Encryption types

Edge Encryption provides a variety of encryption types. For each encryption type, it provides support for AES with 128-bit encryption keys. If the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy files are installed, it also provides support for 256-bit encryption keys for each of the encryption types.

The following encryption types are listed in decreasing security quality.
Table 1. Encryption types
Encryption type Description
Standard AES 256 Fields cannot be filtered, sorted, or compared.
Standard AES 128 Fields cannot be filtered, sorted, or compared.
Equality preserving AES 256 Fields can be filtered using equality comparisons.
Equality preserving AES 128 Fields can be filtered using equality comparisons.
Order preserving AES 256 Fields can be sorted and equality comparison filtering can be used. Requires the use of a MySQL database in your network.
Order preserving AES 128 Fields can be sorted and equality comparison filtering can be used. Requires the use of a MySQL database in your network.

When using standard encryption, the encrypted value of a field is different each time the field is encrypted, even when the field value remains the same. Standard encryption is the most robust form of encryption. Fields using standard encryption cannot be sorted, grouped by, or filtered on.

When using equality preserving encryption, the encrypted value of a field is the same when the field value remains the same. When a field is encrypted using equality preserving encryption, it is possible to perform equality comparisons and group by operations on that field.

Note: When equality preserving encryption is selected for a field that already contains data, performing a group by action on the field may not group together fields with the same value if one is encrypted and the other is not.

When a field is encrypted using order preserving encryption, in addition to supporting all the features supported by equality preserving, it also supports the ability to sort data in the field. The order preserving encryption type is only supported if there is a MySQL database configured for the Edge Encryption Proxy.

Note: When using order preserving encryption and the proxy database is down, updates can be made to fields using order preserving encryption. However, the sort order will not be correct when trying to sort data based on those fields. Group by will also not work as expected. When the database is again operational, schedule an order token repair job to repair missing tokens.