IDOL Content Component 24.1
The following procedure describes the algorithm to use to decrypt a security info string that is encrypted with an AESkey file.
NOTE: To decrypt a security info string, you need the AESkey file that was used to generate it. OpenText strongly recommends that you secure your AESkey file so that only your IDOL components and authorized administrators can access it.
The IDOLContent component, IDOLCommunity component and DAH need access to the key file.
To decrypt an AESSecurityInfo String
-
Base64 decode the SecurityInfo String.
-
Split the decoded string on the left-most pipe character (
|).The left side is the data length, followed by a colon (:) and a number indicating the encryption type.
The right side is the data.
-
Check that the encryption type is 2 for AES-encrypted data that follows this specification. If the encryption type is missing or has a different value, fail the decryption.
Check that the data length is equal to the length of the data. If this check is not successful, fail the decryption.
-
Select the first 12 bytes of the data. This is the AESinitialization vector (also referred to as the IV or nonce).
Select the final 16 bytes of the data. This is the AES authentication tag.
The remaining data is the encrypted content (ciphertext).
-
Use AES-GCM to decrypt the ciphertext, by using the IV and authentication tag from the decoded data, and the 256-bit key from your AEShexadecimal key string.
The decrypted data has the prefix
AUTN:. If this string is not present, fail the decryption. -
Use zlib to decompress the data after the
AUTN:prefix.
Version 24.1 | Last updated December 2023
Send documentation feedback
To send feedback using your default email client, open an email window.
Otherwise, send your feedback and the information below to MFI-swpdl.idoldocsfeedback@opentext.com.
We appreciate your feedback!
Product:
Topic Title: Decrypt AESSecurityInfo Strings
