PBE Cryptography makes encryption and decryption operations using PBE algorithm (Password Based Encryption).

Take a look at the configuration parameters of the component:

  • Crypto Operation: available operation types - ENCRYPT FIELDS, DECRYPT FIELDS, ENCRYPT PAYLOAD and DECRYPT PAYLOAD.

  • Account: account to be used by the component - a SECRET-KEY type account is expected.

  • Iteration Count: number of iterations with Salt.

  • Algorithm: algorithm type to be used.

  • Fields To Encrypt/Decrypt: fields to be encrypted/decrypted using a dotted notation (eg.: body.field1,body.field2,body).

  • Charset: encoding type.

  • Secret Key Type: secret key format (String, Hexadecimal or Base64).

  • Fail On Error: if the option is activated, the pipeline with error execution will be suspended; otherwise, the pipeline execution continues, but the result will show a false value for the success property.

  • Advanced Settings: advanced configurations.

  • Use Key From Payload: if activated, the option will use the payload secret key.

  • Secret Key: key in Hex or Base64 format.

  • Use Salt From Payload: if activated, the option will use the payload Salt; otherwise, a new Salt will be generated.

  • Salt: random data string used to change a password hash.

  • Encryption Key As Hex Value: if the option is activated, the secret key response will be in hexadecimal; otherwise, it will be in Base64 if the "Use Key From Payload" option is also activated.

  • Salt As Hex Value: if the option is activated, the secret key response will be in hexadecimal; otherwise, it will be in Base64.

  • Encrypted Message As Hex: if the option is activated, the secret key response will be in hexadecimal; otherwise, it will be in Base64.

Messages flow

Encrypt via fields


Input

{
"accountLabel": "account",
"params": {
"operation": "encrypt_fields",
"iterationCount": 1000,
"keyType": "STRING",
"algorithm": "PBEWithMD5AndDES",
"encryptedFields": "a.test",
"failOnError": true
}
}

Payload

{
"a": {
"test": "test"
}
}

Output

{
"a": {
"test": "ZmRmcw=="
},
"_salt": "ZmRmcwZmRmcw=="
}

Decrypt via fields

Input

{
"accountLabel": "account",
"params": {
"operation": "decrypt_fields",
"iterationCount": 1000,
"keyType": "STRING",
"algorithm": "PBEWithMD5AndDES",
"encryptedFields": "a.test",
"useSaltFromPayload": true,
"salt": "{{ message._salt }}",
"failOnError": true
}
}

Payload

{
"a": {
"test": "ZmRmcw=="
},
"_salt": "ZmRmcwZmRmcw=="
}

Output

{
"a": {
"test": "test"
},
"_salt": "ZmRmcwZmRmcw=="
}



Encrypt via payload

Input

{
"accountLabel": "pbe",
"params": {
"operation": "encrypt_payload",
"iterationCount": 1000,
"payload": "{{ message.a.test }}",
"keyType": "STRING",
"algorithm": "PBEWithMD5AndDES",
"failOnError": true
}
}

Payload

{
"a": {
"test": "test"
}
}

Output

{
"a": {
"test": "test"
},
"result": "ZmRmcw==",
"_salt": "ZmRmcwZmRmcw=="
}


Decrypt via payload

Input

{
"accountLabel": "pbe",
"params": {
"operation": "decrypt_payload",
"iterationCount": 1000,
"payload": "{{ message.a.test }}",
"keyType": "STRING",
"algorithm": "PBEWithMD5AndDES",
"useSaltFromPayload": true,
"salt": "{{ message._salt }}",
"failOnError": true
}
}

Payload

{
"a": {
"test": "ZmRmcw=="
}
}

Output

{
"a": {
"test": "ZmRmcw=="
},
"result": "test",
"_salt": "ZmRmcwZmRmcw=="
}
Did this answer your question?