Encryption Functions

Allows for the encryption and decryption of text data using symmetric AES encryption. This plug-in uses standard Java cryptography functions to expose expression functions for the encryption and decryption of data using AES.

Functions:

  • encryptvalue(): Encrypt plain text data using an AES encryption key stored in the Secure Credentials Store
  • decryptvalue(): Decrypt encrypted text data using an AES encryption key stored in the Secure Credentials Store

Features:

  • Supports up to 256-bit AES keys when JCE Unlimited Strength Jurisdiction Policy is enabled
  • Backwards compatible with older versions of Java lacking support for >128-bit encryption keys
Anonymous
Parents
  • Hi Jussi - Thanks for building and sharing this! A question, when using this to encrypt, the resulting ciphertext always begins with "AAAAE". Is this meant to be like an indicator that ciphertext has been salted?

  • Hi ,

    Great question. The reason each encrypted value starts with "AAAAE" is that the first item in the underlying byte buffer representing the encrypted value is the length of the initialization vector. (This can be found in the source code in EncryptText.java:151). Since the initialization vector is always 16 bytes long, the first 4 bytes of the array are always [0,0,0,16]. When the byte array is Base64 encoded, this translates to "AAAAE". If you want to, you can run the following Java code to validate:

    import java.nio.ByteBuffer;
    import java.util.Base64;
    
    public class Base64Bytes {
    
         public static void main(String []args){
            ByteBuffer buffer = ByteBuffer.allocate(4);
    		
    		buffer.putInt(16);
    		byte[] byteArray = buffer.array();
    		
    		Base64.Encoder encoder = Base64.getEncoder();
    		String encodedString = encoder.encodeToString(byteArray);
    		
    		System.out.println("# Byte array");
    		
    		for (int i = 0; i < byteArray.length; i++) {
    		    System.out.println(byteArray[i]);
    		}
    		
    		System.out.println(encodedString);
         }
    }


    Regarding salting, using a random initialization vector functionally achieves the same thing as salting, ensuring each encrypted value is unique despite having the same underlying plaintext.

    Hope this clarified your question!

    Best,
    Jussi

Comment
  • Hi ,

    Great question. The reason each encrypted value starts with "AAAAE" is that the first item in the underlying byte buffer representing the encrypted value is the length of the initialization vector. (This can be found in the source code in EncryptText.java:151). Since the initialization vector is always 16 bytes long, the first 4 bytes of the array are always [0,0,0,16]. When the byte array is Base64 encoded, this translates to "AAAAE". If you want to, you can run the following Java code to validate:

    import java.nio.ByteBuffer;
    import java.util.Base64;
    
    public class Base64Bytes {
    
         public static void main(String []args){
            ByteBuffer buffer = ByteBuffer.allocate(4);
    		
    		buffer.putInt(16);
    		byte[] byteArray = buffer.array();
    		
    		Base64.Encoder encoder = Base64.getEncoder();
    		String encodedString = encoder.encodeToString(byteArray);
    		
    		System.out.println("# Byte array");
    		
    		for (int i = 0; i < byteArray.length; i++) {
    		    System.out.println(byteArray[i]);
    		}
    		
    		System.out.println(encodedString);
         }
    }


    Regarding salting, using a random initialization vector functionally achieves the same thing as salting, ensuring each encrypted value is unique despite having the same underlying plaintext.

    Hope this clarified your question!

    Best,
    Jussi

Children