As its name suggests, format-preserving encryption transforms plaintext to ciphertext of the same format and length. For example, format-preserving encryption may be used for a legacy application that needs to protect 16-digit credit card numbers and 9-digit social security numbers in a database without having to change their storage allocations. FPE has saved a lot of headaches in these use cases, as you can imagine.
For ‘FIPS Approved’ operation, until Cryptographic Algorithm Validation Program (CAVP) testing becomes available specifically for FPE, vendors will need to complete CAVP testing for the underlying AES algorithm, make documentation updates, and affirm compliance to SP 800-38G. Alternatively, SafeLogic can help you strategize and complete this process as easily as possible.
If you have a customer requirement to provide format-preserving encryption with FIPS 140-2 validation, then please contact us today.