C++
string decrypt(CK_FUNCTION_LIST_PTR p11, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, string iv_cipher) {
CK_RV rv;
CK_BYTE *plain;
CK_ULONG plain_len;
string iv;
string cipher;
Base64::Decode(iv_cipher.substr(0, iv_cipher.find(':')), &iv);
CK_MECHANISM mechanism = {
CKM_AES_CBC_PAD, (CK_BYTE_PTR) iv.c_str(), iv.length()
};
rv = p11->C_DecryptInit(hSession, &mechanism, hKey);
if (rv == CKR_OK) {
Base64::Decode(iv_cipher.substr(iv_cipher.find(':')+1, iv_cipher.length() - iv_cipher.find(':') + 1), &cipher);
rv = p11->C_Decrypt(hSession, (CK_BYTE_PTR) cipher.c_str(), cipher.length(), NULL, &plain_len);
if (rv == CKR_OK) {
plain = (CK_BYTE *)malloc(plain_len * sizeof(CK_BYTE));
rv = p11->C_Decrypt(hSession, (CK_BYTE_PTR) cipher.c_str(), cipher.length(), plain, &plain_len);
}
}
if (rv != CKR_OK) {
cout << "Decryption failed. Error code = " << rv << endl;
return string();
}
return string((char*)plain, plain_len);
}
C#
public void decrypt() {
EncryptionAndDecryptionApi encryptionAndDecryptionApi = new EncryptionAndDecryptionApi();
DecryptRequest decReq = new DecryptRequest(Alg: ObjectType.AES, Mode: CryptMode.CBC, Cipher: cipher, Iv: encResp.Iv);
DecryptResponse decResp = encryptionAndDecryptionApi.Decrypt(key.Kid, decReq);
}
Go
iv := byte[](<iv bytes>)
keyId := <Key UUID>
decryptReq := sdkms.DecryptRequest{
Cipher: byte[](<cipher in bytes>),
Iv: &iv
Alg: sdkms.AlgorithmAes,
Key: sdkms.SobjectById(keyId),
Mode: sdkms.CryptModeSymmetric(sdkms.CipherModeCbc),
}
decryptResp, err := client.Decrypt(ctx, decryptReq)
decryptResp.Plain //decrypted plain text data
Java
byte[] cipher, iv;
DecryptRequest encryptRequest = new DecryptRequest();
decryptRequest
.alg(ObjectType.AES)
.cipher(cipher)
.mode(CryptMode.CBC)
.iv(iv);
DecryptResponse decryptResponse = encryptionAndDecryptionApi.decrypt(<Key UUID>, decryptRequest);
decryptResponse.plain // decrypted plaintext data
Python
cipher, iv
api_instance = sdkms.v1.EncryptionAndDecryptionApi(api_client=client)
request = sdkms.v1.DecryptRequest(alg=ObjectType.AES, cipher= cipher, iv=iv, mode=CipherMode.CBC)
decryption_response = api_instance.decrypt(<Key UUID>, request)
decryption_response.plain #decrypted plain text data
PHP
public function decrypt() {
$decryptionRequestBody = array('alg' => $objType::AES, 'mode' => $cryptMode::CBC, 'cipher' => $encRes['cipher'], 'iv' => $encRes['iv']);
$decryptionRequest = new Swagger\Client\Model\DecryptRequest($decryptionRequestBody);
$encryptionAndDecryptionApi = new Swagger\Client\Api\EncryptionAndDecryptionApi($client);
$decryptionResponse = $encryptionAndDecryptionApi->decrypt($securityObjectResponse["kid"], $decryptionRequest); }
Javascript
var decryptCallback = function(error, data, response) {
if (error) {
console.error("Error: " + JSON.stringify(response));
} else {
console.log('Cipher decrypted successfully. result: ' + JSON.stringify(data));
}
};
var encryptionAndDecryptionApi = new FortanixSdkmsRestApi.EncryptionAndDecryptionApi()
var decryptRequest = FortanixSdkmsRestApi.DecrypttRequest.constructFromObject({"alg": "AES", "mode": "CBC", "cipher": "cipher"})
encryptionAndDecryptionApi.decrypt(data["kid"], decryptRequest, decryptCallback)
REST API using curl
$ curl <Endpoint URL>/crypto/v1/decrypt -H 'Authorization: Bearer YhXwwa-6C...ig5g' -d '{"key": {"kid": "Key-UUID"}, "alg": "AES", "mode": "CBC", "cipher": "YiBmaHViIGNpdXJlZyB1eXZpZyB2ZQoK", "iv": "Y25lYm4gdmVidmllamJ2ZWlqYgo="}'
{"plain": "SGVsbG8gV29ybGQhCg=="}
$ echo "SGVsbG8gV29ybGQhCg==" | base64 -d
Hello World!