Format-Preserving Encryption (FPE)


Next Steps
Overview Algorithms Format Preserving Encryption Hashing Key Management


The purpose of most encryption tools and techniques is to mask data and allow it to be decrypted. Unfortunately, their processes result in ciphertext that is not human readable and is often longer than the original field value. The challenge is to retain the original format of the data in its protected state, so that it appears real, preserves referential integrity checks, and can be used for testing.

Data protection needs to take into account both internal and external threats, including those against critical database and application resources. However, many protection mechanisms require application retooling or add complexity that delays or halts deployment. Format-preserving encryption overcomes these issues. It's an exciting step toward improved, simpler data protection and compliance with regulatory requirements.

-Trent Henry, Burton Group


IRI encrypts personally identifiable information (PII) in databases and files with advanced Format-Preserving Encryption (FPE) technologies. IRI makes it possible to apply AES-256 field-level encryption without format alterations.

In IRI's FieldShield and CoSort SortCL software, you can use FPE to:

  • Keep and preserve original data formats
  • Maintain referential integrity
  • Eliminate the need for multiple masking and lookup tables
  • Eliminate format changes, database, or application schema
  • Encrypt primary and foreign keys
  • Provide reversible data masking

For example, encrypt a 16-digit credit card number and display another 16-digit number in the same format.



Request More Information

Live Chat

* indicates a required field.
IRI does NOT share your information.