This is a great question!
You should use signatory
/observer
s to restrict access to the data. The underlying ledger (ok - maybe not the sandbox, but a production ledger) will take care of encryption for you, or it might even restrict access physically by keeping the data on your local node, where other parties are unable to access it altogether! edit: See ledger topologies for an overview of the different approaches that may be used to guarantee privacy. It all depends on the implementation and it’s affinity to our abstract ledger model.
That’s one of the main advantages of DAML - it abstracts all this stuff away for you, and ensures portability across ledgers.
It also means that you don’t have to be a cryptographer and have knowledge of the underlying algorithms; this in turn reduces security risk, leaving the implementation to (hopefully!) a subject-matter expert. By this I don’t mean the cipher, but rather the implementation of the crypto-system as a whole, including details like key management, initialization, operation modes etc.
I’d be interested to hear if this answer doesn’t satisfy you. Is there a particular reason that you want to explicitly have control over privacy in the ledger?