xml.Encryption.RSADecrypt

Decrypts the BASE64 encrypted string enc using the RSA key key and returns it in clear text

Syntax

xml.Encryption.RSADecrypt(
   key STRING,
   enc STRING )
  RETURNING rstr STRING
  1. key is the file name of a RSA private key in PEM format or an entry in the FGLPROFILE file.
  2. enc is a string that was encrypted with the fglpass tool or with the xml.Encryption.RSAEncrypt method.

Usage

RSA decryption is only intended to short strings that cannot exceed the size of the RSA key minus 12 bytes. For instance, if you have a RSA key of 512 bits, you password cannot exceed 512/8-12 = 52 bytes. If you need to handle big strings, you must use symmetric keys and the DecryptString method. However, you can use RSA keys to decrypt symmetric key values.

Important: YOU MUST PAY ATTENTION TO RESTRICT ACCESS TO THAT RSA PRIVATE KEY FILE ONLY TO THE PERSON OR GROUP OF PERSON AUTHORIZED.

If the RSA private key is protected with a password the recommended way is to unprotect it with the openssl tool and to put the key file on a restricted file system. But you can also use a script or the fglpass agent to provide the password to the application.

For example, you can encrypt a database password with the fglpass tool and store it in the FGLPROFILE file, then you can decrypt it with the base.Application.getResourceEntry and the xml.Encryption.RSADecrypt method to connect to the database.

In case of error, the method throws an exception and sets the STATUS variable. Depending on the error, a human-readable description of the problem is available in the SQLCA.SQLERRM register. See Error handling in GWS calls (STATUS).