Design

Back Next

rsaDecryption

Asymmetric encryption is a cryptographic method that uses a public-private key pair and optionally a passphrase or password to encrypt and decrypt data. The rsaDecryption function decrypts cipher text using the RSA algorithm with the provided private key and passphrase. You can protect private keys with a passphrase. If you're not using a passphrase, leave the string empty. If your key file isn't password protected, the passphrase is ignored.

You can decrypt data only in a process configured to run on a Secure Agent, and the key file must be available on the selected agent.

You can use the following types of keys for RSA encryption:

GPG keys
. The keys must be in the ASCII format, and the private keys must be protected with a passphrase.

OpenSSL keys
. The keys must be in the PKCS#8 format and be encoded as a PEM file for use in encryption and decryption. You can protect the private keys with a passphrase.

RSA limits the amount of data you can encrypted or decrypted based on the following key size:

With a1024-bit key, you can encrypt up to 128 bytes of data.

With a 2048-bit key, you can encrypt up to 256 bytes of data.

With a 4096-bit key, you can encrypt up to 512 bytes of data.

Syntax

util:rsaDecryption(keyType, key, passPhrase, dataToDecrypt)

The following table describes the arguments for this command:

Argument	Description
keyType	Specifies the type of RSA key used. You can enter one of the following values: GPG OpenSSL
key	The absolute path of the private key file on the selected agent. The Expression Editor accepts the file path of keys as input instead of the keys itself.
dataToDecrypt	The cipher text in the base64-encoded format that you want to decrypt.