How to perform decryption outside of vault


Let say we managed to export the key like below:

“keys”: {

        "1": "+DN274Zjp7BbObix4jJsPT9/3gC/ZHPjbQ8sU7JPHgs="

“type”: “aes256-gcm96”

How can we construct the key outside of vault and decrypt below:

“ciphertext”: “vault:v1:bGJVtzjzo+weHnt+qsqaruANTHi89KvJNbn7HFTd8Q==”

As per documentation, after v1: is a base64 concatenation of the initialization vector (IV) and ciphertext.

I am answering my own question XD, found the answer below done in Java

byte cipherText = Base64.getDecoder().decode(“bGJVtzjzo+weHnt+qsqaruANTHi89KvJNbn7HFTd8Q==”);
byte iv = Arrays.copyOfRange(cipherText, 0, 12);
byte actual_ciphertext = Arrays.copyOfRange(cipherText, 12, cipherText.length);
byte key = Base64.getDecoder().decode("+DN274Zjp7BbObix4jJsPT9/3gC/ZHPjbQ8sU7JPHgs=");

decryptionKey = new SecretKeySpec(key, “AES”);
cipher = Cipher.getInstance(“AES/GCM/NoPadding”);

cipher.init(Cipher.DECRYPT_MODE, decryptionKey, new GCMParameterSpec(128, iv));