Decryption

C++

string decrypt(CK_FUNCTION_LIST_PTR p11, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, string iv_cipher) {
CK_RV rv;
CK_BYTE *plain;
CK_ULONG plain_len;
string iv;
string cipher;

Base64::Decode(iv_cipher.substr(0, iv_cipher.find(':')), &iv);
CK_MECHANISM mechanism = {
CKM_AES_CBC_PAD, (CK_BYTE_PTR) iv.c_str(), iv.length()
};

rv = p11->C_DecryptInit(hSession, &mechanism, hKey);
if (rv == CKR_OK) {
Base64::Decode(iv_cipher.substr(iv_cipher.find(':')+1, iv_cipher.length() - iv_cipher.find(':') + 1), &cipher);
rv = p11->C_Decrypt(hSession, (CK_BYTE_PTR) cipher.c_str(), cipher.length(), NULL, &plain_len);
if (rv == CKR_OK) {
plain = (CK_BYTE *)malloc(plain_len * sizeof(CK_BYTE));
rv = p11->C_Decrypt(hSession, (CK_BYTE_PTR) cipher.c_str(), cipher.length(), plain, &plain_len);
}
}
if (rv != CKR_OK) {
cout << "Decryption failed. Error code = " << rv << endl;
return string();
}
return string((char*)plain, plain_len);
}

C#

public void decrypt() {
    EncryptionAndDecryptionApi encryptionAndDecryptionApi = new EncryptionAndDecryptionApi();
    DecryptRequest decReq = new DecryptRequest(Alg: ObjectType.AES, Mode: CryptMode.CBC, Cipher: cipher, Iv: encResp.Iv);
    DecryptResponse decResp = encryptionAndDecryptionApi.Decrypt(key.Kid, decReq);
}

Go

iv := byte[](<iv bytes>)
keyId := <Key UUID>
decryptReq := sdkms.DecryptRequest{
            Cipher: byte[](<cipher in bytes>),
            Iv: &iv
            Alg: sdkms.AlgorithmAes,
            Key: sdkms.SobjectById(keyId),
            Mode: sdkms.CryptModeSymmetric(sdkms.CipherModeCbc),
}
decryptResp, err := client.Decrypt(ctx, decryptReq)
decryptResp.Plain //decrypted plain text data

Java

byte[] cipher, iv;
DecryptRequest encryptRequest = new DecryptRequest();
decryptRequest
       .alg(ObjectType.AES)
       .cipher(cipher)
       .mode(CryptMode.CBC)
       .iv(iv);
DecryptResponse decryptResponse = encryptionAndDecryptionApi.decrypt(<Key UUID>, decryptRequest);
decryptResponse.plain // decrypted plaintext data

Python

cipher, iv
api_instance = sdkms.v1.EncryptionAndDecryptionApi(api_client=client)
request = sdkms.v1.DecryptRequest(alg=ObjectType.AES, cipher= cipher, iv=iv, mode=CipherMode.CBC)
decryption_response = api_instance.decrypt(<Key UUID>, request)
decryption_response.plain #decrypted plain text data

PHP

public function decrypt() {
    $decryptionRequestBody = array('alg' => $objType::AES, 'mode' => $cryptMode::CBC, 'cipher' => $encRes['cipher'], 'iv' => $encRes['iv']);
    $decryptionRequest = new Swagger\Client\Model\DecryptRequest($decryptionRequestBody);
    $encryptionAndDecryptionApi = new Swagger\Client\Api\EncryptionAndDecryptionApi($client);
    $decryptionResponse = $encryptionAndDecryptionApi->decrypt($securityObjectResponse["kid"], $decryptionRequest); }

Javascript

var decryptCallback = function(error, data, response) {
    if (error) {
        console.error("Error: " + JSON.stringify(response));
    } else {
        console.log('Cipher decrypted successfully. result: ' + JSON.stringify(data));
    }
};

var encryptionAndDecryptionApi = new FortanixSdkmsRestApi.EncryptionAndDecryptionApi()
var decryptRequest = FortanixSdkmsRestApi.DecrypttRequest.constructFromObject({"alg": "AES", "mode": "CBC", "cipher": "cipher"})
encryptionAndDecryptionApi.decrypt(data["kid"], decryptRequest, decryptCallback)

REST API using curl

$ curl <Endpoint URL>/crypto/v1/decrypt -H 'Authorization: Bearer YhXwwa-6C...ig5g' -d '{"key": {"kid": "Key-UUID"}, "alg": "AES", "mode": "CBC", "cipher": "YiBmaHViIGNpdXJlZyB1eXZpZyB2ZQoK", "iv": "Y25lYm4gdmVidmllamJ2ZWlqYgo="}'
{"plain": "SGVsbG8gV29ybGQhCg=="}

$ echo "SGVsbG8gV29ybGQhCg==" | base64 -d
Hello World!
Was this article helpful?
0 out of 0 found this helpful