AES Cryptography encrypts or decrypts based on symmetric cryptography.

Take a look the the configuration parameters of the component:

  • Crypto Operation: available operation types - ENCRYPT FIELDS, DECRYPT FIELDS, ENCRYPT PAYLOAD and DECRYPT PAYLOAD.

  • Account: account to be used by the component - a SECRET-KEY type account is expected (if you want to use an arbitrary key, then undo the selection of the account and enable the "Provide Key" option in the advanced configurations).

  • Fields To Encrypt/Decrypt: fields to be encrypted/decrypted using a dotted notation (eg.: body.field1,body.field2,body).

  • Algorithm Key Size: size of the algorithm key, available in 256 bits, 192 bits and 128 bits. For the key size:

    - 256 bits, it’s necessary to use a 32-byte key;

    - 192 bits, it’s necessary to use a 24-byte key;

    - 128 bits, it’s necessary to use a 16-byte key.

  • Operation Mode: operation mode to be used.

  • Padding: is used in a block cipher in which the blocks are filled with padding bytes (eg.: AES 128 bits uses 16 padding bytes). “NoPadding” is used only when the message to be encrypted surely doesn’t need padding. The correct practice is to always use padding to avoid errors when encrypting/decrypting.

  • Charset: charset of the provided key of type string.

  • Fail On Error: if the option is enabled, the execution of the pipeline with error will be interrupted; otherwise, the pipeline execution proceeds, but the result will show a false value for the “success” property.

  • Advanced Settings: advanced configurations.

  • Concatenate IV: an encrypted message is expected/produced with Concatenate IV (IV+MESSAGE); otherwise, a IV parameter will be produced during the encryption and IV in IV will be expected in the "Decryption" field.

  • Provide IV For Encryption: if the option is activated, a IV as parameter for the encryption will be expected; otherwise, a parameter with zeroes or a random parameter controlled by parameter Empty IV will be generated.

  • IV as Hex: if the option is activated, a IV will be expected as an hexadecimal; otherwise, base64 is expected.

  • IV: starting vector to be previously informed for encryption/decryption, which should have 16 bytes. This parameter supports Double Braces.

  • Update AAD: additional authenticated data for the GCM operation. If the option is activated, it’s possible to inform the AAD for the GCM operation.

  • AAD: additional authenticated data. Value for the AAD key in the GCM operation.

  • Empty IV/Random IV: if the option is activated, an empty IV will be generated (16 bytes of zeroes); otherwise, a random IV will be generated.

  • Provide Key Or Generate Random: if the option is activated, a key is expected; otherwise, a random key will be generated.

  • Secret Key: key in Hex or Base64 format (controlled by the "Encryption Key As Hex Value" parameter) - the key must have the bits number in accordance to the "Algorithm Key Size" parameter.

  • Encryption Key As Hex Value: if the option is activated, the option expects/produces an Encryption Key as Hex; otherwise, it will be expected/produced as base64.

  • Encrypted Message As Hex: if the option is activated, the option expects/produces an encrypted message in Hex format; otherwise, it will be expected/produced as base64.

IMPORTANT: if you want to use your own key by account, it will be necessary to set a SECRET-KEY account or pass the respective property via Double Braces with the key.

Messages flow

Input

No specific input format is expected.

Output

  • Crypto Operation: ENCRYPT FIELDS or DECRYPT FIELDS

The same input structure will be expected in the output. If the “Concatenate IV” option is disabled, a new "IV" property will be generated in the JSON informed for each configured field.

Example

Input

{
"array": [
{"text": "text"},
{"text": "text2"}
]
}

Concatenate IV disabled:

{
"array": [
{"text": "ENCRYPTED TEXT", "iv": "SOME BASE64"},
{"text": "ENCRYPTED TEXT", "iv": "SOME BASE64"}
]
}

Concatenate IV enabled:

{
"array": [
{"text": "ENCRYPTED TEXT"},
{"text": "ENCRYPTED TEXT"}
]
}

  • Crypto Operation: ENCRYPT PAYLOAD or DECRYPT PAYLOAD

The encrypted value will be returned inside the “result” property. If the “Concatenate IV” option is disabled, a new "IV" property will be generated in the JSON informed for each configured field.

Concatenate IV disabled:

{
"result": "ENCRYPTED TEXT",
"iv": "SOME BASE64"
}

Concatenate IV enabled:

{
"result": "ENCRYPTED TEXT
}

AES Cryptography in Action

1. Cryptography ENCRYPT FIELDS

Crypto operation: ENCRYPT FIELDS

Fields To Encrypt/Decrypt: array.text

Algorithm key Size: 256

Operation Mode: CBC

Padding: PKCS5Padding

Advanced Settings: enabled

Concatenate IV: enabled

Provide IV for encryption: enabled

IV: MTIzNDU2Nzg5MDEyMzQ1NjE=

Provide Key Or Generate Random: enabled

Secret Key: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=

(It’s advised to store this key in a SECRET-KEY account type)

Encryption Key As Hex Value: disabled

Encrypted Message As Hex: disabled

Input

{
"array": [
{"text": "text"},
{"text": "text2"}
]
}

Output

{
"array": [
{
"text": "MTIzNDU2Nzg5MDEyMzQ1Npp1dUf7FzjkLwD9Ezq4FSU="
},
{
"text": "MTIzNDU2Nzg5MDEyMzQ1NijQdN4bFfeBL9Z6vCfzMTw="
}
]
}

2. Cryptography ENCRYPT PAYLOAD

Crypto operation: ENCRYPT PAYLOAD

Payload: text

Algorithm key Size: 256

Operation Mode: CBC

Padding: PKCS5Padding

Advanced Settings: enabled

Concatenate IV: enabled

Provide IV for encryption: enabled

IV: MTIzNDU2Nzg5MDEyMzQ1NjE=

Provide Key Or Generate Random: enabled

Secret Key: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=

(It’s advised to store this key in a SECRET-KEY account type)

Encryption Key As Hex Value: disabled

Encrypted Message As Hex: disabled

Input

{}

Output

{
"result": "MTIzNDU2Nzg5MDEyMzQ1Npp1dUf7FzjkLwD9Ezq4FSU="
}

3. Decryption DECRYPT FIELDS

Crypto operation: DECRYPT FIELDS

Fields To Encrypt/Decrypt: array.text

Algorithm key Size: 256

Operation Mode: CBC

Padding: PKCS5Padding

Advanced Settings: enabled

Concatenate IV: enabled

Provide IV for encryption: enabled

IV: MTIzNDU2Nzg5MDEyMzQ1NjE=

Provide Key Or Generate Random: enabled

Secret Key: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=

(It’s advised to store this key in a SECRET-KEY account type)

Encryption Key As Hex Value: disabled

Encrypted Message As Hex: disabled

Input

{
"array": [
{
"text": "MTIzNDU2Nzg5MDEyMzQ1Npp1dUf7FzjkLwD9Ezq4FSU="
},
{
"text": "MTIzNDU2Nzg5MDEyMzQ1NijQdN4bFfeBL9Z6vCfzMTw="
}
]
}

Output

{
"array": [
{"text": "text"},
{"text": "text2"}
]
}

4. Decryption DECRYPT PAYLOAD

Crypto operation: DECRYPT PAYLOAD

Payload: MTIzNDU2Nzg5MDEyMzQ1Npp1dUf7FzjkLwD9Ezq4FSU=

Algorithm key Size: 256

Operation Mode: CBC

Padding: PKCS5Padding

Advanced Settings: enabled

Concatenate IV: enabled

Provide IV for encryption: enabled

IV: MTIzNDU2Nzg5MDEyMzQ1NjE=

Provide Key Or Generate Random: enabled

Secret Key: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=

(It’s advised to store this key in a SECRET-KEY account type)

Encryption Key As Hex Value: disabled

Encrypted Message As Hex: disabled

Input

{}

Output

{
"result": "text"
}

Did this answer your question?