DataPower

DataPower

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Expand all | Collapse all

Hybrid encryption decryption using AES and RSA key pairs

  • 1.  Hybrid encryption decryption using AES and RSA key pairs

    Posted Mon August 28, 2023 10:56 AM

    Hi there ,

    We are trying to implement the hybrid cryptography between java script client and DataPower IDG.2018.4.1.8, at high level

    1. The client app to generate a random symmetric key (aes128_cbc) and use that key to encrypt the data (an element in the payload)
    2. The client app to encrypt the symmetric key using a RSA public key (RSA OAEP Padding) corresponding private key is loaded to DataPower
    3. The client app to call the DataPower service with the public key encrypted symmetric key and encrypted data
    4. The DataPower component should first decrypt the symmetric key using the private key
    5. The DataPower component to decrypt the data using the decrypted symmetric key received in previous step (step 4)

    We have tested this , however the decryption of symmetric key (step 4) is failing in DataPower, logging the error "Ephemeral key decryption failed: *Key decryption failed* in logs.

    The AES key is passed as base64 format(converted from array Buffer to base64 from client app)

    We are using DP extension function and the details are below:

    dp:decrypt-key(<EncryptedKey>, <Private Key>, <DecryptionAlgorithm>, <OAEPParameters>, <OAEPDigestAlgorithm>, <MGFAlgorithm>)

    The values that we are providing are mentioned below.

    EncryptedKey :The encrypted symmetric/session key provided by consuming system which we are trying to decrypt(in order to get symmetric key which was encrypted).
    Private Key : Name of the crypto key object configured in DataPower. The value of this parameter is of the form "name:<CryptoKeyObjectName>"
    DecryptionAlgorithm:  http://www.w3.org/2009/xmlenc11#rsa-oaep
    OAEPParameters: Base 64 encoded value of following OAEP parameters "sha256,mgf1sha256,pSpecifiedEmpty"
    OAEPDigestAlgorithm: http://www.w3.org/2001/04/xmlenc#sha256
    MGFAlgorithm: http://www.w3.org/2009/xmlenc11#mgf1sha256

    This decryption is failing in DataPower and we have tried the same decryption using Java and it is working fine, respective Java code is as below

    public static byte[] decrypt(byte[] dataPrivateKey privateKeythrows NoSuchPaddingExceptionNoSuchAlgorithmExceptionInvalidKeyExceptionBadPaddingExceptionIllegalBlockSizeExceptionInvalidAlgorithmParameterException {
        
    Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
        
    OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-256""MGF1"new MGF1ParameterSpec("SHA-256"), PSource.PSpecified.DEFAULT);
        
    cipher.init(Cipher.DECRYPT_MODEprivateKeyoaepParams);
        
    return cipher.doFinal(data);
    }

    Could you help us in this please? Thanks



    ------------------------------
    Rajesh Rajaratnam
    ------------------------------


  • 2.  RE: Hybrid encryption decryption using AES and RSA key pairs

    Posted Mon August 28, 2023 12:06 PM

    I'd have to build out a similar scenario to test this, but, I don't think decrypt-key was meant for decrypting symmetric keys on the box.

    So, the first question I have is:  Is it absolutely necessary to encrypt the symmetric key on the appliance?



    ------------------------------
    Joseph Morgan
    ------------------------------



  • 3.  RE: Hybrid encryption decryption using AES and RSA key pairs

    Posted Mon August 28, 2023 03:58 PM
    Edited by Rajesh Rajaratnam Mon August 28, 2023 04:18 PM

    Thanks a lot Joseph for checking this.

    Yes, We can not have a shared symmetric key with the client as the client doesn't have a secured way to store the keys and it is public facing application. Hence the client has been asked to generate random symmetric key for each request and pass it along with the encrypted data. For this transport we are RSA asymmetric key cryptography.

    We could have rely on the secured connection (https) between client and DataPower for this exchange, however this message further flow to another ESB layer before ultimately submitted to an external provider through another DataPower domain. The channel between DP and ESB is not secured (http).

    We were initially planning to use the RSA public and private key pair between the client and DataPower for the data encryption, however DP is restricting this usage (probably due to a good reason that RSA ideally used for key exchange and signing scenarios)

    Regards



    ------------------------------
    Rajesh Rajaratnam
    ------------------------------



  • 4.  RE: Hybrid encryption decryption using AES and RSA key pairs

    Posted Mon August 28, 2023 05:28 PM

    OK.  So, try decrypt-data  rather than  decrypt-key. 



    ------------------------------
    Joseph Morgan
    ------------------------------



  • 5.  RE: Hybrid encryption decryption using AES and RSA key pairs

    Posted Mon August 28, 2023 06:03 PM
    Edited by Rajesh Rajaratnam Mon August 28, 2023 06:04 PM

    Thanks Joseph, 

    We can't use the decrypt data in this case, as it can accept only symmetric algorithms. We have tried this when the encryption/decryption done using RSA public private key pair as I have mentioned earlier, it was not working for us

    Regards

    Rajesh



    ------------------------------
    Rajesh Rajaratnam
    ------------------------------



  • 6.  RE: Hybrid encryption decryption using AES and RSA key pairs

    Posted Mon August 28, 2023 09:50 PM

    OK. So I think I misunderstood the scenario.  If I understand correctly, you don't have a Secret Key Object, but instead, you have the client sending you the key, encrypted by their public key provided via the message request to DataPower? 

    From what you have described, I'd be focused on the encoding of the key.  Your Java example uses a byte array for the decryption.  What does the key look like in the request?  Base64?



    ------------------------------
    Joseph Morgan
    ------------------------------



  • 7.  RE: Hybrid encryption decryption using AES and RSA key pairs

    Posted Mon August 28, 2023 10:10 PM
    Edited by Rajesh Rajaratnam Mon August 28, 2023 10:14 PM

    Thanks Joseph, Yes you are right, the client is sending the key (encrypted using the pub key) as part of the message and It is base64 encoded

    This is what at high level client is doing :

    generate symmetric key (buffer) -> encrypt using public key (buffer) -> convert buffer to base64 



    ------------------------------
    Rajesh Rajaratnam
    ------------------------------



  • 8.  RE: Hybrid encryption decryption using AES and RSA key pairs

    Posted Tue August 29, 2023 03:59 PM

    So, in my experience, when DataPower just fails decryption, it has something to do with what is being decrypted.  I doubt it is the base64 conversion, and from your description it doesn't seem to be an algorithm mismatch, but I'm wondering what DataPower "sees" after it is turned into binary after converting from base64.  Is the key the right length?  Is it padded correctly if padding is applied?  What encoding is applied before encryption or when converting to base64?

    In your Java example, is "decrypt" being invoked after decoding the client generated message from base64?



    ------------------------------
    Joseph Morgan
    ------------------------------



  • 9.  RE: Hybrid encryption decryption using AES and RSA key pairs

    Posted Tue August 29, 2023 09:49 PM
    Edited by Rajesh Rajaratnam Wed August 30, 2023 12:48 AM

    Thanks Joseph, please find the details as below:

    Is the key the right length?
    Key length is 256 bits and algorithm used to create symmetric key was "aes-cbc".

    Is it padded correctly if padding is applied?
    We used the padding at our end in Datapower based on the java code which was able to decrypt client's encrypted key successfully which is base64 encoded as "c2hhMjU2LG1nZjFzaGEyNTYscFNwZWNpZmllZEVtcHR5".

    What encoding is applied before encryption or when converting to base64?
    In the java code, it decode the encrypted key first i.e. base64 decode and then decrypt it.
    The client apply base64 encoding as "generate symmetric key (buffer) -> encrypt using public key (buffer) -> convert buffer to base64" in their flow. 

    Some additional info:

    Firstly we have implemented both encryption and decryption as a flow in DP(using encrypt/decrypt actions) and it is working. The Encrypt action uses: Public certificate crypto object, XML Web Security, Field Level Encryption, RSA-OAEP,SHA256,Content Encryption using respective crypto map.
    Later we have created a separate flow just for  decryption, which is accepting exactly the same payload which is coming out of the Encrypt action in the flow
    We have tried this flow and it is working fine, then we have tried the client generated request (the original request is in JSON and we are mapping this to the decryption flow input xml format), but it is giving decryption failed generic error
    In DataPower we have tried both action as well as XSLT extension function for decryption, but both are failing.
    As you were suspecting the base64 conversion, we have tried to explcitly decode the encrypted key using dp:decode(), but it was giving “Valid base64 passed to dp:decode resulted in non UTF8: ” error and we have also tried the same using the DataPower generated payload and it is also giving the same error. we have removed this additional step and aftre that DP generated payload is working. so we don't think this explcit decoding is required.

    For your reference: 
    #1
    XSLT code snippet which we are using is below to decrypt encrypted symmetric key provided by client is below:

    ********************XSLTSnippetBegin************************
    <xsl:variable name="vDecryptionAlgorithm" select="' http://www.w3.org/2009/xmlenc11#rsa-oaep'"/>
    <xsl:variable name="vRecipientPrivKey" select="'name:DecryptKey'"/>

    <xsl:variable name="base64DecodedKey" select="dp:decode('FhnrX8A3YwjZDs3L/EaOBXySRSqlLarEUr1BEUyo5SJzq72je6iKkMoMMWRKwy8D96g3QGwIrMVHM8eXPlcOkUNGUehyugKbi6BLEglhWcmN+YAzNbfh/9r1PnT7ZnX/EhQAbAggw1SEIld7YUZsYk7UC4TJd9yG+6wUaJckyAzowN3ZiFnNYVHG3WBzlIz/w6RsfsgC/jMk4gtck6blkRO3wsyfRdagbnR8rSJ6A9aUsIJTD+LBIiDR0Rf33Tbk0bQXb12kiMFNgjNfZI0vRnMbwcVl8X4ABJt/DDDKvosoCeAWZ8ORE3NYpzZoG4GQcrm4Nfe0xEY5GXY4hb0PBg==','base-64')"/> 
     <xsl:variable name="vDecryptedKey">
      <xsl:value-of select="dp:decrypt-key('FhnrX8A3YwjZDs3L/EaOBXySRSqlLarEUr1BEUyo5SJzq72je6iKkMoMMWRKwy8D96g3QGwIrMVHM8eXPlcOkUNGUehyugKbi6BLEglhWcmN+YAzNbfh/9r1PnT7ZnX/EhQAbAggw1SEIld7YUZsYk7UC4TJd9yG+6wUaJckyAzowN3ZiFnNYVHG3WBzlIz/w6RsfsgC/jMk4gtck6blkRO3wsyfRdagbnR8rSJ6A9aUsIJTD+LBIiDR0Rf33Tbk0bQXb12kiMFNgjNfZI0vRnMbwcVl8X4ABJt/DDDKvosoCeAWZ8ORE3NYpzZoG4GQcrm4Nfe0xEY5GXY4hb0PBg==',$vRecipientPrivKey,$vDecryptionAlgorithm,'c2hhMjU2LG1nZjFzaGEyNTYscFNwZWNpZmllZEVtcHR5','http://www.w3.org/2000/09/xmldsig#sha256','http://www.w3.org/2009/xmlenc11#mgf1sha256')"/>
    </xsl:variable>
    ******************** XSLTSnippetEnd************************

    Encrypted symmetric key is below
    ‘FhnrX8A3YwjZDs3L/EaOBXySRSqlLarEUr1BEUyo5SJzq72je6iKkMoMMWRKwy8D96g3QGwIrMVHM8eXPlcOkUNGUehyugKbi6BLEglhWcmN+YAzNbfh/9r1PnT7ZnX/EhQAbAggw1SEIld7YUZsYk7UC4TJd9yG+6wUaJckyAzowN3ZiFnNYVHG3WBzlIz/w6RsfsgC/jMk4gtck6blkRO3wsyfRdagbnR8rSJ6A9aUsIJTD+LBIiDR0Rf33Tbk0bQXb12kiMFNgjNfZI0vRnMbwcVl8X4ABJt/DDDKvosoCeAWZ8ORE3NYpzZoG4GQcrm4Nfe0xEY5GXY4hb0PBg==’

    #2
    XSLT Code snippet which we used to decrypt encrypted symmetric key which was produced using Encrypt action in DataPower is below

    ********************XSLTSnippetBegin************************
    <xsl:variable name="vDecryptionAlgorithm" select="'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'"/>
    <xsl:variable name="vRecipientPrivKey" select="'name:DecryptKey'"/>

      <xsl:variable name="vDecryptedKey">
    <xsl:value-of select="dp:decrypt-key('OXlBGoqid7Jp7zWgw41ecdG0eMop+/qrJt0SJWrihUZDjgYHoTvQmXnTwb0HLBlx1b83Zrg7lfeUK+vEYiGzk1W3NjKlUGsEfVB1rQdzK+eoI88wKKCzHi6VcdC56HtranOciU6ZCUhW6WWqAKUmfq+CFgwxAM2T5F+wc4p1N8cdQ+mmDmCw35y1a5XTHXtMCwVUTKVU+zNou2rPMs6mYGYyG3tY7f/sh6FirTeh6Fr+LRCjiaVgdttj9aYQ/Ug3qhcK2g1jYgjQtp24/hYzskR59lleO+OUVjaG/3Qz5XtU4ViPbvCn+XA4nG8zOUG1tXaMDfwQPZhSmBF16IwAxA==',$vRecipientPrivKey,$vDecryptionAlgorithm,'c2hhMjU2LG1nZjFzaGEyNTYscFNwZWNpZmllZEVtcHR5','http://www.w3.org/2001/04/xmlenc#sha256')"/>
    </xsl:variable>
    ******************** XSLTSnippetEnd************************
    Encrypted Symmetric Key which we have used above dp:decrypt-key() was produced by Encrypt action in policy.

    Decrypted symmetric key as an output of above was “ukRKL+iIzqLcb+Woxn376kJEid+tJ2JiVTdc6O39hbM=”

    Please Note:

    In addition to the above ,we have tried the decrypt-key() extension with 'http://www.w3.org/2009/xmlenc11#rsa-oaep’ algo and other respective parameters to decrypt the key provided by the client but it gives the error “Key decryption failed”. You may notice that the algo used for the client provided payload and DataPower payload are different, for the client provided payload we have changed the parameters according to the Java code which was able to decrypt the key successfully.



    ------------------------------
    Rajesh Rajaratnam
    ------------------------------



  • 10.  RE: Hybrid encryption decryption using AES and RSA key pairs

    Posted Mon September 04, 2023 01:33 AM

    Hi @Joseph Morgan

    We are still working on this and have noticed that decryption is failing in DataPower when the client is performing the RSA-OAEP encryption with SHA-256 OAEP digest and MGF algorithm

    We are using dp:decrypt-key() with the RSA-OAEP key transport identifier and the algorithm for the mask generation function like this:
    dp:decrypt-key(encryptedKey, recipient, http://www.w3.org/2009/xmlenc11#rsa-oaep, OAEPParameters, OAEPDigestAlgorithm, MGFAlgorithm)

    Tested it further by encrypting the key (using Java code) and then decrypt the key in DataPower by providing various OAEPDigestAlgorithm and MGFAlgorithm combinations as below: (Note: Each time we have adjusted the encryption so that both encryption and decryption matches)

    #1

    Key transport algorithm = 'http://www.w3.org/2009/xmlenc11#rsa-oaep'
    OAEPDigestAlgorithm='http://www.w3.org/2001/04/xmlenc#sha256' and MGFAlgorithm='http://www.w3.org/2009/xmlenc11#mgf1sha1' This one worked in DataPower

    #2

    Key transport algorithm = 'http://www.w3.org/2009/xmlenc11#rsa-oaep'
    OAEPDigestAlgorithm='http://www.w3.org/2000/09/xmldsig#sha1' and MGFAlgorithm='http://www.w3.org/2009/xmlenc11#mgf1sha1' This one worked in DataPower


    Key transport algorithm = 'http://www.w3.org/2009/xmlenc11#rsa-oaep'
    OAEPDigestAlgorithm='http://www.w3.org/2001/04/xmlenc#sha256' and MGFAlgorithm='http://www.w3.org/2009/xmlenc11#mgf1sha256' This one failed in DP

    Even though both dp:decrypt-key() - IBM Documentation , dp:encrypt-key() - IBM Documentation lists the SHA-256 as a valid algorithm for both digest (http://www.w3.org/2001/04/xmlenc#sha256) and MGF(http://www.w3.org/2009/xmlenc11#mgf1sha256); this combination is not working in our tests

    Regards



    ------------------------------
    Rajesh Rajaratnam
    ------------------------------



  • 11.  RE: Hybrid encryption decryption using AES and RSA key pairs

    Posted Wed September 13, 2023 02:00 AM

    Hello Rajesh,

    I am getting "Unknown hashing mechanism: 'http://www.w3.org/20'" in response while using below XSLT in datapower, please guide how to resolve this issue.

    Please find below XSLT.

    <xsl:stylesheet 
        version="1.0"
        xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
        xmlns:dp="http://www.datapower.com/extensions"
        xmlns:dpconfig="http://www.datapower.com/param/config"
        xmlns:apim="http://www.ibm.com/apimanagement"
        xmlns:webapi="http://www.ibm.com/apimanagement"
        xmlns:func="http://exslt.org/functions"
        xmlns:wxsl="http://www.w3.org/1999/XSL/TransformAlias"
        xmlns:exsl="http://exslt.org/common"
        extension-element-prefixes="dp dpconfig exsl apim"
        exclude-result-prefixes="wxsl func dp">

    <xsl:value-of select="dp:encrypt-key($GeneratedKey,$recipient,'http://www.w3.org/2009/xmlenc11#rsa-oaep','http://www.w3.org/2000/09/xmldsig#sha256','http://www.w3.org/2009/xmlenc11#mgf1sha256')"/>



    ------------------------------
    Jyoti Yadav
    ------------------------------



  • 12.  RE: Hybrid encryption decryption using AES and RSA key pairs

    Posted Mon September 18, 2023 07:08 PM

    Hi Jyoti,

    Is that error message complete?

    Are you using the right namespace for hashing and mgf algorithms ?

    OAEPDigestAlgorithmThe optional xs:string for RSA with OAEP encryption that specifies the URI of the OAEP digest algorithm. The firmware supports the following digest algorithms. The default value is http://www.w3.org/2000/09/xmldsig#sha1.

    • http://www.w3.org/2000/09/xmldsig#sha1
    • http://www.w3.org/2001/04/xmlenc#sha256
    • http://www.w3.org/2001/04/xmlenc#sha512
    • http://www.w3.org/2001/04/xmldsig-more#sha224
    • http://www.w3.org/2001/04/xmldsig-more#sha384
    • http://www.w3.org/2001/04/xmlenc#ripemd160
    • http://www.w3.org/2001/04/xmldsig-more#md5

    MGFAlgorithmFor RSA-OAEP with mask generation function, the xs:string that specifies the algorithm for the mask generation function. The default value is http://www.w3.org/2009/xmlenc11#mgf1sha1.

    • http://www.w3.org/2009/xmlenc11#mgf1sha1
    • http://www.w3.org/2009/xmlenc11#mgf1sha224
    • http://www.w3.org/2009/xmlenc11#mgf1sha256
    • http://www.w3.org/2009/xmlenc11#mgf1sha384
    • http://www.w3.org/2009/xmlenc11#mgf1sha512

    Mentioned here :dp:encrypt-key() - IBM Documentation



    ------------------------------
    Rajesh Rajaratnam
    ------------------------------



  • 13.  RE: Hybrid encryption decryption using AES and RSA key pairs

    Posted Tue August 29, 2023 10:32 AM

    Hi @Joseph Morgan and @all

    Since this is an encryption-related thread I am posting my issue.
    the end user is using Java for encryption and signing.
    consider shared key, TOKEN = asdftghg which is 8 bytes and when using aes algorithm it will expect 256bit key.

    below Java code will resolve this issue. if possible try to guide me in writing the equivalent gatewayscript for this.

    java code:

    SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");

    PBEKeySpec spec = new PBEKeySpec(TOKEN.toCharArray(), saltBytes, 65536, 256);
    SecretKey tmp = factory.generateSecret(spec);
    SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

    any response is highly appreciated.
    Thanks in advance!!



    ------------------------------
    Stefen Salvatore
    ------------------------------



  • 14.  RE: Hybrid encryption decryption using AES and RSA key pairs

    Posted Tue August 29, 2023 04:11 PM

    How is the request coming into DataPower?  JSON over REST or XML over something?

    Generally speaking, though, if you want to use GatewayScript, start with the "crypto" module.  I suspect you'll want to verify a signature  (crypto.createVerify() & verify.update()), and then decrypt (crypto.createDecipheriv(), decipher.update(..), & decipher.final()).



    ------------------------------
    Joseph Morgan
    ------------------------------



  • 15.  RE: Hybrid encryption decryption using AES and RSA key pairs

    Posted Wed August 30, 2023 02:03 AM

    Hi Joseph, I assume the above is only relevant to Stefen Salvatore's question, btw in our case we are receiving the payload as JSON in DP , which is further transformed to XML format

    @Stefen Salvatore I would request you to start another question, so that it won't get mix up thnx



    ------------------------------
    Rajesh Rajaratnam
    ------------------------------



  • 16.  RE: Hybrid encryption decryption using AES and RSA key pairs

    Posted Mon September 04, 2023 04:00 PM

    Hi, 

    See you are using IDG.2018.4.1.8, a lot of fixed are added afterwards.

    IDG.2018.4 is end-of-service since 30 Apr 2023 (https://www.ibm.com/support/pages/ibm-datapower-gateway-firmware-support-lifecycle).

    Try to upgrade first to a supported version and  test it again. If still failing, best to create a case. 



    ------------------------------
    Jeroen Willems
    Integration Architect - Managing Partner
    Integration Designers
    ------------------------------



  • 17.  RE: Hybrid encryption decryption using AES and RSA key pairs

    Posted Mon November 20, 2023 10:39 AM

    Hi,

    I am facing a similar issue where I am successfully able to decrypt the key and IV coming from the client. But unable to decrypt the data, it throws Null decryption Result. Any help would be appreciated.

    APIC Version : 10.0.5.4-5472

    Note : Final result of bytes client is encoding/decoding with Base64, to convert it to string.



    ------------------------------
    Divya Kandasamy
    ------------------------------



  • 18.  RE: Hybrid encryption decryption using AES and RSA key pairs

    Posted Tue November 21, 2023 01:37 AM

    Hi Divya,

    Some pointers, may be useful..

    in our case we were not able to make it working by keeping both mgf and digest algorithms as SHA-256, as below;

    #1

    Key transport algorithm = 'http://www.w3.org/2009/xmlenc11#rsa-oaep'
    OAEPDigestAlgorithm='http://www.w3.org/2001/04/xmlenc#sha256' and MGFAlgorithm='http://www.w3.org/2009/xmlenc11#mgf1sha1' This one worked in DataPower

    #2

    Key transport algorithm = 'http://www.w3.org/2009/xmlenc11#rsa-oaep'
    OAEPDigestAlgorithm='http://www.w3.org/2000/09/xmldsig#sha1' and MGFAlgorithm='http://www.w3.org/2009/xmlenc11#mgf1sha1' This one worked in DataPower


    Key transport algorithm = 'http://www.w3.org/2009/xmlenc11#rsa-oaep'
    OAEPDigestAlgorithm='http://www.w3.org/2001/04/xmlenc#sha256' and MGFAlgorithm='http://www.w3.org/2009/xmlenc11#mgf1sha256' This one failed in DP

    Also looking at the sample messages you have provided, i could see non-parsable xml characters and think it would worth carefully check the decoding and base-64 conversions

    Regards



    ------------------------------
    Rajesh Rajaratnam
    ------------------------------



  • 19.  RE: Hybrid encryption decryption using AES and RSA key pairs

    Posted Tue November 21, 2023 07:16 AM

    Hi All,

    The issue is resolved now and wanted to update the group so that it will be useful for others. Client was adding authTag to the encrypted Data at the end once we slice the auth atge and decipher, it started working.

    Key & IV Decryption:

    <!-- Algorithm to decrypt key & IV-->
        <xsl:variable name="keyTransportAlgorithm">
    <xsl:value-of select="'http://www.w3.org/2009/xmlenc11#rsa-oaep'"/>
    </xsl:variable>
    <!-- Digest Algorithm to decrypt key & iv -->
        <xsl:variable name="digestAlgorithm">
           <xsl:value-of select="'http://www.w3.org/2001/04/xmlenc#sha256'"/>
        </xsl:variable>
    <!-- MGF Algorithm to decrypt key & iv -->
        <xsl:variable name="mgfAlgorithm">
           <xsl:value-of select="'http://www.w3.org/2009/xmlenc11#mgf1sha256'"/>   
        </xsl:variable>   
    <!-- Algorithm to decrypt data -->
        <xsl:variable name="algorithm">
           <xsl:value-of select="'http://www.w3.org/2009/xmlenc11#aes256-gcm'"/>   
        </xsl:variable>     
    <!-- Decrypting key from private key -->
    <xsl:variable name="decrypted-key">
    <xsl:value-of select="dp:decrypt-key($encryptedKey,$recipient,$keyTransportAlgorithm,'',$digestAlgorithm,$mgfAlgorithm)"/>
    </xsl:variable>
    <!-- Decrypting iv from private key -->
    <xsl:variable name="decrypted-iv">
    <xsl:value-of select="dp:decrypt-key($encryptedIv,$recipient,$keyTransportAlgorithm,'',$digestAlgorithm,$mgfAlgorithm)"/>
    </xsl:variable>
    Decrypt Data:

    var crypto = require('crypto');
    var algorithm = 'A256GCM';

    //Fetching Decrypted key & iv
    var DecryptedSessionKey = context.get('DecryptedSessionKey');
    var keyBuffer = Buffer.from(DecryptedSessionKey, 'base64');

    var DecryptedIv = context.get('DecryptedIv');
    var ivBuffer = Buffer.from(DecryptedIv, 'base64');

    var decipher = crypto.createDecipheriv(algorithm, keyBuffer, ivBuffer);

    //Fetching encrypted Data
    var encryptedData = context.get('encryptedRequest');
    var encDataBuffer = Buffer.from(encryptedData, 'base64');

    // Auth tag is last 16 digits of the encrypted data
    var authtag = encDataBuffer.slice(encDataBuffer.length-16,  encDataBuffer.length);

    // Data to decrypt after slicing the Auth Tag
    var CipherText = encDataBuffer.slice(0, encDataBuffer.length-16);
    decipher.setAuthTag(authtag);
    decipher.setAutoPadding(false);
    decipher.update(CipherText);
    decipher.final();

    Output:

     { "accountToken""123" }


    ------------------------------
    Divya Kandasamy
    ------------------------------