All Products
Search

This Product

    Dataphin:Configure the decryption conversion component

    Document Center

    Dataphin:Configure the decryption conversion component

    Last Updated:Jul 11, 2025

    This topic provides guidance on configuring the decryption conversion component to decrypt encrypted upstream data into plaintext for subsequent processing, provided you know the encryption algorithm and key.

    Prerequisites

    You must establish an offline single pipeline. For more information, see Create an integration task through a single pipeline.

    Procedure

    1. Navigate to Development > Data Integration from the top menu bar on the Dataphin home page.

    2. On the integration page, select Project from the top menu bar (Dev-Prod mode requires environment selection).

    3. In the left-side navigation pane, click Batch Pipeline. Then, from the Batch Pipeline list, select the offline pipeline you want to develop to access its configuration page.

    4. To open the Component Library panel, click Component Library in the upper right corner of the page.

    5. Within the Component Library panel's left-side navigation pane, select Conversion. Locate the Decryption component in the list on the right and drag it onto the canvas.

    6. Connect the target input component to the decryption component by clicking and dragging the image icon.

    7. To configure field decryption, click the image icon on the decryption component card, which opens the Field Decryption Configuration dialog box. image

    8. In the Field Decryption Configuration dialog box's Field List, select the field to be decrypted and specify the data field type after decryption. If the field name contains a table name, the table name will also be displayed.

    9. Proceed by clicking Next.

    10. Configure the decryption parameters in the Decryption Configuration step.

      Different decryption algorithms require distinct configurations. Select the appropriate decryption algorithm for your needs and configure accordingly. For descriptions of decryption algorithms, refer to Encryption and decryption algorithm descriptions.

      • Available decryption algorithms include AES, DES, 3DES, SM4, SM2, and RSA.

        Parameter

        Description

        Key

        Choose the appropriate decryption key based on the encryption method and key used by the upstream data. Symmetric encryption employs the same key for both encryption and decryption, whereas asymmetric encryption requires the private key from the key pair for decryption. To register a key, refer to Key Management.

        Advanced Configuration

        Advanced configuration is available for encryption algorithms such as AES, DES, 3DES, SM4, and RSA. This typically involves setting the data output encoding and other parameters. In most cases, the default settings are adequate.

        The advanced configuration options vary depending on the decryption algorithm used. Please consult the actual interface for specifics.

        • Decryption Mode: Select a decryption mode that matches the encryption mode used. Each decryption algorithm has its own set of modes. For detailed descriptions of decryption algorithms, see Encryption and decryption algorithm descriptions.

        • Padding: Three padding methods are supported: NoPadding, PKCS5Padding, and PKCS7Padding. Ensure that the padding method is consistent between encryption and decryption. The available padding modes depend on the encryption algorithm used. Refer to the actual interface for details.

        • Offset: Also known as IV (Initialization Vector), the offset must be a 16-digit number and consistent during both encryption and decryption to ensure the uniqueness of the encrypted output.

        • Encoding Format: Offers Base64 and Hex as output encoding options.

          For a comprehensive overview of the advanced configuration options available for encryption and decryption algorithms, refer to Advanced settings range for encryption and decryption algorithms.

        Specifically, when using the SM4 encryption algorithm with AnalyticDB PostgreSQL as the output target, it is advisable to select the Output Target Is AnalyticDB PostgreSQL configuration option to ensure compatibility with AnalyticDB for PostgreSQL.

      • The FPE Format-Preserving Encryption (FF1) algorithm is also supported.

        Parameter

        Description

        Decryption Range

        When using the FPE Format-Preserving Encryption (FF1) decryption algorithm, you can configure the Decryption Range, which includes options for a Specified Range or All.

        • Specified Range: This defines the start and end positions for decryption, which must align with the encryption configuration to ensure accurate decryption results. You can add up to 10 groups of ranges using either the sliding or direct input methods.

          Important

          Each number, English letter, Chinese character, and symbol is considered 1 position. For instance, in "test ," the 4th position corresponds to the character (t).

          • Sliding Add: Add ranges by clicking or sliding. Slide the range slider horizontally to the desired length, then click OK in the dialog box to add a range. Use the direct input method if the decryption range exceeds 24 characters.

          • Direct Input Method: Manually enter the Start Position, End Position, Range Length, and Encryption Dictionary details. This method also allows for viewing, editing, and deleting the encryption dictionary for added ranges.

            • Start Position: The initial position of the decryption range.

            • Range Length: Accepts only the entry of >=1 as a positive integer and the selection of a hyphen (-). The hyphen (-) denotes from the current start position to the end position.

            • End Position: The final position of the decryption range, which accepts >=1 as a positive integer or the term End Position.

            • Encryption Dictionary: The dictionary used for decryption, with supported options including the following:

              • System Built-in: Comprises Numbers, Uppercase English Letters, Lowercase English Letters, combinations of Numbers + Uppercase English Letters, Numbers + Lowercase English Letters, Numbers + English Letters, and Special Symbols.

              • Custom: In the custom encryption dictionary dialog box, enter encryption characters. Each encryption character must be a single character. Spaces are not supported. Duplicates are not supported (when duplicate characters are entered, the system will automatically remove duplicates). You can enter up to 10,000 encryption characters. You can select spaces, line feeds (\n), carriage returns (\r), or tab characters (\t) as encryption characters. If no characters are selected, when you directly enter characters like \n, the system will detect them as separate \ and n.

            • View Encryption Dictionary: For the System Built-in Encryption dictionary, click image.png to view the encryption characters.

            • Edit Custom Encryption Dictionary: For the Custom Encryption dictionary, click image.png to modify the encryption characters.

            • Delete: To remove a range, click image.png.

        • All: Decrypts all characters within the field.

        Key

        Choose the appropriate decryption key based on the encryption method and key used for the upstream data. Symmetric encryption employs the same key for both encryption and decryption, whereas asymmetric encryption requires the private key from the key pair for decryption. For key registration, see Key Management.

        Exception Compatibility

        In cases where plaintext does not meet the requirements of the encryption and decryption algorithms, or there is a mismatch between encryption and decryption keys, or encoding formats are inconsistent, the plaintext will be processed according to the chosen policy. Options include Return Empty Value or Return Plaintext.

    11. To finalize the configuration, click OK for the Decryption Conversion Component.