AES-GCM Decrypt

AES-GCM Decrypt decrypts data produced by AES-GCM Encrypt.

It expects the ciphertext to be packed in the following format:

IV + SALT + CIPHER_TEXT + TAG

If salt is present, the AES key is derived using PBKDF2.
If salt length is 0, the provided key is used directly.

Parameters

ITERATIONS

Number of PBKDF2 iterations used for key derivation.

Default: 65536

HASH_ALGORITHM

Hash algorithm used for PBKDF2 key derivation.

Default: SHA256

KEY_LENGTH

Length (in bytes) of the derived AES key.

Default: 32

TAG_LENGTH

Length (in bytes) of the GCM authentication tag.

Default: 16

IV_LENGTH

Length (in bytes) of the IV/nonce extracted from the packed payload.

Default: 12

SALT_LENGTH

Length (in bytes) of the salt extracted from the packed payload.

If set to 0, PBKDF2 derivation is skipped and the key is used directly.

Default: 16

KEY_ENCODING

Encoding used to decode the session key.

Supported values:

utf8
base64

Default: utf8

PLAIN_TEXT_ENCODING

Encoding used to convert decrypted bytes into a string.

Default: utf8

CIPHER_TEXT_ENCODING

Encoding used to decode the packed ciphertext string into bytes.

Recommended: base64

Default: base64

KEY_PARAM

Parameter name containing the session key.

The key is resolved in the following order:

Step Parameters
Message Parameters

Default: SESSION_KEY

CIPHER_TEXT_PARAM

Message parameter name containing the packed encrypted data.

Default: CIPHER_TEXT

PLAIN_TEXT_PARAM

Message parameter name that will receive the decrypted plaintext.

Direction: Out
Default: PLAIN_TEXT

Execution Context Behavior

Reads the packed ciphertext from CIPHER_TEXT_PARAM.
Decodes it using CIPHER_TEXT_ENCODING.
Extracts:
- IV (IV_LENGTH)
- Salt (SALT_LENGTH)
- Cipher bytes
- Tag (TAG_LENGTH)
Resolves the session key from KEY_PARAM.
If SALT_LENGTH > 0, derives AES key using PBKDF2 with:
- ITERATIONS
- HASH_ALGORITHM
- KEY_LENGTH
If SALT_LENGTH = 0, uses the decoded key directly.
Decrypts using AES-GCM.
Converts decrypted bytes using PLAIN_TEXT_ENCODING.
Writes result to PLAIN_TEXT_PARAM.

Example Configuration

Parameter	Value
ITERATIONS	65536
HASH_ALGORITHM	SHA256
KEY_LENGTH	32
TAG_LENGTH	16
IV_LENGTH	12
SALT_LENGTH	16
KEY_ENCODING	utf8
PLAIN_TEXT_ENCODING	utf8
CIPHER_TEXT_ENCODING	base64
KEY_PARAM	SESSION_KEY
CIPHER_TEXT_PARAM	CIPHER_TEXT
PLAIN_TEXT_PARAM	PLAIN_TEXT

Example Result

PLAIN_TEXT = Hello World

Parameters​

ITERATIONS​

HASH_ALGORITHM​

KEY_LENGTH​

TAG_LENGTH​

IV_LENGTH​

SALT_LENGTH​

KEY_ENCODING​

PLAIN_TEXT_ENCODING​

CIPHER_TEXT_ENCODING​

KEY_PARAM​

CIPHER_TEXT_PARAM​

PLAIN_TEXT_PARAM​

Execution Context Behavior​

Example Configuration​

Example Result​