search
CouperSevenval TechnologiesDocker ImageGithub

decrypt()

string decrypt(string ciphertext, string private_key [, string passphrase])

The decrypt function decrypts the given Base64-encoded ciphertext using the given private_key (see below). It uses the RSAES-OAEP padding schemearrow-up-right. The optional parameter passphrase is the passphrase for decrypting an encrypted private key (default ""). For an unencrypted private key the passphrase should be omitted or "".

The function returns the decrypted data as a string.

hashtag
Example

<flow>
  <copy out="$encrypted_private_key" in="encrypted_private_key.pem"/>
  <template>
  {
    {{$ciphertext := 'pXdQbl31OMoerOXrEd+nvoaFDv…RQeFScAWCqWCqxTNSKB1lP6C0Hg==' }}
    {{$data := decrypt($ciphertext, $env/PRIVATE_KEY) }}
    {{$data := decrypt($ciphertext, $encrypted_private_key, $env/PASSPHRASE) }}
  }
  </template>
<flow>

hashtag
Private Key Format

Private keys should be supplied in PKCS #8 syntaxarrow-up-right using PEMarrow-up-right encoding:

-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

for an unencrypted key – or for an encrypted (i.e. passphrase-secured) key:

For such PKCS #8 keys the -----BEGIN … and -----END … boundaries are optional. They are required, however, if the private key is stored together with other data, for example the accompanying public key.

PKCS #1arrow-up-right formatted RSA private keys with boundaries (-----BEGIN RSA PRIVATE KEY-----) are also supported.

hashtag
See also

Previousdecrypt-xml()Nextencrypt()

Last updated