AES-GCM Decrypt
AES-GCM Decrypt decrypts data produced by AES-GCM Encrypt.
It expects the ciphertext to be packed in the following format:
IV + SALT + CIPHER_TEXT + TAG
If salt is present, the AES key is derived using PBKDF2.
If salt length is 0, the provided key is used directly.
Parameters
ITERATIONS
Number of PBKDF2 iterations used for key derivation.
Default: 65536
HASH_ALGORITHM
Hash algorithm used for PBKDF2 key derivation.
Default: SHA256
KEY_LENGTH
Length (in bytes) of the derived AES key.
Default: 32
TAG_LENGTH
Length (in bytes) of the GCM authentication tag.
Default: 16
IV_LENGTH
Length (in bytes) of the IV/nonce extracted from the packed payload.
Default: 12
SALT_LENGTH
Length (in bytes) of the salt extracted from the packed payload.
If set to 0, PBKDF2 derivation is skipped and the key is used directly.
Default: 16
KEY_ENCODING
Encoding used to decode the session key.
Supported values:
utf8base64
Default: utf8
PLAIN_TEXT_ENCODING
Encoding used to convert decrypted bytes into a string.
Default: utf8
CIPHER_TEXT_ENCODING
Encoding used to decode the packed ciphertext string into bytes.
Recommended: base64
Default: base64
KEY_PARAM
Parameter name containing the session key.
The key is resolved in the following order:
- Step Parameters
- Message Parameters
Default: SESSION_KEY
CIPHER_TEXT_PARAM
Message parameter name containing the packed encrypted data.
Default: CIPHER_TEXT
PLAIN_TEXT_PARAM
Message parameter name that will receive the decrypted plaintext.
Direction: Out
Default: PLAIN_TEXT
Execution Context Behavior
- Reads the packed ciphertext from
CIPHER_TEXT_PARAM. - Decodes it using
CIPHER_TEXT_ENCODING. - Extracts:
- IV (
IV_LENGTH) - Salt (
SALT_LENGTH) - Cipher bytes
- Tag (
TAG_LENGTH)
- IV (
- Resolves the session key from
KEY_PARAM. - If
SALT_LENGTH > 0, derives AES key using PBKDF2 with:ITERATIONSHASH_ALGORITHMKEY_LENGTH
- If
SALT_LENGTH = 0, uses the decoded key directly. - Decrypts using AES-GCM.
- Converts decrypted bytes using
PLAIN_TEXT_ENCODING. - Writes result to
PLAIN_TEXT_PARAM.
Example Configuration
| Parameter | Value |
|---|---|
| ITERATIONS | 65536 |
| HASH_ALGORITHM | SHA256 |
| KEY_LENGTH | 32 |
| TAG_LENGTH | 16 |
| IV_LENGTH | 12 |
| SALT_LENGTH | 16 |
| KEY_ENCODING | utf8 |
| PLAIN_TEXT_ENCODING | utf8 |
| CIPHER_TEXT_ENCODING | base64 |
| KEY_PARAM | SESSION_KEY |
| CIPHER_TEXT_PARAM | CIPHER_TEXT |
| PLAIN_TEXT_PARAM | PLAIN_TEXT |
Example Result
PLAIN_TEXT = Hello World