Version 25.2.9314

• Required Parameters
• Optional Parameters
• Output Attributes
• Example

Uses the AES algorithm to decrypt encrypted data.

Required Parameters

• keyVaultEntry: The name of the encrypted vault item to use for the key. Values stored in this vault item must match the encoding set in keyVaultEntryFormat and meet the length requirement of the selected algorithm.
• ivVaultEntry: The name of the encrypted vault item to use for the initialization vector (IV). Values stored in this vault item must match the encoding set in ivVaultEntryFormat and meet the length requirement of the selected algorithm.

Optional Parameters

• algorithm: The name of the algorithm used for encryption. AES is currently the only supported value. It requires 128-bit key lengths.
• cipherMode: The method used to process and decrypt the encrypted data. Accepted values are: CBC, ECB, OFB, CFB, CTS, 8OFB, 8CFB, GCM, CTR, and XTS. The default is CBC.
• paddingMode: The method used to handle extra or missing data when decrypting a message, ensuring the plaintext is correctly reconstructed. Accepted values are: PKCS7, Zeros, None, ANSIX923, and ISO10126. The default is PKCS7.
• keyVaultEntryFormat: The encoding on the value stored in the keyVaultEntry item. Accepted values are: HEX, BASE64, 8BIT, and RAW. The default is HEX.
• ivVaultEntryFormat: The encoding on the value stored in the ivVaultEntry item. Accepted values are: HEX, BASE64, 8BIT, and RAW. The default is HEX.
• data: The data to decrypt.
• file: The file to decrypt.
• outFile: The file in which to store the decrypted data.
• inFormat: The format to use for encrypted input data. Accepted values are: HEX, BASE64, 8BIT, and RAW. The default is HEX.
• outFormat: The format to use for encrypted output data. Accepted values are: HEX, BASE64, 8BIT, and RAW. The default is HEX.

Output Attributes

• data: The decrypted data, if outFile was not specified.
• outFile: The file containing the decrypted data, if outFile was specified.

Example

In the following example, the cryptoDecrypt operation is used to decrypt an encrypted value. The value was encrypted using AES and HEX encoding, so the example uses the default AES algorithm and the default HEX encoding for the keyVaultEntryFormat and keyVaultEntryFormat parameters. This means that the values stored in the “key” and “iv” vault items for keyVaultEntry and ivVaultEntry must match the 128-bit HEX encoded values that were used to encrypt the value.

Failure to use the correct values results in errors during the decryption process.

<!-- Encrypted value that was retrieved in an earlier step. -->
<arc:set attr="encrypted.value" value="D13B1E9F660B797347D1AAB00046BE70" />

<!-- Set both the Key and IV values. These are the names of the vault items that were used to encrypt the original data." -->
<arc:set attr="input.keyVaultEntry" value="key"/>
<arc:set attr="input.ivVaultEntry" value="iv"/>

<!-- Default algorithm is AES -->
<arc:set attr="input.algorithm" value="AES" />

<!-- Pass in the input item and call cryptoDecrypt -->
<arc:set attr="input.data" value="[encrypted.value]"/>  
<arc:call op="cryptoDecrypt" in="input" out="result" >
  <!-- Here is where you can use the newly decrypted value/data. A new file is used here. -->
  <arc:set attr="output.data" value="[result.data]" />
  <arc:set attr="output.filename" value="MyDecryptedData.txt" />
</arc:call>

<!-- Push the decrypted data, as a file, as output. -->
<arc:push item="output" />