Data Decryptor Component

The Data Decryptor component decrypts data using a symmetric key negotiated with a Data Encryptor and outputs the decrypted data to the pipeline. To accomplish this, the Encryptor and Decryptor need to have the same symmetric key. This is accomplished using Diffie-Hellman on the Negotiate channel.

If a signal arrives on the Renegotiation Channel, the Diffie-Hellman Key Exchange algorithm is triggered to generate a new encryption key. Once the new shared symmetric key has been negotiated, the Decryptor will store the new key, enabling it to decrypt data sent with this new key.  Once a packet encrypted with the new key arrives, the old key can be discarded. (Note: This key negotiation occurs in the opposite direction of the original negotiation.)

Because key negotiation occurs out of band, the Decryptor component expects to find the ID of the encryption key used to encrypt an incoming RawData in the objects Tags.  This key identifies the key used to encrypt the data.  In most cases, this will be the ID of the most recently negotiated key but may be the preceding key if the key negotiation data has not yet made it back to the Encryptor.  Once a data item encrypted with the new key is received, the old key is discarded.

Data Governance

The output data item of the Decryptor component is registered as being derived from its input data item.

Input Channels

negotiate — Handles the receipt of DHNegotiationObject.

renegotiation— Receipt of a SignalData on this Input Channel triggers a new key negotiation.

default — Takes a RawData, attempts to decrypt it, and outputs the decrypted RawData on the default Output Channel. If a key has not yet been negotiated, data will not be processed.  If the Raw Data is not tagged as Encrypted Data, or if the Key ID is not recognized, an error is reported, and the data is discarded.

Output Channels

negotiate — Sends DHNegotiationObject instances down the pipeline to the matching Encryptor instance. This Output Channel must be connected to the negotiate Input Channel of the paired Encryptor.

default — Outputs a RawData object containing the decrypted data.  The object contains all the tags that were on the input object except for the crypto tags used by this component.

Parameters

keyLength — (int, Default: 128) The size of the encryption key, in bits, to use when encrypting data. This value should match the value specified for the Encryptor.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles