AES Encrypt

Overview

The AES Encrypt step encrypts plaintext using the AES algorithm and writes the encrypted output to the Message Profile execution parameter collection.

The step can generate a new AES key or use an existing key (direct or password-derived). For modes that require an IV (CBC/CFB/CTS), the step can generate an IV or use a fixed IV.

The output is produced as a single encoded value. Depending on configuration, the output may include the IV and/or salt packed before the ciphertext.

Parameters

CIPHER_MODE (Input)

Specifies the AES cipher mode.

Type: String
Direction: In
Default: ECB
Common Values:
- ECB
- CBC
- CFB
- CTS

IV generation is applicable when mode is CBC, CFB, or CTS.

PADDING_MODE (Input)

Specifies the padding mode used for encryption.

Type: String
Direction: In
Default: PKCS7
Common Values:
- PKCS7
- None

KEY_SIZE (Input)

Specifies the AES key size in bits.

Type: Integer
Direction: In
Default: 128
Common Values:
- 128
- 192
- 256

BLOCK_SIZE (Input)

Specifies the AES block size in bits.

Type: Integer
Direction: In
Default: 128
Common Values:
- 128

GENERATE_KEY (Input)

Controls whether the step generates a new AES key.

Type: Boolean
Direction: In
Default: true
Values:
- true (Generate a new key)
- false (Use an existing key)

KEY_PARAM (Input/Output)

Specifies the parameter name used to store or read the key.

Type: String
Direction: InOut
Default: KEY

Behavior:

If GENERATE_KEY = true, the generated key is written to this parameter name.
If GENERATE_KEY = false, the step reads the key value from the parameter collection using this parameter name.

KEY_ENCODING (Input)

Specifies how the key is encoded when stored (generated key) and how it is interpreted (existing key).

Type: String
Direction: In
Default: base64
Supported Values (depending on implementation):
- base64
- hex
- utf8

PASSWORD_BASED_KEY (Input)

Controls whether the provided key is treated as a password and converted into an AES key using key derivation.

Type: Boolean
Direction: In
Default: true
Values:
- true (Derive AES key using salt, iterations, and hash)
- false (Use the provided key bytes directly)

This parameter is used when GENERATE_KEY = false.

ITERATIONS (Input)

Specifies the iteration count used for password-based key derivation.

Type: Integer
Direction: In
Default: 65536

This parameter is used when PASSWORD_BASED_KEY = true.

HASH_ALGORITHM (Input)

Specifies the hash algorithm used for password-based key derivation.

Type: String
Direction: In
Default: SHA256
Common Values:
- SHA256

This parameter is used when PASSWORD_BASED_KEY = true.

SALT (Input)

Specifies a fixed salt value for password-based key derivation.

Type: String
Direction: In
Default: (blank)

If provided, it is decoded using SALT_ENCODING and used for key derivation.

SALT_ENCODING (Input)

Specifies how SALT is decoded.

Type: String
Direction: In
Default: hex
Supported Values (depending on implementation):
- hex
- base64
- utf8

PACK_SALT (Input)

Controls whether the salt bytes are included in the final packed output.

Type: Boolean
Direction: In
Default: true
Values:
- true (Pack salt)
- false (Do not pack salt)

If salt is not used (not password-based or not provided), packing has no effect.

IV (Input)

Specifies a fixed IV value.

Type: String
Direction: In
Default: (blank)

If blank and the selected CIPHER_MODE requires an IV (CBC, CFB, CTS), Connect generates an IV automatically.

IV_ENCODING (Input)

Specifies how IV is decoded.

Type: String
Direction: In
Default: hex
Supported Values (depending on implementation):
- hex
- base64
- utf8

PACK_IV (Input)

Controls whether the IV bytes are included in the final packed output.

Type: Boolean
Direction: In
Default: true
Values:
- true (Pack IV)
- false (Do not pack IV)

PLAIN_TEXT_PARAM (Input)

Specifies the parameter name that contains the plaintext to encrypt.

Type: String
Direction: In
Default: PLAIN_TEXT

The step reads plaintext from the parameter collection using this name.

PLAIN_TEXT_ENCODING (Input)

Specifies how the plaintext string is converted into bytes before encryption.

Type: String
Direction: In
Default: utf8
Supported Values (depending on implementation):
- utf8
- base64
- hex

CIPHER_TEXT_ENCODING (Input)

Specifies how the final packed output is encoded before storing.

Type: String
Direction: In
Default: base64
Supported Values (depending on implementation):
- base64
- hex
- utf8

CIPHER_TEXT_PARAM (Output)

Specifies the parameter name where the encrypted output is stored.

Type: String
Direction: Out
Default: CIPHER_TEXT

Execution Context Behavior

This step:

Reads plaintext from PLAIN_TEXT_PARAM
Generates a key and stores it in KEY_PARAM when GENERATE_KEY = true
Reads a key from KEY_PARAM when GENERATE_KEY = false
Optionally derives an AES key from a password using SALT, ITERATIONS, and HASH_ALGORITHM
Generates an IV when required by cipher mode and IV is not provided
Encrypts the plaintext and writes the encoded output to CIPHER_TEXT_PARAM
Produces the encrypted output as a packed byte sequence:

[IV (optional)] + [SALT (optional)] + [CIPHERTEXT]

Packing is controlled by PACK_IV and PACK_SALT.

Example Configuration

Parameter	Value
CIPHER_MODE	CBC
PADDING_MODE	PKCS7
KEY_SIZE	256
BLOCK_SIZE	128
GENERATE_KEY	true
KEY_ENCODING	base64
PACK_IV	true
IV_ENCODING	hex
PACK_SALT	false
PLAIN_TEXT_PARAM	PLAIN_TEXT
PLAIN_TEXT_ENCODING	utf8
CIPHER_TEXT_PARAM	CIPHER_TEXT
CIPHER_TEXT_ENCODING	base64

Result:

KEY = [generated value]
CIPHER_TEXT = [base64 packed output]

Overview​

Parameters​

CIPHER_MODE (Input)​

PADDING_MODE (Input)​

KEY_SIZE (Input)​

BLOCK_SIZE (Input)​

GENERATE_KEY (Input)​

KEY_PARAM (Input/Output)​

KEY_ENCODING (Input)​

PASSWORD_BASED_KEY (Input)​

ITERATIONS (Input)​

HASH_ALGORITHM (Input)​

SALT (Input)​

SALT_ENCODING (Input)​

PACK_SALT (Input)​

IV (Input)​

IV_ENCODING (Input)​

PACK_IV (Input)​

PLAIN_TEXT_PARAM (Input)​

PLAIN_TEXT_ENCODING (Input)​

CIPHER_TEXT_ENCODING (Input)​

CIPHER_TEXT_PARAM (Output)​

Execution Context Behavior​

Example Configuration​