Decryption Node

Understand what a Decryption node is and how to configure it

The Decryption node enables you to decrypt an encrypted text or a string into plain text using either:

  • AWS-Key Management Service (AWS-KMS)
  • Webex Connect Decryption

Usage of Decryption node typically follows an encryption node earlier in the flow. Same Decryption method should be used in the Encryption and Decryption nodes. During decrypting a text or a string, you need to specify the same details, which you have configured while encrypting that text or string.

Here is the node image:

203

Decryption Node

Node Configuration

When you double-click the Decryption node, the Decryption screen appears with two tabs: Configuration and Transition Actions. The Configuration tab enables you to configure the decryption settings whereas the Transitions tab provides configuring the node on-enter/on-leave operations.

Using AWS-KMS

To use AWS Key Management Service, you must have an account with AWS. We recommend creating this account in the region you want to have your data in. The details you would need include - Access Key, Secret key, AWS Region, Cyphertext Blob, Encryption Context Key and Value, and Grant Token.

999

Click the image to view it larger

Here is the description for the various config elements:

FieldDescription
Access Key and Secret KeyThese typically are the IAM user access credentials for your AWS KMS account. Copy these values from your AWS account.
AWS RegionThis is the geographic area where your AWS KMS account is hosted. E.g., us-west-2 for AWS US West (Oregon). Refer here for full list.
Cyphertext BlobSpecify the encrypted text or string (or the variable that contains the text/string) that you wish to decrypt.
Encryption Context (Key and Value)These are a set of non-secret key-value pairs. Providing encryption context makes the encryption request bound cryptographically to the cipher-text. The advantage with this is - same encryption context is required to decrypt (or decrypt and re-encrypt) the data.
Grant TokenSpecify the Grant Token, which was created to provide temporary permissions.

Using Webex Connect Decryption

Select Webex Connect Decryption option from the Decryption Method dropdown and provide the following details:

FieldDescription
Text To Be DecryptedEnter the text or the variable that contains the text that you want to decrypt.
Store Decrypted Data InEnter the variable in which you want to store the value of the decrypted text.