Encryption Service

Encryption Service



property name description
key base64 encoded binary key
iv base64 encoded binary iv
encryptedKey password tool encoded key
encryptedIv password tool encoded iv


base64 encoded binary public key


base64 encoded binary public key


base64 encoded binary public key
encoding sets the encoding format (default "UTF-8"


The following ciphers are supported (key length between parentheses)

  • AES/CBC/NoPadding (128)
  • AES/CBC/PKCS5Padding (128)
  • AES/ECB/NoPadding (128)
  • AES/ECB/PKCS5Padding (128)
  • DES/CBC/NoPadding (56)
  • DES/CBC/PKCS5Padding (56)
  • DES/ECB/NoPadding (56)
  • DES/ECB/PKCS5Padding (56)
  • DESede/CBC/NoPadding (168)
  • DESede/CBC/PKCS5Padding (168)
  • DESede/ECB/NoPadding (168)
  • DESede/ECB/PKCS5Padding (168)
  • RSA/ECB/PKCS1Padding (1024, 2048)
  • RSA/ECB/OAEPWithSHA-1AndMGF1Padding (1024, 2048)
  • RSA/ECB/OAEPWithSHA-256AndMGF1Padding (1024, 2048)


function Description
encrypt(cipher,string,format) Encrypt the string and return the encrypted data in the format (base64,hex,y64)
decrypt(cipher,encryptedString,format) Decrypt the encryptedString by decoding in format (base64,hex,y64) and return the original string
generateHMac(cipher,string,inputformat, outputformat) Encrypt the string with hmac and return the result in the outputformat (base64,hex, y64).
Inputformat : null, base64, hex, y64
hash(hashAlg, message, encodingFormat) Hash (according to the hashAlg=algorithm) the message and return it in the encoding format (base64, hex, y64)
saltedHash(password, salt) Hashes (sha-1) the concatenated password+salt and retuns it base64 encoded
generateSalt(int len) Generates a salt with the specified length
sign([algorithm](http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Signature), data, decodingFormat, encodingFormat) Sign decoded data (using decodingFormat) and encode the signed data
verify([algorithm](http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Signature), data, signature, decodingFormat) Verify the signed data by first decoding it using the decodingFormat. Returns boolean indicating whether the signature matched or not.

Available ciphers can be found for the sun at jdk6 jdk7


var encryptionService = tb.getService("encryption"); // encryption is the name of the service
var pwd_hash_user = encryptionService.hash("SHA-512",workItem.input.credentials.password+salt,"base64");

// Encrypts the signaturebase with HMAC-SHA1 and returns a BASE64 encoded string
var signature = encryptionService.generateHMac( "HmacSHA1", signaturebase, null, "base64");


When using the setKey functionality it's recommended to use the Encryption Service with the singleton flag set to false. If the singleton is set to true, the key is persistent until the next .setKey call or restart of the TrustBuilder Server.

Some cases another key must be used instead of the default one. This key can be set dynamic as an BASE64 encoded string.

encryptionService.setKey(tb.base64Encode("5VRtmBeg9jRJ5mRAsncaGwCGJ2YazTxReQIqbcHqZc",true));   // Encode as string true
var signature = encryptionService.generateHMac( "HmacSHA1", signaturebase, "base64");   // base64 is default


  • base64 ; Base64 encode / decode
  • y64 : (urldecode) + base64 + (urlencode)
  • hex : hex encode / decode
  • none : take the bytes from the string as UTF-8
Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.