10-22-2018 02:10 PM
Created by @pavan
This pipeline pattern will encrypt fields passed as JSON docs using a defined transform type (AES), and decrypts and gives back the original message. This pattern is useful for encrypting sensitive messages (credit card info, SSN, patients name, DOB etc).
Within the JSON Generator, replace “Enter certificate here” with your own certificate.
Sources: JSON
Targets: JSON
Snaps used: JSON Generator, Encrypt Field, Mapper, Decrypt Field
Encrypt & Decrypt Fields.slp (9.1 KB)
10-23-2018 03:31 PM
@pavan Once encrypted, do I need to pass all the information onward? Is it a security risk to do so?
ENC {
"transformation":"AES/CBC/PKCS5Padding",
"iv":"[MYIV]",
"type":"STRING",
"ciphertext":"[MYCIPHERTEXT==]",
"key_params": {
"passphrase": {
"key_gen_iterations":10000,
"key_gen_algorithm":"[ALGORITHM]",
"key_algorithm":"AES",
"key_salt":"[SALTKEY]",
"key_size":128
}
}
}:ENC
10-23-2018 03:57 PM
Yes, the information is needed to correctly decrypt the ciphertext.
No, it’s okay to send the IV in the clear and the rest of the information is used to configure the decryption process.
07-14-2019 11:21 PM
@tstack I have a similar scenario. Please read through the steps.
How can we achieve decrypting the field, without giving away these key attributes?
07-15-2019 06:58 AM
These values are not secrets, so I don’t think there should be a problem.
Can I ask what is driving the decision to not use PipeExec?