Hi,
Let say we managed to export the key like below:
“keys”: {
"1": "+DN274Zjp7BbObix4jJsPT9/3gC/ZHPjbQ8sU7JPHgs="
}
“type”: “aes256-gcm96”
How can we construct the key outside of vault and decrypt below:
“ciphertext”: “vault:v1:bGJVtzjzo+weHnt+qsqaruANTHi89KvJNbn7HFTd8Q==”
As per documentation, after v1: is a base64 concatenation of the initialization vector (IV) and ciphertext.
I am answering my own question XD, found the answer below done in Java
byte cipherText = Base64.getDecoder().decode(“bGJVtzjzo+weHnt+qsqaruANTHi89KvJNbn7HFTd8Q==”);
byte iv = Arrays.copyOfRange(cipherText, 0, 12);
byte actual_ciphertext = Arrays.copyOfRange(cipherText, 12, cipherText.length);
byte key = Base64.getDecoder().decode(“+DN274Zjp7BbObix4jJsPT9/3gC/ZHPjbQ8sU7JPHgs=”);
decryptionKey = new SecretKeySpec(key, “AES”);
cipher = Cipher.getInstance(“AES/GCM/NoPadding”);
cipher.init(Cipher.DECRYPT_MODE, decryptionKey, new GCMParameterSpec(128, iv));
System.out.println(Base64.getEncoder().encodeToString(cipher.doFinal(actual_ciphertext)));