In order to back up my encryption keys stored on Vault, I executed the following command :
$vault read transit/keys/orders
I got a text which has something like this within it :
keys map[1:1604988997 2:1604993553 3:1604993556 4:1604993569]
To make sure that these are the actual keys used for encyption and decryption by vault, I picked key n°4 (i.e. 1604993569) and tried to programatically decrypt a text (i.e. Xyg9QD+du7knfUi5HsyrIqXpyjt20+aDEvfXAt8Vgvug1Bxk2Cw356xH9x5p6TQk) previously encrypted with this key using AES256 with GCM96 mode (i.e. vault:v4:Xyg9QD+du7knfUi5HsyrIqXpyjt20+aDEvfXAt8Vgvug1Bxk2Cw356xH9x5p6TQk), but I have got instead an error message saying the following :
- invalid ciphertext: unable to decrypt
Could someone please correct me if I made a mistake in my thought process or did I pick the wrong key string? Thank you.