decrypt()

The decrypt() function decrypts encrypted binary data using a specified cipher algorithm and key, and returns the result as binary.

Syntax

decrypt(CIPHER, KEY, DATA[, IV])

Parameters

CIPHER
A string in algorithm/mode/padding format. If mode and padding are omitted and only the algorithm is specified, the default values for that algorithm are applied.

Refer to the Java Security Standard Algorithm Names documentation for available algorithms, modes, and paddings.

Note
The following formats are required to be supported by all Java implementations. The DES and DESede algorithms and ECB mode are insecure; use them only when required for compatibility with external systems. The number in parentheses indicates encryption bits.
- AES/CBC/NoPadding (128)
- AES/CBC/PKCS5Padding (128)
- AES/ECB/NoPadding (128)
- AES/ECB/PKCS5Padding (128)
- AES/GCM/NoPadding (128)
- DES/CBC/NoPadding (56)
- DES/CBC/PKCS5Padding (56)
- DES/ECB/NoPadding (56)
- DES/ECB/PKCS5Padding (56)
- DESede/CBC/NoPadding (168)
- DESede/CBC/PKCS5Padding (168)
- DESede/ECB/NoPadding (168)
- DESede/ECB/PKCS5Padding (168)
- RSA/ECB/PKCS1Padding (1024, 2048)
- RSA/ECB/OAEPWithSHA-1AndMGF1Padding (1024, 2048)
- RSA/ECB/OAEPWithSHA-256AndMGF1Padding (1024, 2048)
KEY
A binary key of the size required by the specified cipher algorithm. Key lengths by algorithm are as follows.
  • AES: choose from 16 bytes (128-bit), 24 bytes (192-bit), or 32 bytes (256-bit)
  • RSA: choose from 128 bytes (1024-bit) or 256 bytes (2048-bit)
DATA
The binary data to decrypt.
IV
A binary initialization vector (IV) required by operation modes such as CBC.

Description

The decrypt() function uses the Java Cipher class to decrypt binary data with the specified cipher algorithm and key, and returns the result as binary.

Returns null if KEY or DATA is null or not a binary type. If IV is specified, it must also be a binary type; otherwise null is returned. Returns null if an error occurs during decryption.

Caution
Logpresso supports a variety of cipher algorithms provided by Java for compatibility. However, avoid using insecure algorithms or modes such as the DES family or ECB mode.

Error codes

Error codeDescription
90650Fewer than 3 parameters were provided.
90651An invalid cipher algorithm was specified.

Usage examples

  1. Decrypt data encrypted with the AES algorithm

    json "{}"
| eval key = frombase64("mRcOlK9V47rjVL/RBYQYRw=="),
       encrypted = frombase64("y7+NQQ9/9xGtbBq5pgBvCA=="),
       decrypted = decode(decrypt("AES", key, encrypted))
| # decrypted: hello, world!

  2. Decrypt with an IV specified in CBC mode

    json "{}"
| eval key = frombase64("mRcOlK9V47rjVL/RBYQYRw=="),
       iv = frombase64("AAAAAAAAAAAAAAAAAAAAAA=="),
       encrypted = frombase64("..."),
       decrypted = decrypt("AES/CBC/PKCS5Padding", key, encrypted, iv)

  3. KEY or DATA is null

    json "{}" | eval result = decrypt("AES", null, binary("data"))
| # result: null

Compatibility

The decrypt() function has been available since before Sonar 4.0.