IMPORTANT: This documentation has been discontinued. Read the updated AES Cryptography documentation on our new documentation portal.
AES Cryptography encrypts or decrypts based on symmetric cryptography.
Take a look the the configuration parameters of the component:
Crypto Operation: available operation types - ENCRYPT FIELDS, DECRYPT FIELDS, ENCRYPT PAYLOAD and DECRYPT PAYLOAD.
Account: account to be used by the component - a SECRET-KEY type account is expected (if you want to use an arbitrary key, then undo the selection of the account and enable the "Provide Key" option in the advanced configurations).
Fields To Encrypt/Decrypt: fields to be encrypted/decrypted using a dotted notation (eg.: body.field1,body.field2,body).
Algorithm Key Size: size of the algorithm key, available in 256 bits, 192 bits and 128 bits. For the key size:
- 256 bits, it’s necessary to use a 32-byte key;
- 192 bits, it’s necessary to use a 24-byte key;
- 128 bits, it’s necessary to use a 16-byte key.
Operation Mode: operation mode to be used.
Padding: is used in a block cipher in which the blocks are filled with padding bytes (eg.: AES 128 bits uses 16 padding bytes). “NoPadding” is used only when the message to be encrypted surely doesn’t need padding. The correct practice is to always use padding to avoid errors when encrypting/decrypting.
Charset: charset of the provided key of type string.
Fail On Error: if the option is enabled, the execution of the pipeline with error will be interrupted; otherwise, the pipeline execution proceeds, but the result will show a false value for the “success” property.
Advanced Settings: advanced configurations.
Concatenate IV: an encrypted message is expected/produced with Concatenate IV (IV+MESSAGE); otherwise, a IV parameter will be produced during the encryption and IV in IV will be expected in the "Decryption" field.
Provide IV For Encryption: if the option is activated, a IV as parameter for the encryption will be expected; otherwise, a parameter with zeroes or a random parameter controlled by parameter Empty IV will be generated.
IV as Hex: if the option is activated, a IV will be expected as an hexadecimal; otherwise, base64 is expected.
IV: starting vector to be previously informed for encryption/decryption, which should have 16 bytes. This parameter supports Double Braces.
Update AAD: additional authenticated data for the GCM operation. If the option is activated, it’s possible to inform the AAD for the GCM operation.
AAD: additional authenticated data. Value for the AAD key in the GCM operation.
Empty IV/Random IV: if the option is activated, an empty IV will be generated (16 bytes of zeroes); otherwise, a random IV will be generated.
Provide Key Or Generate Random: if the option is activated, a key is expected; otherwise, a random key will be generated.
Secret Key: key in Hex or Base64 format (controlled by the "Encryption Key As Hex Value" parameter) - the key must have the bits number in accordance to the "Algorithm Key Size" parameter.
Encryption Key As Hex Value: if the option is activated, the option expects/produces an Encryption Key as Hex; otherwise, it will be expected/produced as base64.
Encrypted Message As Hex: if the option is activated, the option expects/produces an encrypted message in Hex format; otherwise, it will be expected/produced as base64.
IMPORTANT: if you want to use your own key by account, it will be necessary to set a SECRET-KEY account or pass the respective property via Double Braces with the key.
Messages flow
Input
No specific input format is expected.
Output
Crypto Operation: ENCRYPT FIELDS or DECRYPT FIELDS
The same input structure will be expected in the output. If the “Concatenate IV” option is disabled, a new "IV" property will be generated in the JSON informed for each configured field.
Example
Input
{
"array": [
{"text": "text"},
{"text": "text2"}
]
}
Concatenate IV disabled:
{
"array": [
{"text": "ENCRYPTED TEXT", "iv": "SOME BASE64"},
{"text": "ENCRYPTED TEXT", "iv": "SOME BASE64"}
]
}
Concatenate IV enabled:
{
"array": [
{"text": "ENCRYPTED TEXT"},
{"text": "ENCRYPTED TEXT"}
]
}
Crypto Operation: ENCRYPT PAYLOAD or DECRYPT PAYLOAD
The encrypted value will be returned inside the “result” property. If the “Concatenate IV” option is disabled, a new "IV" property will be generated in the JSON informed for each configured field.
Concatenate IV disabled:
{
"result": "ENCRYPTED TEXT",
"iv": "SOME BASE64"
}
Concatenate IV enabled:
{
"result": "ENCRYPTED TEXT
}
AES Cryptography in Action
1. Cryptography ENCRYPT FIELDS
Crypto operation: ENCRYPT FIELDS
Fields To Encrypt/Decrypt: array.text
Algorithm key Size: 256
Operation Mode: CBC
Padding: PKCS5Padding
Advanced Settings: enabled
Concatenate IV: enabled
Provide IV for encryption: enabled
IV: MTIzNDU2Nzg5MDEyMzQ1NjE=
Provide Key Or Generate Random: enabled
Secret Key: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=
(It’s advised to store this key in a SECRET-KEY account type)
Encryption Key As Hex Value: disabled
Encrypted Message As Hex: disabled
Input
{
"array": [
{"text": "text"},
{"text": "text2"}
]
}
Output
{
"array": [
{
"text": "MTIzNDU2Nzg5MDEyMzQ1Npp1dUf7FzjkLwD9Ezq4FSU="
},
{
"text": "MTIzNDU2Nzg5MDEyMzQ1NijQdN4bFfeBL9Z6vCfzMTw="
}
]
}
2. Cryptography ENCRYPT PAYLOAD
Crypto operation: ENCRYPT PAYLOAD
Payload: text
Algorithm key Size: 256
Operation Mode: CBC
Padding: PKCS5Padding
Advanced Settings: enabled
Concatenate IV: enabled
Provide IV for encryption: enabled
IV: MTIzNDU2Nzg5MDEyMzQ1NjE=
Provide Key Or Generate Random: enabled
Secret Key: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=
(It’s advised to store this key in a SECRET-KEY account type)
Encryption Key As Hex Value: disabled
Encrypted Message As Hex: disabled
Input
{}
Output
{
"result": "MTIzNDU2Nzg5MDEyMzQ1Npp1dUf7FzjkLwD9Ezq4FSU="
}
3. Decryption DECRYPT FIELDS
Crypto operation: DECRYPT FIELDS
Fields To Encrypt/Decrypt: array.text
Algorithm key Size: 256
Operation Mode: CBC
Padding: PKCS5Padding
Advanced Settings: enabled
Concatenate IV: enabled
Provide IV for encryption: enabled
IV: MTIzNDU2Nzg5MDEyMzQ1NjE=
Provide Key Or Generate Random: enabled
Secret Key: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=
(It’s advised to store this key in a SECRET-KEY account type)
Encryption Key As Hex Value: disabled
Encrypted Message As Hex: disabled
Input
{
"array": [
{
"text": "MTIzNDU2Nzg5MDEyMzQ1Npp1dUf7FzjkLwD9Ezq4FSU="
},
{
"text": "MTIzNDU2Nzg5MDEyMzQ1NijQdN4bFfeBL9Z6vCfzMTw="
}
]
}
Output
{
"array": [
{"text": "text"},
{"text": "text2"}
]
}
4. Decryption DECRYPT PAYLOAD
Crypto operation: DECRYPT PAYLOAD
Payload: MTIzNDU2Nzg5MDEyMzQ1Npp1dUf7FzjkLwD9Ezq4FSU=
Algorithm key Size: 256
Operation Mode: CBC
Padding: PKCS5Padding
Advanced Settings: enabled
Concatenate IV: enabled
Provide IV for encryption: enabled
IV: MTIzNDU2Nzg5MDEyMzQ1NjE=
Provide Key Or Generate Random: enabled
Secret Key: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=
(It’s advised to store this key in a SECRET-KEY account type)
Encryption Key As Hex Value: disabled
Encrypted Message As Hex: disabled
Input
{}
Output
{
"result": "text"
}