
by ==
. Read more
This method tests for !=
.
Auto Trait Implementations
impl RefUnwindSafe for CryptoReplaceFfxFpeConfig
impl Send for CryptoReplaceFfxFpeConfig
impl Sync for CryptoReplaceFfxFpeConfig
impl Unpin for CryptoReplaceFfxFpeConfig
impl UnwindSafe for CryptoReplaceFfxFpeConfig
Blanket Implementations
Mutably borrows from an owned value. Read more
Wrap the input message T
in a tonic::Request
pub fn vzip(self) -> V
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more