This topic provides an overview of various security algorithms, including encryption and decryption, hashing, and masking.
Description of encryption and decryption security algorithms
Algorithm name | Algorithm description |
RSA native private key encryption/decryption | The general encryption algorithm RSA is a type of asymmetric encryption. It uses different keys for encryption and decryption, providing enhanced security. |
FPE format-preserving encryption/decryption (FF1) | A symmetric encryption method that preserves the format of the plaintext after encryption and decryption. It does not require changes to the database schema. The computed data can still participate in calculations, making it user-friendly. It is commonly used in financial services or applications that comply with specific data privacy standards. |
AES native encryption/decryption | The general encryption algorithm AES is a type of symmetric encryption. It uses the same key for encryption and decryption. |
3DES native encryption/decryption, DES native encryption/decryption | The general encryption algorithms 3DES/DES are types of symmetric encryption. They use the same key for encryption and decryption. |
FPE format-preserving native encryption/decryption (FF1) | A symmetric encryption method that preserves the format of the plaintext after encryption and decryption. It does not require changes to the database schema. The computed data can still participate in calculations, making it user-friendly. It is commonly used in financial services or applications that comply with specific data privacy standards. |
RSA native public key encryption/decryption | The general encryption algorithm RSA is a type of asymmetric encryption. It uses different keys for encryption and decryption, providing enhanced security. |
SM2 native public key encryption | The general encryption algorithm SM2 is a type of asymmetric encryption. It uses different keys for encryption and decryption, providing enhanced security. |
SM2 native private key decryption | The general encryption algorithm SM2 is a type of asymmetric encryption. It uses different keys for encryption and decryption, providing enhanced security. |
SM4 native encryption/decryption | The general encryption algorithm SM4 is a type of symmetric encryption. It uses the same key for encryption and decryption. |
Description of masking security algorithms
Algorithm name | Algorithm description |
Chinese name | Desensitizes the surname in a Chinese name, retaining only the given name. |
Chinese name (given name masking) | Desensitizes the given name in a Chinese name, retaining only the surname. |
Mobile phone | Desensitizes mobile phone numbers. |
Mobile phone (hidden length) | Desensitizes mobile phone numbers and changes the masking length. |
Landline | Desensitizes landline numbers. |
Landline (hidden length) | Desensitizes landline numbers and changes the masking length. |
ID card number | Desensitizes ID card numbers. |
ID card number (hidden length) | Desensitizes ID card numbers and changes the masking length. |
Bank card number | Desensitizes bank card numbers. |
Bank card number (hidden length) | Desensitizes bank card numbers and changes the masking length. |
Address | Desensitizes addresses. |
Desensitizes email addresses. Example: Input username@example.com, output u***@example.com. | |
Taobao nickname | Desensitizes Taobao nicknames. Example: Input Taobao talent 001, output Tao***1. |
Birthday | Example: Input 2019-08-15, output ****-08-15. |
Keyword replacement | Customizes the desensitization position of a string. There are three parameters: the complete string to be desensitized, the regular expression for the desensitized part, and the replacement string for the desensitized part. For example, input string1, exp, string2, and the part of string1 that matches exp will be replaced with string2. |
Custom mask | Customizes the desensitization position of a string. Parameters are input in pairs. For example, input n, m as a parameter pair, and the string from position n to m will be desensitized. |
Custom mask (custom replacement value) | Customizes the desensitization position of a string. Parameters are input in groups of three. For example, input n, m, k as a parameter group, and the string from position n to m will be replaced with k. |
Description of hashing security algorithms
Algorithm name | Algorithm description |
SHA256 | The general algorithm SHA256 produces a 256-bit (64-character hexadecimal) result after hashing. |
SHA384 | The general algorithm SHA384 produces a 384-bit (96-character hexadecimal) result after hashing. |
SHA512 | The general algorithm SHA512 produces a 512-bit (128-character hexadecimal) result after hashing. |
Salted SHA256 | The SHA256 algorithm with added salt is more secure and can effectively prevent dictionary attacks. It produces a 256-bit (64-character hexadecimal) result after hashing. |
Salted SHA384 | The SHA384 algorithm with added salt is more secure and can effectively prevent dictionary attacks. It produces a 384-bit (96-character hexadecimal) result after hashing. |
Salted SHA512 | The SHA512 algorithm with added salt is more secure and can effectively prevent dictionary attacks. It produces a 512-bit (128-character hexadecimal) result after hashing. |
MD5 | The general algorithm MD5 produces a 128-bit (32-character hexadecimal) result after hashing. |
Salted MD5 | The general algorithm MD5 produces a 128-bit (32-character hexadecimal) result after hashing. |
Base64 | Base64 is a method for representing binary data using 64 printable characters. Note that the result of Base64 can be directly decoded, so its security is relatively low. |
Description of other security algorithms
Algorithm name | Algorithm description |
Gaussian noise | Gaussian noise desensitization is used for numeric fields. It takes a numeric input and outputs a random value that overall follows a Gaussian distribution. |