Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Operations

Decrypting Objects

search

Please Note:

Decrypting Objects

Decrypt Parameters

The DECRYPT action requires the following parameters:

ParameterDescription
typeEncryption mode: AES_CBC_PAD, AES_CTR, FF1, FPE, or DESede.
keyName of the encryption key.
ivInitialization vector.

A 16-byte IV must be specified for AES_CTR and AES_CBC_PAD encryption (specified by type).

An 8-byte IV must be specified for DESede encryption (as specified by type), except when DESede also has the ECB value specified for the mode parameter, in which case the IV is optional.
ivSourceSpecifes a column in the source for the IV, to allow different IVs to be used for each row, for example: "ivSource":"column 10"

Value to be specified in hexadecimal format, for example: 01A40933B401A409

If value is not valid hexadecimal, it is treated as an ASCII string.
characterSet(FPE and FF1 modes only) Name of the characterSet that was defined under characterSets in the bdt.config file. Defaults include “latin”, “digits”, “alphabets”, and “alphanumeric”. Users can define their own characterSet in the config file as well.
tweak(FPE required, FF1 optional) Tweak. The size of the tweak must be 8 byte
tweakSourceSpecifes a column in the source for the tweak, to allow different tweaks to be used for each row, for example: "tweakSource":"column 2"
modeSpecify the supported encryption mode, either CBC or ECB. The mode must be specified when using the DESede algorithm (as specified by the type parameter), but is optional for all other encryption types.
paddingValid options are PKCS5Padding or NoPadding.

Decryption Example

The following example shows how to define decryption actions for two columns using AES_CBC_PAD and FPE decryption:

{
"name" : "column2",
    "action" : "DECRYPT",
    "config" : [ {
       "@type" : "AES_CBC_PAD",
       "key" : "c2KeyName",
       "iv":"000102030405060708090A0B0C0D0E0F"
     } ]
   }, {
    "name" : "column3",
    "action" : "DECRYPT",
    "config" : [ {
       "@type" : "FPE",
       "key" : "c3KeyName",
       "characterSet":"digits",
       "tweak":"0102030405060708"
      }  ]
  }

On this page