The Encryption class / xml.Encryption methods |
Decrypts the BASE64 encrypted string enc using the RSA key key and returns it in clear text
xml.Encryption.RSADecrypt( key STRING, enc STRING ) RETURNING rstr STRING
RSA decryption is only intended to short strings that cannot exceed the size of the RSA key minus 12 bytes. For instance, if you have a RSA key of 512 bits, you password cannot exceed 512/8-12 = 52 bytes. If you need to handle big strings, you must use symmetric keys and the DecryptString method. However, you can use RSA keys to decrypt symmetric key values.
If the RSA private key is protected with a password the recommended way is to unprotect it with the openssl tool and to put the key file on a restricted file system. But you can also use a script or the fglpass agent to provide the password to the application.
For example, you can encrypt a database password with the fglpass tool and store it in the FGLPROFILE file, then you can decrypt it with the base.Application.getResourceEntry and the xml.Encryption.RSADecrypt method to connect to the database.
In case of error, the method throws an exception and sets the STATUS variable. Depending on the error, a human-readable description of the problem is available in the SQLCA.SQLERRM register. See Error handling in GWS calls (STATUS).