Integration Server 11.1 | Built-In Services Reference Guide | Security Folder | Summary of Elements in this Folder | pub.security:decrypt
 
pub.security:decrypt
WmPublic. Decrypts the encrypted data and returns plain data as a stream object or byte array or string.
Input Parameters
securityProvider
String Optional. The type of security provider. The valid values are:
*PGP (Pretty Good Privacy)
*JCE-KBE (Java Cryptography Extension-Key Based Encryption)
The default value is PGP.
data
Document The data that you want to decrypt must be in one of the following formats. If multiple input parameters are supplied for data, the service throws an exception stating that only one parameter must be passed.
Key
Description
string
String. Optional. The string that you want to decrypt.
stream
java.io.InputStream. Optional. The stream data that you want to decrypt.
bytes
byte[ ]. Optional. The byte array that you want to decrypt.
file
String. Optional. The absolute or relative path of the file that you want to decrypt. If the file is outside the Integration Server or Microservices Runtime installation directory, provide the absolute path. Otherwise, place the file in your Integration Server or Microservices Runtime working directory.
The About page in Integration Server Administrator and Microservices Runtime Administrator displays the working directory. The watt.server.homeDir server configuration parameter also specifies the working directory.
loadAs
String Optional. The format in which the service returns the output. Set to:
*bytes to return the output as a byte array. This is the default.
*stream to return the output as a stream object.
*string to return the output as a string.
secretKey
Document The secret key to extract the private key required to decrypt the data.
For PGP, provide secretKeyBytes, secretKeyString, or secretKeyRingFile. If you provide secretKeyRingFile, you must also provide secretKeyAlias. Otherwise, the service throws an exception.
For JCE-KBE, provide secretKeyBytes, secretKeyString, or keyStoreAlias. If you provide keyStoreAlias, you must provide keyAlias. Otherwise, the service throws an exception.
Key
Description
secretKeyBytes
byte[ ] Optional. The secret key file in bytes.
Note:
Secret key files have a .asc extension for PGP.
secretKeyString
String Optional. The secret key as a string.
secret​KeyRingFile
String Optional. The absolute or relative path of the secret keyring file. The secret keyring file is a collection of secret keys with a unique key ID. If the file is outside the Integration Server or Microservices Runtime installation directory, provide the absolute path. Otherwise, place the file in your Integration Server or Microservices Runtime working directory. This parameter is applicable only for PGP.
The About page in Integration Server Administrator and Microservices Runtime Administrator displays the working directory. The watt.server.homeDir server configuration parameter also specifies the working directory.
Note:
Secret keyring files have a .skr extension for PGP.
secretKeyAlias
String Optional. The 64 bit (16 characters) key identifier of the secret key.
Note:
This parameter is required only when you use secretKeyRing​File.
secretKey ​Passphrase
String Password required to extract the private key from the secret key. This is the password provided while generating the secret key.
keyStoreAlias
String Optional. Applies only to JCE. The keystore alias that contains the private key used for decryption.
keyAlias
String Optional. Applies only to JCE. The private key alias in the keystore specified by the keyStoreAlias parameter that is used for decryption.
Note:
This parameter is required only when you use keyStoreAlias.
cipher
String Optional. Applies only to JCE. The cipher for decryption. Select one of the following:
*RSA
*RSA/ECB/PKCS1Padding
*RSA/ECB/OAEPWithSHA-1AndMGF1Padding
*RSA/ECB/OAEPWithSHA-256AndMGF1Padding
*RSA/ECB/OAEPWithSHA-512AndMGF1Padding
*RSA/ECB/OAEPPadding
The default value is RSA.
Output Parameters
stream
java.io.OutputStream Conditional. Decrypted data as an output stream. Returned when the loadAs input parameter is set to stream.
bytes
byte[ ] Conditional. Decrypted data as bytes. Returned when the loadAs input parameter is set to bytes.
string
String Conditional. Decrypted data as a string. Returned when the loadAs input parameter is set to string.
status
String Indicates whether the data is successfully decrypted or not. If successful, status is success. Otherwise, status contains failure along with an error message.
Usage Notes
Prerequisites to use the pub.security:decrypt service:
*Generate a public-secret key pair for Integration Server.
*Make sure that the external system that sends the encrypted data has access to Integration Server's public key to encrypt the data.
Decryption works as follows:
1. The external system sends the data encrypted with Integration Server's public key.
2. Integration Server receives the data and passes it to the pub.security:decrypt service.
3. The pub.security:decrypt service uses the private key to decrypt the data.
4. The service returns the decrypted data.
For PGP, consider the following points:
*For PGP, the service supports a data file of size up to 2 GB when the memory allocated to Integration Server is 10 GB or more.
*Authentication keys used in this service must be in the PGP format and generated using the RSA encryption algorithm.
Note:
Authentication keys in the .ecc format are not supported for PGP.
For JCE, the service supports a maximum data size that depends on the key size.