xml.Encryption.RSADecrypt
Decrypts the BASE64 encrypted string using the RSA key and returns it in clear text
Syntax
xml.Encryption.RSADecrypt(
filename STRING,
str STRING )
RETURNS STRING
- filename defines the file name of a RSA private key in PEM format or an entry in the FGLPROFILE file.
- str defines a string that was
encrypted with the fglpass tool or with the
xml.Encryption.RSAEncrypt
method.
Usage
RSA decryption is only intended for short strings that cannot exceed the size of the RSA key
minus 12 bytes. For instance, if you have a RSA key of 512 bits, your password cannot exceed
512/8-12 = 52 bytes. If you need to handle big strings, you must use symmetric keys and the DecryptString
method. However,
you can use RSA keys to decrypt symmetric key values.
If the RSA private key is protected with a password, the recommended way is to unprotect it with the openssl tool and to put the key file on a restricted file system. But you can also use a script or the fglpass agent to provide the password to the application.
For example, you can encrypt a database password with the fglpass tool and
store it in the FGLPROFILE file, then you can decrypt it with the base.Application.getResourceEntry
and the xml.Encryption.RSADecrypt
method
to connect to the database.
In case of error, the method throws an exception and sets the
STATUS
variable. Depending on the error, a human-readable description of the
problem is available in the SQLCA.SQLERRM
register. See Error handling in GWS calls (STATUS).