Encryption Functions

Overview

Allows for the encryption and decryption of text data using symmetric AES encryption. This plug-in uses standard Java cryptography functions to expose expression functions for the encryption and decryption of data using AES.

Key Features & Functionality

Functions:

  • encryptvalue(): Encrypt plain text data using an AES encryption key stored in the Secure Credentials Store
  • decryptvalue(): Decrypt encrypted text data using an AES encryption key stored in the Secure Credentials Store

Features:

  • Supports up to 256-bit AES keys when JCE Unlimited Strength Jurisdiction Policy is enabled
  • Backwards compatible with older versions of Java lacking support for >128-bit encryption keys
Anonymous
  • Thank you so much!!! Your solution was super clear and worked perfectly! You saved my day again!

  • The credential settings in the Admin Console should look like this:

  • Hi ! The error you are seeing appears to be due to the configured "encryptdecryptkey" Third-Party Credential not containing a Field with the key "key"

  • Hi Jussi! Thanks again for your awesome help and communication in the past! This looks nice.

    I am having a small issue - it may be with our environment: "Expression evaluation error at function 'encryptvalue': Invalid attribute name detected in passwords.properties configuration"

    Do you have any insights into what may be causing this?
  • Hello Vinod - Can you please clarify your question? I am not sure whether you are referring to the length of the encryption keys, or the length of the encrypted values.

    The length of the encrypted values is not restricted and depends on the length of the cleartext value that is being encrypted. The length of the encryption keys is not limited per se, but the plugin will only use the first 256 bits (64 characters) of the provided key.

  • Hi Sagar - the plugin will never use the encryption key used by the Appian Encrypted Text Field. If an external system key is not passed, the plugin will try to use the external system key "encryptdecryptkey". In any case, you will have to configure the AES encryption key in the Secure Credentials Store before using the plugin.

  • For security reasons it is not recommended to store or handle encryption keys as plain text. If you wish to implement something like unique keys, I would recommend extending the plugin to query the KMS of your choice and use the key strictly within the plugin. The source code comes with the plugin, so you can extend the plugin fairly easily to meet your exact use case.

  • Hello Jussi, how long encrypted key can be generated? in my case it is key generating more than 300 sometime 400/500. Can this be restricted?

  • Hi Jussi ,

    While trying to use the encryptvalue function without any external system key , getting an error which says 'This plug-in [com.appiansolutionengineering.encryption] is not registered to access secured values for the given external system key [encryptdecryptkey]'

    If i understand correctly , to encrypt a value with the Appian key (which is being used by the a!encryptedTextField) i have to pass this the external system key blank .

    Could you please help to understand if this plugin is correct for this implementation .

  • Hello Jussi!! Can we get any another version of this plugin which will accept AES encryption Key as simple text as input instead of passing external system key which is stored at secured credential store?