Encrypt and Decrypt Actions

FernandoPontes · October 10, 2024, 1:22pm

Hello everyone!
We have sensitive data that is being encrypted within Genesys using Encript Action. We need to decrypt it in a C# application without using the Genesys tool. We have the KMS key together with our Genesys supplier, but we are unable to decrypt the data correctly, as it always displays the ciphertext error.
If anyone has ever experienced this need and has a solution, we would appreciate it if you could share it.
Thank you in advance.

Jason_Mathison · November 5, 2024, 1:46pm

I would suggest asking about this in the architect room as they are the developers for flow encryption.

--Jason

faisyou · December 4, 2024, 7:24am

I need assistance in this as well - I am unable to decrypt the code using AWS SDK - any assistance I can get to get the AWS SDK Code to decyrpt the ciphertext generated by Architect Flow Encrypt Data Action

faisyou · December 4, 2024, 11:40am

Just incase anybody is interested - following is sample code in NodeJS which i managed to test and is working

const {
buildClient,
KmsKeyringNode,
CommitmentPolicy,
} = require('@aws-crypto/client-node');
const AWS = require('aws-sdk'); // Import the AWS SDK for credential configuration

const { encrypt, decrypt } = buildClient(
CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT
)

// Configure AWS SDK credentials and region
AWS.config.update({
region: AWS_REGION,
accessKeyId: AWS_ACCESS_KEY_ID,
secretAccessKey: AWS_SECRET_ACCESS_KEY,
});

// keyId is the ARN of the AWS KMS Key
// base64Ciphertext is the cipher text returned by encrypt data action
async function discoveryDecryptionExample(keyId,base64Ciphertext) {
// Step 1: Create a KMS discovery keyring
const keyring = new KmsKeyringNode({
generatorKeyId:keyId , // This is the key ARN used for decryption
});
// Step 2: Convert base64 Encoded Cipher Text into Buffer
const ciphertext = Buffer.from(base64Ciphertext, 'base64');

try {
  // Step 2: Decrypt the ciphertext
  const { plaintext, messageHeader } = await decrypt(
    keyring,
    ciphertext
  );

  // Step 3: Verify the encryption context
  console.log('Decrypted plaintext:', plaintext.toString('utf-8'));
  console.log('Encryption context:', messageHeader.encryptionContext);

  return {plainText,messageHeader}
} catch (error) {
  console.error('Decryption failed:', error);
}

}

// Call the function
discoveryDecryptionExample(keyId,base64Ciphertext);

system · January 4, 2025, 11:40am

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.