Flow: Decryption

The decryption node converts the cipher-text into plain text using AWS - Key Management Service (KMS).
Figure below shows the decryption node. The node specific configuration is accessed by double-clicking on the node.

SETTINGS

The key values to be extracted / translated from the input data set and the corresponding output is configured using these settings.

The table below describes the configuration settings.

Field	Description
Decryption method	Specifies the decryption method, which is the AWS - Key management service.
Access key	User identity generated at client-side, enables the client to have their own Access key. This can be done by creating a new Identity and Access Management (IAM) user identity for each client requiring encryption, with permission to manage their own password.
Secret key	It is generated along with the Access key - for each user account a secret key is generated.
AWS Region	User's must set the region to the one where the master key is/was generated.
Ciphertext blob	Ciphertext to be decrypted. The blob includes metadata of type Base64-encoded binary data object. Length Constraints: Minimum length of 1. Maximum length of 6144.
Encryption context	If the following values were specified in the encrypt function, it must be specified here or the decryption operation will fail: key value
Grant tokens	Contains information about who the grant is for and, who can use it. It is a list of grant tokens as name value pairs (maximum of 10). Length Constraints: Minimum length of 1. Maximum length of 8192. Add token: Adds a grant to a key to specify who can use the key and under what conditions.
Store response	Response variables that include the following values that are received in response: Plaintext KeyId x-amzn-RequestId

SESSION DATA

For information on session data, click here.

CUSTOM LOGS

For information on custom logs, click here.

NODE EVENTS

Node events lists all outcomes of this node. You can add custom labels or terminate (end) an event by setting the termination reason.

Configuration Settings.

Exit Events	Description
ondependencytimeout	The system timed out while trying to fulfill the request. The request can be retried.
onsuccess	Input data is successfully decrypted with the value stored in the set parameter.
onerror	The following errors may have occured: DisabledException: The request was rejected because the specified customer master keys (CMK) is not enabled. InvalidCiphertextException: The request was rejected because the specified cipher text has been corrupted or is otherwise invalid. InvalidGrantTokenException: The request was rejected because the specified grant token is not valid. KMSInternalException: The request was rejected because an internal exception occurred. The request can be retried. KMSInvalidStateException: The request was rejected because the state of the specified resource is not valid for this request. NotFoundException: The request was rejected because the specified entity or resource could not be found.
onkeyunavailable	The request was rejected because the specified CMK was not available. The request can be retried.