$decode
Decrypt or decode data, or verify a message by means of a digital signature.
Decrypt or decode: $decode(
Algorithm,
Source
{,
Key {,
Mode,
InitializationVector} }
)
Verify message with signature:
$decode(
Algorithm,
Source,
Key,
Signature)
Parameters
Argument | Description |
---|---|
Algorithm | Decoding, decryption, or signature verification algorithm; see Supported Algorithms. |
Source | Data to be decoded or decrypted. For signature verification, it is the message to be verified. |
Key | Key used to decrypt the data; required
if Algorithm specifies a block cipher, asymmetric encryption scheme or signature
scheme. The length of the key must be appropriate to the algorithm. For decryption with asymmetric key algorithms, it must be a valid private key for the encryption scheme. For signature verification, it must be a valid public key for the signature scheme. |
Mode | Block cipher mode of operation; required
if Algorithm specifies a block cipher. One of:
|
InitializationVector | A unique data block, such as a time
stamp or random number, used in combination with the Key. Required for all modes
except ECB |
Signature | Digital signature of a message |
The Source,
Key, and InitializationVector parameters can specify a
string, variable, or field. If the data type of a variable or field is Raw, it is evaluated as data
type raw
. Otherwise, it is evaluated as data type string
.
Optional parameters are ignored if they are irrelevant.
Return Values
When $decode is used for
message verification, the returned value a boolean value indicating true (1
) or
false (0
).
Decoding and decryption algorithms return decoded or decrypted data in the Uniface raw data type.
The returned data may contain the null byte
(0x00), so the return value is in the Uniface
raw
data type, which is able to handle this. If you need to get the data in the string data type, then you can convert it from raw to string data
using $encode with the USTRING
algorithm.
If an error occurs, $procerror
contains a negative value that identifies the exact error. Some errors provide more detailed
information in the ADDITIONAL
list item in $procerrorcontext.
Value | Error constant | Meaning |
---|---|---|
-1780
|
UENCERR_NO_ALGORITHM
|
Algorithm not found. |
-1781
|
UENCERR_NO_SOURCE
|
Source not found. |
-1782
|
UENCERR_NO_KEY
|
Key not found. |
-1783
|
UENCERR_NO_IV
|
IV not found. |
-1784
|
UENCERR_INVALID_ALGORITHM
|
Invalid algorithm name. |
-1785
|
UENCERR_INVALID_MODE
|
Invalid mode name. |
-1786
|
UENCERR_INVALID_KEY_LENGTH
|
Invalid key length. The key must have a specific length that depends on the algorithm. |
-1787
|
UENCERR_INVALID_HEX_FORMAT
|
Source is invalid HEX format. |
-1788
|
UENCERR_INVALID_BASE64_FORMAT
|
Source is invalid BASE64 format. |
-1789
|
UENCERR_INVALID_URL_FORMAT
|
Source is invalid URL format. |
-1791
|
UENCERR_GENERAL
|
Encode/decode general error |
-1792
|
UENCERR_INVALID_SOURCE
|
Invalid source data |
-1793
|
UENCERR_INVALID_KEY
|
Invalid key data |
-1794
|
UENCERR_INVALID_KEY_FORMAT
|
Invalid key format, must be PEM format |
-1795
|
UENCERR_INVALID_PUBLIC_KEY
|
Invalid public key |
-1796
|
UENCERR_INVALID_PRIVATE_KEY
|
Invalid private key |
-1797
|
UENCERR_INVALID_IV
|
Invalid IV data |
-1798
|
UENCERR_NO_SIGNATURE
|
Signature data not found |
-1799
|
UENCERR_INVALID_SIGNATURE
|
Invalid signature data |
Use
Allowed in all component types.
Description
You can use $decode to:
- Decrypt encrypted data, using the same key as was used to encrypt the data.
- Decode data that was encoded using Base64, hexadecimal, or URL encoding schemes.
- Verify a message by means of a digital signature. (You can use $encode to sign a message with a digital signature).
$decode supports a variety of commonly-used encryption and signature algorithms including encoding schemes, block ciphers, RSA encryption and signature schemes, and DSA (Digital Signature Algorithm). For more information, see Supported Cryptography Algorithms.
The Source,
Key, and InitializationVector parameters can specify a
string, variable, or field. If the data type of a variable or field is Raw, it is evaluated as data
type raw
. Otherwise, it is evaluated as data type string
.
To decrypt the data, you need to provide the same Key, Mode and InitializationVector as was used to encrypt the data. Otherwise you get an incorrect result or an error.
Supported Algorithms
The Algorithm parameter specify must be an algorithm listed in one of the following tables, as a string.
Algorithm | Meaning |
---|---|
BASE64
|
Base64 encoding scheme |
HEX
|
Hexadecimal encoding scheme |
URL
|
URL encoding scheme Note: The plus sign |
Algorithm | Meaning |
---|---|
AES
|
Advanced Encryption Standard |
RIJNDAEL
|
Same as AES |
DES
|
Data Encryption Standard |
TDES
|
Triple Data Encryption Algorithm (TDEA) as known as Triple DES |
DES_EDE3
|
Same as TDES |
DES_EDE2
|
Variant of TDES with 16 byte key length |
DESX
|
Variant of DES by XORing extra keys |
DES_XEX3
|
Same as DESX |
BLOWFISH
|
Blowfish |
TWOFISH
|
Twofish |
For more information, see Block Ciphers.
Algorithm | Meaning |
---|---|
RSAES_OAEP_SHA1
|
RSA Encryption Scheme based on Optimal Asymmetric Encryption Padding with SHA-1 hash function |
RSAES_OAEP_SHA224
|
RSA Encryption Scheme based on Optimal Asymmetric Encryption Padding with SHA-224 hash function |
RSAES_OAEP_SHA256
|
RSA Encryption Scheme based on Optimal Asymmetric Encryption Padding with SHA-256 hash function |
RSAES_OAEP_SHA384
|
RSA Encryption Scheme based on Optimal Asymmetric Encryption Padding with SHA-384 hash function |
RSAES_OAEP_SHA512
|
RSA Encryption Scheme based on Optimal Asymmetric Encryption Padding with SHA-512 hash function |
RSAES_PKCS1V15
|
RSA Encryption Scheme based on PKCS #1 v1.5 |
RSASSA_PSS_SHA1
|
RSA Signature Scheme with Appendix based on Probabilistic Signature Scheme with SHA-1 hash function |
RSASSA_PSS_SHA224
|
RSA Signature Scheme with Appendix based on Probabilistic Signature Scheme with SHA-224 hash function |
RSASSA_PSS_SHA256
|
RSA Signature Scheme with Appendix based on Probabilistic Signature Scheme with SHA-256 hash function |
RSASSA_PSS_SHA384
|
RSA Signature Scheme with Appendix based on Probabilistic Signature Scheme with SHA-384 hash function |
RSASSA_PSS_SHA512
|
RSA Signature Scheme with Appendix based on Probabilistic Signature Scheme with SHA-512 hash function |
RSASSA_PKCS1V15_MD2
|
RSA Signature Scheme with Appendix based on PKCS #1 v1.5 with MD2 hash function. This is only for compatibility. |
RSASSA_PKCS1V15_MD5
|
RSA Signature Scheme with Appendix based on PKCS #1 v1.5 with MD5 hash function. This is only for compatibility. |
RSASSA_PKCS1V15_SHA1
|
RSA Signature Scheme with Appendix based on PKCS #1 v1.5 with SHA-1 hash function |
RSASSA_PKCS1V15_SHA224
|
RSA Signature Scheme with Appendix based on PKCS #1 v1.5 with SHA-224 hash function |
RSASSA_PKCS1V15_SHA256
|
RSA Signature Scheme with Appendix based on PKCS #1 v1.5 with SHA-256 hash function |
RSASSA_PKCS1V15_SHA384
|
RSA Signature Scheme with Appendix based on PKCS #1 v1.5 with SHA-384 hash function |
RSASSA_PKCS1V15_SHA512
|
RSA Signature Scheme with Appendix based on PKCS #1 v1.5 with SHA-512 hash function |
For more information, see RSA Asymmetric Key Cryptography.
Algorithm | Meaning |
---|---|
DSA_SHA1
|
Digital Signature Algorithm with SHA-1 hash function |
DSA_SHA224
|
Digital Signature Algorithm with SHA-224 hash function |
DSA_SHA256
|
Digital Signature Algorithm with SHA-256 hash function |
DSA_SHA384
|
Digital Signature Algorithm with SHA-384 hash function |
DSA_SHA512
|
Digital Signature Algorithm with SHA-512 hash function |
For more information, see Digital Signature Algorithm (DSA).
Encrypt and Decrypt String Data
$decode returns raw data, so you can use $encode with the USTRING
algorithm to convert it to a string data type using Uniface internal encoding, UTF-8.
vEnc = $encode("BLOWFISH", "~home", "secret key") ;encrypt the data vRawData = $decode("BLOWFISH", vEnc, "secret key") ;decrypt the data vStrgData = $encode("USTRING", vRawData) ;convert the decrypted data from Raw to String
Version | Change |
---|---|
9.4.01 | Introduced |
9.5.01 E101 | Added support for HMAC SHA224, SHA256, SHA384, SHA512 |
9.5.01 E103 | Added support for asymmetric key cryptography |