AES-256-GCM decrypt

Description

This operation decrypts a base64-encoded AES-256-GCM ciphertext using the provided encryption key. The input must be base64(nonce || ciphertext) as produced by AES-256-GCM encryption.

The AES-256-GCM algorithm encrypts the data so that malicious actors cannot read it, and generates an authentication tag that acts as a tamper-evident seal. If a hacker alters the encrypted data, the tag will immediately alert the receiving system, preventing the data from being used.

Data types

These are the input/output expected data types for this operation:

Input data

- The base64-encoded ciphertext with the nonce prepended.

Output data

- The decrypted strings.

Parameters

These are the parameters you need to configure to use this operation (mandatory parameters are marked with a *):

Encryption Key*

Choose your AES-256 encryption key, base64-encoded from your secrets. It must decode to exactly 32 bytes.

If you need to define a new encryption key, go to your Organization settings and click Secrets. Learn more in this section.

Example

Suppose you want to decrypt a series of strings encrypted with the AES-256-GCM algorithm. To do it:

In your Pipeline, open the required Action configuration and select the input Field.
In the Operation field, choose AES-256-GCM Decrypt.
Choose your Encryption Key from your list of secrets in Onum.
Give your Output field a name and click Save. You'll get your decrypted strings. For example:

Input data - "c3RhbmRhcmQgbm9uY2UxMjM0NTY3OGNpcGhlcnRleHRleGFtcGxl"

Encryption key - "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"

Output data - "Hello, World!"

These are illustrative placeholder values, do not use this key or input in any real configuration.

PreviousCryptography NextAES-256-GCM encrypt

Last updated 12 days ago

Was this helpful?