Encryption Service

Encryption Service


keySpec password tool encoded key key raw base64 encoded key iv initialization vector for ciphers in feedback mode (encoded with password tool) encoding Sets the character encoding , default is UTF-8


function Description
encrypt(cipher,string,format) Encrypt the string and return the encrypted data in the format (base64,hex,y64)
decrypt(cipher,encryptedString,format) Decrypt the encryptedString by decoding in format (base64,hex,y64) and return the original string
generateHMac(cipher,string,inputformat, outputformat) Encrypt the string with hmac and return the result in the outputformat (base64,hex, y64).
Inputformat : null, base64, hex, y64
hash(hashAlg, message, encodingFormat) Hash (according to the hashAlg=algorithm) the message and return it in the encoding format (base64, hex, y64)
saltedHash(password, salt) Hashes (sha-1) the concatenated password+salt and retuns it base64 encoded
generateSalt(int len) Generates a salt with the specified length
sign([algorithm](http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Signature), data, decodingFormat, encodingFormat) Sign decoded data (using decodingFormat) and encode the signed data
verify([algorithm](http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Signature), data, signature, decodingFormat) Verify the signed data by first decoding it using the decodingFormat. Returns boolean indicating whether the signature matched or not.

Available ciphers can be found for the sun at jdk6 jdk7


var encryptionService = tb.getService("encryption"); // encryption is the name of the service
var pwd_hash_user = encryptionService.hash("SHA-512",workItem.input.credentials.password+salt,"base64");

// Encrypts the signaturebase with HMAC-SHA1 and returns a BASE64 encoded string
var signature = encryptionService.generateHMac( "HmacSHA1", signaturebase, null, "base64");


When using the setKey functionality it's recommended to use the Encryption Service with the singleton flag set to false. If the singleton is set to true, the key is persistent until the next .setKey call or restart of the TrustBuilder Server.

Some cases another key must be used instead of the default one. This key can be set dynamic as an BASE64 encoded string.

encryptionService.setKey(tb.base64Encode("5VRtmBeg9jRJ5mRAsncaGwCGJ2YazTxReQIqbcHqZc",true));   // Encode as string true
var signature = encryptionService.generateHMac( "HmacSHA1", signaturebase, "base64");   // base64 is default


  • base64 ; Base64 encode / decode
  • y64 : (urldecode) + base64 + (urlencode)
  • hex : hex encode / decode
  • none : take the bytes from the string as UTF-8
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.