Overview
Allows for the encryption and decryption of text data using symmetric AES encryption. This plug-in uses standard Java cryptography functions to expose expression functions for the encryption and decryption of data using AES.
Key Features & Functionality
Functions:
Features:
okay, then we have to clarify this with appian. Thank you.
, this plug-in is available for install and use in Appian Cloud. Note that all plug-ins are provided as-is and without explicit troubleshooting support from Appian Technical Support, but it is available to install and use in an Appian Cloud environment just like on premise.
We are moving from "on premise" to "cloud". We are told, that appian doesn't support this plugin in cloud.
Can anybody have suggestions here what the alternatives are?
After naming the External System name exactly as "encryptdecryptkey" it worked.
I had installed the plugin and created a key on "Third party credentials page". while using the rule getting below error on Appian 20.1
load( local!str:"hai",local!EncryptStr: encryptvalue(local!Str),local!EncryptStr)
Expression evaluation error at function 'encryptvalue' [line 4]: This plug-in [com.appiansolutionengineering.encryption] is not registered to access secured values for the given external system key [encryptdecryptkey]. Check the external system’s plug-ins list in the Administration Console.
Hi tanmayar,I am not a .NET developer and have never worked with it so I unfortunately could not point you in the right direction. However, AES256 encryption with initialization vectors is fairly standard, so you should be able to convert the decryptor Java code to .NET using a standard AES library for .NET.Jussi
Hi Jussi,
Thank you so much for your response. We need to use .net to decrypt the value. If you are aware can you suggest .net libraries that are equivalent to the the java libraries used in the plug in.
Especially around the initialization vector.
Hi tanmayar,Just download the JAR from this article and extract it using 7zip or another zip tool. The JAR has a src folder that contains the source code.Jussi
Can you share the logic you used in the Java code for decryptvalue()?
Hi tanmayar,Good question. The short answer is that this is expected and desirable. Encrypted values (ciphertexts) produced by an encryption mechanism should change with each encryption run, even if the key and input plaintext are constant. Otherwise, someone with access to a list of encrypted values that may contain repeated values could tell the number of times a particular plaintext value appears in the data set, even if they weren't necessarily able to tell what the actual value is.A good way to conceptualize why this is not a good idea is encrypting the answer to a sensitive yes/no question. If you have a data set of 5 million users who answered this question, and can find out the answer for one of them, without randomization you can extrapolate that knowledge to decipher all 5 million answers. If you're curious to find out more, this concept is called ciphertext indistinguishability (also sometimes substituted for semantic security), which informally can be described as "an adversary should not be able to acquire any information about the underlying plaintext based on the encrypted value/ciphertext".In the underlying code (which is contained in the plug-in JAR), consistent with CBC best practices this is achieved by using a random initialization vector that is saved as part of the encrypted value output. To successfully use the plug-in to encrypt values sent to an external system, you will need to implement the decryption of the value in the external system using the same logic as used in the Java code for decryptvalue().Hopefully this clarifies your concern, and thanks for your interest in the plug-in.Best,Jussi