dp:decrypt-data()

Decrypts input encrypted data with a specified session key and symmetric cryptographic algorithm.

Namespace declaration

xmlns:dp="http://www.datapower.com/extensions"

Syntax

dp:decrypt-data(algorithm, key, text)

Parameters

algorithm

The xs:string that identifies the symmetric cryptographic algorithm used for decryption. The firmware supports the following values.

http://www.w3.org/2001/04/xmlenc#tripledes-cbc
http://www.w3.org/2001/04/xmlenc#aes128-cbc
http://www.w3.org/2001/04/xmlenc#aes192-cbc
http://www.w3.org/2001/04/xmlenc#aes256-cbc
http://www.w3.org/2009/xmlenc11#aes128-gcm
http://www.w3.org/2009/xmlenc11#aes192-gcm
http://www.w3.org/2009/xmlenc11#aes256-gcm

key

The xs:string that identifies the session key the algorithm uses to decrypt the text. Use one of the following prefixes to specify a shared secret key.

name:key, such as name:alice, that specifies an already configured shared secret key object named alice.
key:base64 specifies a base-64-encoded literal that is the shared secret key. If you enter base64 without the key: prefix, the function uses base64 as the key.
hex:hex specifies a hex-encoded literal that is the shared secret key.

The session key was generated with the decrypt-key() extension function.

text

The xs:string that contains the base-64-encoded data to decrypt.

Guidelines

The dp:decrypt-data function accepts cipher data that is padded with either the PKCS #5 or the XML Encryption padding scheme.

The extension passes all arguments as XPath expressions.

Results

An xs:string that contains a plaintext version of the input text.

Example

…
<xsl:value-of select="dp:decrypt-data($algorithm,$session-key,$CipherData)"
…