Keys are required parameters for security algorithms such as salting, hashing, and encryption/decryption. Learn how to register and manage keys in Dataphin.
Key usage guidelines
Except for public layer data, each project should register its own keys. Avoid sharing keys across projects or with too many users.
Permissions
-
Super administrators and security administrators can register and manage all keys.
-
Key owners can manage the keys they registered.
-
You can assign key management permissions when creating or editing keys. key permission management.
Register key
-
On the Dataphin home page, choose Administration > Data Security in the top menu bar.
-
In the left navigation bar, choose Sensitive Data Protection > Key Management. On the Key Management page, click Register Key.
-
In the Register Key dialog box, configure the following parameters.
Parameter
Description
Key Name
The key name can contain Chinese characters, English letters, digits, or underscores (_), up to 10 characters.
Key Type
Choose between Hashing Key or Encryption And Decryption Key.
-
Hashing Key: Used for salting and hashing algorithms (e.g., salted MD5). No strict format requirements. One key can serve multiple hashing algorithms.
-
Encryption And Decryption Key: Used for encryption/decryption algorithms (e.g., AES, DES). Has strict format requirements. Different algorithms should not share keys.
-
Encryption And Decryption Algorithm: Select an algorithm based on your business needs. Supported: AES, DES, 3DES, SM2, SM4, PSA, and FF1. security algorithm instructions.
-
Key Length: Longer bit lengths provide higher security. SM2 does not require key length configuration. security algorithm examples.
-
AES: Supports 128-bit, 192-bit, and 256-bit keys.
-
DES: Supports only 64-bit (non-configurable).
-
3DES: Supports 112-bit and 169-bit keys.
-
SM4: Supports only 128-bit (non-configurable).
-
PSA: Supports 1024-bit, 2048-bit, and 4096-bit keys.
-
FPE (FF1): Supports 128-bit, 192-bit, and 256-bit keys.
-
-
Generated By
Select either System Generated or Custom for key generation.
-
System Generated: The system generates the key value automatically.
-
Custom: Manually enter the key value and parameters.
-
Key Value: Enter a custom key value. The length must match the selected Key Length. For example, a 128-bit key requires a value of up to 16 bytes. encryption and decryption algorithm examples.
NoteIf the key length from the previous data system does not match, check the original system's key padding method and manually adjust to the required length.
-
For encryption and decryption algorithms like SM2 or RSA, configure the following:
-
Public Key: The public key component.
-
Private Key: The private key component.
NoteIn key pair scenarios, the public key encrypts and the private key decrypts. Dataphin currently supports only public key encryption and private key decryption.
-
-
Owner Management Only
Disabled by default. When off, super administrators, security administrators, and key owners can edit, grant, change owner, and delete keys. When on, only super administrators and key owners retain these privileges, but super administrators cannot approve keys.
Key Description
A brief description of the key, up to 128 characters.
-
-
Click OK to complete the registration.
Key management list
After adding a key, you can view, edit, change ownership, and delete it from the key list page.
|
Area |
Description |
|
①Filter and search area |
Search by key name or description (fuzzy match), or filter by My, Key Type, Encryption And Decryption Algorithm, Generated By, and Owner. |
|
②Key instructions |
Click Instructions to view key usage details, including Concept Instructions, Key Type - Hashing Key, Key Type - Encryption And Decryption Key, and Usage Suggestions.
|
|
③Key list |
Displays Key Name, Key Type, Encryption and Decryption Algorithm, Generated By, Owner, Created At, and Key Description. Available Actions: View Key Value, Task Reference Record, Permission Management, Edit, Change Owner, and Delete.
|
