The description of the format entry.
The upper bound of the range within which all the original column values fall. The end date must be greater than or equal to the start date.
The lower bound of the range within which all the original column values fall. The start date must be less than or equal to the end date.
The Deterministic Encryption (Date) masking format encrypts column data using a cryptographic key and Advanced Encryption Standard (AES 128). It can be used to encrypt date columns only. It requires a range of dates as input defined by the startDate and endDate attributes. The start date must be less than or equal to the end date.
The original column values in all the rows must be within the specified date range. The encrypted values are also within the specified range. Therefore, to ensure uniqueness, the total number of dates in the range must be greater than or equal to the number of distinct original values in the column. If an original value is not in the specified date range, it might not produce a one-to-one mapping. All non-confirming values are mapped to a single encrypted value, thereby producing a many-to-one mapping.
Deterministic Encryption (Date) is a format-preserving, deterministic and reversible masking format, which requires a seed value while submitting a masking work request. Passing the same seed value when masking multiple times or masking different databases ensures that the data is masked deterministically. To learn more, check Deterministic Encryption in the Data Safe documentation.