Encrypt and decrypt sensitive data in a source

Created by @pavan


This pipeline pattern will encrypt fields passed as JSON docs using a defined transform type (AES), and decrypts and gives back the original message. This pattern is useful for encrypting sensitive messages (credit card info, SSN, patients name, DOB etc).

Configuration

Within the JSON Generator, replace “Enter certificate here” with your own certificate.

Sources: JSON
Targets: JSON
Snaps used: JSON Generator, Encrypt Field, Mapper, Decrypt Field

Downloads

Encrypt & Decrypt Fields.slp (9.1 KB)

@pavan Once encrypted, do I need to pass all the information onward? Is it a security risk to do so?

ENC {
  "transformation":"AES/CBC/PKCS5Padding",
  "iv":"[MYIV]",
  "type":"STRING",
  "ciphertext":"[MYCIPHERTEXT==]",
  "key_params":  {
    "passphrase":  {
      "key_gen_iterations":10000,
      "key_gen_algorithm":"[ALGORITHM]",
      "key_algorithm":"AES",
      "key_salt":"[SALTKEY]",
      "key_size":128
    }
  }
}:ENC

Yes, the information is needed to correctly decrypt the ciphertext.

No, it’s okay to send the IV in the clear and the rest of the information is used to configure the decryption process.

1 Like