AES Cryptography

Learn how to encrypt or decrypt using the AES Cryptography component.

AES Cryptography encrypts or decrypts based on symmetric cryptography.

Parameters

Take a look at the configuration options for the component. Parameters supported by Double Braces expressions are marked with (DB).

Parameter

Description

Default value

Data type

Crypto Operation

Available operation types (Encrypt Fields, Decrypt Fields, Encrypt Payload, and Decrypt Payload).

Encrypt Fields

String

Account

Account to be used by the component. A Secret Key type account is expected.

If you want to use an arbitrary key, then undo the selection of the account and activate the Provide Key Or Generate Random option, in Advanced Settings.

N/A

String

Fields To Encrypt/Decrypt

Fields to be encrypted/decrypted using a dotted notation (e.g., body.field1, body.field2, body).

a.test

String

Payload to Encrypt/Decrypt (DB)

Payload to be encrypted/decrypted.

N/A

String

Algorithm Key Size

Size of the algorithm key, available in 256 bits (necessary to use a 32-byte key), 192 bits (24-byte key), and 128 bits (16-byte key).

256 bits

Integer (bits)

Operation Mode

Operation mode to be used (CBC, OFB, CTR, CFB, GCM, or ECB).

CBC

String

GCM Tag Length

Sets the tag length (128 bits, 120 bits, 112 bits, 104 bits, or 96 bits). This field is available only when GCM is selected in the Operation Mode parameter.

N/A

String

Padding

Is used in a block cipher in which the blocks are filled with padding bytes (e.g., AES 128 bits uses 16 padding bytes). The NoPadding option is used only when the message to be encrypted surely doesn’t need padding. The correct practice is to always use padding to avoid errors when encrypting/decrypting.

PKCS5Padding

String

Charset

Charset of the provided key of type string.

UTF-8

String

Fail On Error

If the option is active, the execution of the pipeline with an error will be interrupted; otherwise, the pipeline execution proceeds, but the result will show a false value for the “success” property.

False

Boolean

Advanced Settings

If the option is active, you can access the following configurations:

False

Boolean

Concatenate IV

An encrypted message is expected/produced with Concatenate IV (IV+MESSAGE); otherwise, an IV parameter will be produced during the encryption, and IV in IV will be expected in the "Decryption" field.

N/A

Boolean

Provide IV For Encryption

If the option is active, an IV as a parameter for encryption will be expected; otherwise, a parameter with zeroes or a random parameter controlled by parameter Empty IV or Random IV? will be generated.

N/A

Boolean

Empty IV or Random IV?

If the option is active, an empty IV will be generated (16 bytes of zeroes); otherwise, a random IV will be generated.

N/A

Boolean

IV as Hex Value

If the option is active, an IV will be expected as hexadecimal; otherwise, base64 is expected. This parameter is not available when Concatenate IV is active.

N/A

String

Update AAD

Additional authenticated data for the GCM operation. If the option is active, it’s possible to inform the AAD for the GCM operation. This option is available only when GCM is selected in the Operation Mode parameter.

N/A

String

AAD

Additional authenticated data. Value for the AAD key in the GCM operation. This option is available only when Update AAD is active and when GCM is selected in the Operation Mode parameter.

N/A

String

Starting vector to be previously informed for encryption/decryption, which should have 16 bytes. This parameter is available only when Provide IV For Encryption is active.

N/A

String

Provide Key Or Generate Random

If the option is active, a key is expected; otherwise, a random key will be generated.

N/A

Boolean

Secret Key

Key in Hex or Base64 format (controlled by the Encryption Key As Hex Value parameter). The key must have the bits number in accordance with the Algorithm Key Size parameter.

N/A

String

Encryption Key As Hex Value

If the option is active, the option expects/produces an Encryption Key as Hex; otherwise, it will be expected/produced as base64.

N/A

Boolean

Encrypted Message As Hex

If the option is active, the option expects/produces an encrypted message in Hex format; otherwise, it will be expected/produced as base64.

N/A

Boolean

Important: if you want to use your own key by account, it will be necessary to set a Secret Key account or pass the respective property via Double Braces with the key.

Messages flow

Input

No specific input format is expected.

Output

Crypto Operation: Encrypt Fields or Decrypt Fields

The same input structure will be expected in the output. If the Concatenate IV option is inactive, a new "IV" property will be generated in the JSON informed for each configured field.

Example

Input

{
    "array": [{
        "text": "text"
    },{
        "text": "text2"
    }]
}

Concatenate IV inactive:

{
    "array": [{
        "text": "ENCRYPTED TEXT", 
        "iv": "SOME BASE64"
    },{
        "text": "ENCRYPTED TEXT", 
        "iv": "SOME BASE64"
    }]
}

Concatenate IV active:

{
    "array": [{
        "text": "ENCRYPTED TEXT"
    },{
        "text": "ENCRYPTED TEXT"
    }]
}

Crypto Operation: Encrypt Payload or Decrypt Payload

The encrypted value will be returned inside the “result” property. If the Concatenate IV option is inactive, a new "IV" property will be generated in the JSON informed for each configured field.

Concatenate IV inactive:

{
    "result": "ENCRYPTED TEXT",
    "iv": "SOME BASE64"
}

Concatenate IV active:

{
    "result": "ENCRYPTED TEXT
}