AES Decrypt

Overview

The AES Decrypt step decrypts AES-encrypted data using the configured cipher settings and writes the decrypted plaintext to the Message Profile execution parameter collection.

The step reads the encryption key from the parameter collection. If a salt is provided, the key is derived using a password-based key derivation process.

For cipher modes that use an IV (CBC, CFB, CTS), the step can either extract the IV from the encrypted payload or use a fixed IV.

Parameters

CIPHER_MODE (Input)

Specifies the AES cipher mode.

Type: String
Direction: In
Default: ECB
Common Values:
- ECB
- CBC
- CFB
- CTS

PADDING_MODE (Input)

Specifies the padding mode used for decryption.

Type: String
Direction: In
Default: PKCS7
Common Values:
- PKCS7
- None

KEY_SIZE (Input)

Specifies the AES key size in bits.

Type: Integer
Direction: In
Default: 128
Common Values:
- 128
- 192
- 256

BLOCK_SIZE (Input)

Specifies the AES block size in bits.

Type: Integer
Direction: In
Default: 128
Common Values:
- 128

KEY_PARAM (Input)

Specifies the parameter name containing the key value.

Type: String
Direction: In
Default: KEY

The step reads the key from the parameter collection using this name.

KEY_ENCODING (Input)

Specifies how the key value is decoded before being used.

Type: String
Direction: In
Default: base64
Supported Values (depending on implementation):
- base64
- hex
- utf8

PASSWORD_BASED_KEY (Input)

Controls whether the key is treated as a password and converted into an AES key using key derivation.

Type: Boolean
Direction: In
Default: true
Values:
- true (Derive AES key using salt, iterations, and hash)
- false (Use the provided key bytes directly)

Note: In the current implementation, if SALT is provided the key is derived; otherwise the key is used directly.

ITERATIONS (Input)

Specifies the iteration count used for password-based key derivation.

Type: Integer
Direction: In
Default: 65536

HASH_ALGORITHM (Input)

Specifies the hash algorithm used for password-based key derivation.

Type: String
Direction: In
Default: SHA256
Common Values:
- SHA256

SALT (Input)

Specifies a fixed salt value used for password-based key derivation.

Type: String
Direction: In
Default: (blank)

If provided, the step derives the AES key using the configured derivation settings.

SALT_ENCODING (Input)

Specifies how SALT is decoded.

Type: String
Direction: In
Default: hex
Supported Values (depending on implementation):
- hex
- base64
- utf8

CIPHER_TEXT_PARAM (Input)

Specifies the parameter name containing the ciphertext input.

Type: String
Direction: In
Default: CIPHER_TEXT

The step reads the encrypted value from the parameter collection using this name.

CIPHER_TEXT_ENCODING (Input)

Specifies how the ciphertext value is decoded into bytes before decryption.

Type: String
Direction: In
Default: base64
Supported Values (depending on implementation):
- base64
- hex
- utf8

IV (Input)

Specifies a fixed IV value.

Type: String
Direction: In
Default: (blank)

If blank and the cipher mode requires an IV, the IV is extracted from the start of the encrypted payload.

IV_ENCODING (Input)

Specifies how IV is decoded when a fixed IV is provided.

Type: String
Direction: In
Default: hex
Supported Values (depending on implementation):
- hex
- base64
- utf8

UNPACK_IV (Input)

Controls whether the IV is expected to be present in the encrypted payload.

Type: Boolean
Direction: In
Default: true

Note: In the current implementation, when IV is blank the step always reads the IV from the start of the payload for IV-based modes. When IV is provided, the payload is treated as ciphertext only.

UNPACK_SALT (Input)

Controls whether salt is expected to be present in the encrypted payload.

Type: Boolean
Direction: In
Default: true

Note: The current implementation does not unpack salt from the encrypted payload. Salt is only taken from the SALT parameter when provided.

PLAIN_TEXT_ENCODING (Input)

Specifies how decrypted bytes are converted into plaintext.

Type: String
Direction: In
Default: utf8
Supported Values (depending on implementation):
- utf8
- base64
- hex

PLAIN_TEXT_PARAM (Output)

Specifies the parameter name where the decrypted plaintext is stored.

Type: String
Direction: Out
Default: PLAIN_TEXT

Execution Context Behavior

This step:

Reads the key from KEY_PARAM
Optionally derives an AES key when SALT is provided
Reads ciphertext from CIPHER_TEXT_PARAM
Uses a fixed IV when IV is provided, otherwise extracts the IV from the start of the payload for IV-based cipher modes
Decrypts the ciphertext and stores the plaintext in PLAIN_TEXT_PARAM

Example Configuration

Parameter	Value
CIPHER_MODE	CBC
PADDING_MODE	PKCS7
KEY_SIZE	256
BLOCK_SIZE	128
KEY_PARAM	KEY
KEY_ENCODING	base64
CIPHER_TEXT_PARAM	CIPHER_TEXT
CIPHER_TEXT_ENCODING	base64
IV
IV_ENCODING	hex
PLAIN_TEXT_PARAM	PLAIN_TEXT
PLAIN_TEXT_ENCODING	utf8

Result:

PLAIN_TEXT = [decrypted value]

Overview​

Parameters​

CIPHER_MODE (Input)​

PADDING_MODE (Input)​

KEY_SIZE (Input)​

BLOCK_SIZE (Input)​

KEY_PARAM (Input)​

KEY_ENCODING (Input)​

PASSWORD_BASED_KEY (Input)​

ITERATIONS (Input)​

HASH_ALGORITHM (Input)​

SALT (Input)​

SALT_ENCODING (Input)​

CIPHER_TEXT_PARAM (Input)​

CIPHER_TEXT_ENCODING (Input)​

IV (Input)​

IV_ENCODING (Input)​

UNPACK_IV (Input)​

UNPACK_SALT (Input)​

PLAIN_TEXT_ENCODING (Input)​

PLAIN_TEXT_PARAM (Output)​

Execution Context Behavior​

Example Configuration​