xml.Encryption.RSADecrypt

Decrypts the BASE64 encrypted string using the RSA key and returns it in clear text

Syntax

xml.Encryption.RSADecrypt(
   filename STRING,
   str STRING )
  RETURNS STRING
  1. filename defines the file name of a RSA private key in PEM format or an entry in the FGLPROFILE file.
  2. str defines a string that was encrypted with the fglpass tool or with the xml.Encryption.RSAEncrypt method.

Usage

RSA decryption is only intended for short strings that cannot exceed the size of the RSA key minus 12 bytes. For instance, if you have a RSA key of 512 bits, your password cannot exceed 512/8-12 = 52 bytes. If you need to handle big strings, you must use symmetric keys and the DecryptString method. However, you can use RSA keys to decrypt symmetric key values.

Important: You must ensure that access to the RSA private key file is restricted only to the authorized person or group of persons.

If the RSA private key is protected with a password, the recommended way is to unprotect it with the openssl tool and to put the key file on a restricted file system. But you can also use a script or the fglpass agent to provide the password to the application.

For example, you can encrypt a database password with the fglpass tool and store it in the FGLPROFILE file, then you can decrypt it with the base.Application.getResourceEntry and the xml.Encryption.RSADecrypt method to connect to the database.

In case of error, the method throws an exception and sets the STATUS variable. Depending on the error, a human-readable description of the problem is available in the SQLCA.SQLERRM register. See Error handling in GWS calls (STATUS).