Encrypt and decrypt of Field

Hello Experts,
i’m trying to encrypt one of the field of csv file using Encrypt Field snap.
i have selected transform type as auto and selected account of Passphrase-based Key type.

As a result of encrypt field snap ,field got encrypted.
in next snap i’m mapping encrypted field(column.ciphertext) and other columns and writing data to file.

In second pipeline reading encrypted file and trying to decrypt using same Passphrase-based Key based account.

but encrypted field is not getting decrypted .

Attaching pipeline for reference .

decFIle_2021_07_28.slp (10.8 KB)
Encrypt file_2021_07_28.slp (10.8 KB)


I think the issue is with the mapping of $Amount.ciphertext to $AmountType (in order to map that, the “Encapsulate output” option of the Encrypt Field snap needs to be unchecked). I built a test pipeline that looks like this:

The JSON Generator has simple JSON like this:
[{"msg":"Hello world!"}]

Similar to your setup I used a Passphrase-based Key account type with a simple passphrase.

Here is the Encrypt Field snap:

Here is the Decrypt Field snap:

After validating the pipeline here is the Encrypt Field output:

        "msg": {
            "transformation": "AES/GCM/NoPadding",
            "iv": "yjvD0qXH0MuwVqKhaDnZbg==",
            "type": "STRING",
            "ciphertext": "6aJAEWHFctinn8pZUPPLsG+E1OsMH49gEy08xQ==",
            "key_params": {
                "passphrase": {
                    "key_gen_iterations": 10000,
                    "key_gen_algorithm": "PBKDF2WithHmacSHA1",
                    "key_algorithm": "AES",
                    "key_salt": "NB8NMQyEqeItdu0tyn8XTga+udA=",
                    "key_size": 128

If there is no Mapper snap between the Encrypt Field and Decrypt Field it works just fine, however, if you add a Mapper after validation you can see the Decrypt Field Snap is expecting more information than just the cipher text (look at the target schema on the right):

HI @rsramkoski ,
Thank you for reply.
So for decypt snap what are the other fields we need to pass?
we are planning to store only ciphertext filed from encrypted snap.


Hello @Ajay_Chawda, you’re welcome. You can view the required fields in the Target Schema section on the right-hand side of the Mapper screenshot.

Hi @rsramkoski
you mean to say this are the mandatory fields and we need to pass all of them to decrypt field snap?
means i need to pass entire msg object as it is to decrypt field snap? just storing ciphertext and passing to decrypt field snap will not work?

@Ajay_Chawda Yes that is correct. All those fields need to be supplied to the Decrypt Field Snap in order to decrypt the field. If some of the values are constant, like “transformation” and “type”, you shouldn’t need to store those but you will need to add them via a Mapper snap in the pipeline that decrypts the field.

Hi @rsramkoski
Thank you for response .

When I tried this I got a string output from the encrypt snap.

Could you post the pipeline?

got it, it was the encapsulate output option!

1 Like

I am using the encrypt decrypt pipeline above which works great, but when I try to pass a value to the decrypt via _data the decrypt fails with

The mapper looks like

The data in the _data field should be good as if I feed this to the decrypt snap via the JSON generator it works fine.

Failure: Invalid base64 value for ciphertext, Reason: Expecting a base64-encoded string, found STRING,

@peter Data type of any pipeline parameter is consider as String, even you keep encoding value it consider as String. So if you want encrypt decrypt data, encrypt it in mapper. It might resolve issue.

OK, how do I do that?


I have tried taking the parameter and encoding it as base64 and decoding it before passing to the decrypt and it still does not work.


Is there any way to pass an encrypted value from a trigger string and decrypt?