AES Cryptography
Know the component and how to use it.
AES Cryptography encrypts or decrypts based on symmetric cryptography.
Take a look the the configuration parameters of the component:
- Crypto Operation: available operation types (Encrypt Fields, Decrypt Fields, Encrypt Payload, and Decrypt Payload).
- Account: account to be used by the component. A SECRET-KEY type account is expected. If you want to use an arbitrary key, then undo the selection of the account and activate the Provide Key Or Generate Random option, in Advanced Settings.
- Fields To Encrypt/Decrypt: fields to be encrypted/decrypted using a dotted notation (eg.: body.field1,body.field2,body).
- Algorithm Key Size: size of the algorithm key, available in 256 bits, 192 bits, and 128 bits.
You must use the following keys depending on each size:
- 256 bits, it’s necessary to use a 32-byte key;
- 192 bits, it’s necessary to use a 24-byte key;
- 128 bits, it’s necessary to use a 16-byte key.
- Operation Mode: operation mode to be used (CBC, OFB, CTR, CFB, GCM, or ECB).
- GCM Tag Length: sets the tag lenght (128 bits, 120 bits, 112 bits, 104 bits, or 96 bits). This field is available only when GCM is selected in the Operation Mode parameter.
- Padding: is used in a block cipher in which the blocks are filled with padding bytes (eg.: AES 128 bits uses 16 padding bytes). The NoPadding option is used only when the message to be encrypted surely doesn’t need padding. The correct practice is to always use padding to avoid errors when encrypting/decrypting.
- Charset: charset of the provided key of type string.
- Fail On Error: if the option is active, the execution of the pipeline with error will be interrupted; otherwise, the pipeline execution proceeds, but the result will show a false value for the “success” property.
- Advanced Settings: if the option is active, you can access the following configurations:
- Concatenate IV: an encrypted message is expected/produced with Concatenate IV (IV+MESSAGE); otherwise, a IV parameter will be produced during the encryption and IV in IV will be expected in the "Decryption" field.
- Provide IV For Encryption: if the option is active, a IV as parameter for the encryption will be expected; otherwise, a parameter with zeroes or a random parameter controlled by parameter Empty IV or Random IV? will be generated.
- Empty IV or Random IV?: if the option is active, an empty IV will be generated (16 bytes of zeroes); otherwise, a random IV will be generated.
- IV as Hex Value: if the option is active, a IV will be expected as an hexadecimal; otherwise, base64 is expected. This parameter is not available when Concatenate IV is active.
- Update AAD: additional authenticated data for the GCM operation. If the option is active, it’s possible to inform the AAD for the GCM operation. This option is available only when GCM is selected in the Operation Mode parameter.
- AAD: additional authenticated data. Value for the AAD key in the GCM operation. This option is available only when Update AAD is active and when GCM is selected in the Operation Mode parameter.
- IV: starting vector to be previously informed for encryption/decryption, which should have 16 bytes. This parameter is available only when Provide IV For Encryption is active and supports Double Braces.
- Provide Key Or Generate Random: if the option is active, a key is expected; otherwise, a random key will be generated.
- Secret Key: key in Hex or Base64 format (controlled by the Encryption Key As Hex Value parameter). The key must have the bits number in accordance to the Algorithm Key Size parameter.
- Encryption Key As Hex Value: if the option is active, the option expects/produces an Encryption Key as Hex; otherwise, it will be expected/produced as base64.
- Encrypted Message As Hex: if the option is active, the option expects/produces an encrypted message in Hex format; otherwise, it will be expected/produced as base64.
IMPORTANT: if you want to use your own key by account, it will be necessary to set a SECRET-KEY account or pass the respective property via Double Braces with the key.
No specific input format is expected.
The same input structure will be expected in the output. If the Concatenate IV option is inactive, a new "IV" property will be generated in the JSON informed for each configured field.
Input
{
"array": [{
"text": "text"
},{
"text": "text2"
}]
}
Concatenate IV inactive:
{
"array": [{
"text": "ENCRYPTED TEXT",
"iv": "SOME BASE64"
},{
"text": "ENCRYPTED TEXT",
"iv": "SOME BASE64"
}]
}
Concatenate IV active:
{
"array": [{
"text": "ENCRYPTED TEXT"
},{
"text": "ENCRYPTED TEXT"
}]
}
The encrypted value will be returned inside the “result” property. If the Concatenate IV option is inactive, a new "IV" property will be generated in the JSON informed for each configured field.
Concatenate IV inactive:
{
"result": "ENCRYPTED TEXT",
"iv": "SOME BASE64"
}
Concatenate IV active:
{
"result": "ENCRYPTED TEXT
}
Crypto operation: Encrypt Fields
Fields To Encrypt/Decrypt: array.text
Algorithm key Size: 256
Operation Mode: CBC
Padding: PKCS5Padding
Advanced Settings: active
Concatenate IV: active
Provide IV for encryption: active
IV: MTIzNDU2Nzg5MDEyMzQ1NjE=
Provide Key Or Generate Random: active
Secret Key: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=
(It’s recommended to store this key in a SECRET-KEY account type)
Encryption Key As Hex Value: inactive
Encrypted Message As Hex: inactive
{
"array": [{
"text": "text"
},{
"text": "text2"
}]
}
{
"array":[{
"text": "MTIzNDU2Nzg5MDEyMzQ1Npp1dUf7FzjkLwD9Ezq4FSU="
},{
"text": "MTIzNDU2Nzg5MDEyMzQ1NijQdN4bFfeBL9Z6vCfzMTw="
}]
}
Crypto operation: Encrypt Payload
Payload: text
Algorithm key Size: 256
Operation Mode: CBC
Padding: PKCS5Padding
Advanced Settings: active
Concatenate IV: active
Provide IV for encryption: active
IV: MTIzNDU2Nzg5MDEyMzQ1NjE=
Provide Key Or Generate Random: active
Secret Key: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=
(It’s recommended to store this key in a SECRET-KEY account type)
Encryption Key As Hex Value: inactive
Encrypted Message As Hex: inactive
{}
{
"result": "MTIzNDU2Nzg5MDEyMzQ1Npp1dUf7FzjkLwD9Ezq4FSU="
}
Crypto operation: Decrypt Fields
Fields To Encrypt/Decrypt: array.text
Algorithm key Size: 256
Operation Mode: CBC
Padding: PKCS5Padding
Advanced Settings: active
Concatenate IV: active
Provide IV for encryption: active
IV: MTIzNDU2Nzg5MDEyMzQ1NjE=
Provide Key Or Generate Random: active
Secret Key: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=
(It’s advised to store this key in a SECRET-KEY account type)
Encryption Key As Hex Value: inactive
Encrypted Message As Hex: inactive
{
"array": [{
"text": "MTIzNDU2Nzg5MDEyMzQ1Npp1dUf7FzjkLwD9Ezq4FSU="
},{
"text": "MTIzNDU2Nzg5MDEyMzQ1NijQdN4bFfeBL9Z6vCfzMTw="
}]
}
{
"array": [{
"text": "text"
},{
"text": "text2"
}]
}
Crypto operation: Decrypt Payload
Payload: MTIzNDU2Nzg5MDEyMzQ1Npp1dUf7FzjkLwD9Ezq4FSU=
Algorithm key Size: 256
Operation Mode: CBC
Padding: PKCS5Padding
Advanced Settings: active
Concatenate IV: active
Provide IV for encryption: active
IV: MTIzNDU2Nzg5MDEyMzQ1NjE=
Provide Key Or Generate Random: active
Secret Key: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=
(It’s recommended to store this key in a SECRET-KEY account type)
Encryption Key As Hex Value: inactive
Encrypted Message As Hex: inactive
{}
{
"result": "text"
}
Last modified 1mo ago