crypto.decrypt_base64
Available inall subroutines.
Symmetric key decryption.
The key and IV must be hex-encoded strings. The ciphertext must be Base64-encoded. The returned plaintext is also Base64-encoded.
This function uses standard Base64 encoding as defined in RFC 4648 Section 4, with the alphabet A-Za-z0-9+/ and = padding. The URL-safe variant (-_ instead of +/) is not supported. On input, padding is optional. On output, padding is always included.
Parameters
| Parameter | Type | Description |
|---|---|---|
cipher | CIPHER | Encryption algorithm: aes128, aes192, or aes256 |
mode | MODE | Block cipher mode: cbc, ctr, gcm, or ccm |
padding | PADDING | Padding scheme: pkcs7 or nopad |
key_hex | STRING | Hex-encoded decryption key |
iv_hex | STRING | Hex-encoded initialization vector or nonce |
ciphertext_base64 | STRING | Base64-encoded data to decrypt |
Supported combinations
| Cipher | Mode | Padding | Key length | IV length | Tag length | Description |
|---|---|---|---|---|---|---|
| aes128 | cbc | pkcs7 | 128 bits | 128 bits | — | AES-128-CBC |
| aes192 | cbc | pkcs7 | 192 bits | 128 bits | — | AES-192-CBC |
| aes256 | cbc | pkcs7 | 256 bits | 128 bits | — | AES-256-CBC |
| aes128 | cbc | nopad | 128 bits | 128 bits | — | AES-128-CBC raw |
| aes192 | cbc | nopad | 192 bits | 128 bits | — | AES-192-CBC raw |
| aes256 | cbc | nopad | 256 bits | 128 bits | — | AES-256-CBC raw |
| aes128 | ctr | nopad | 128 bits | 128 bits | — | AES-128-CTR |
| aes192 | ctr | nopad | 192 bits | 128 bits | — | AES-192-CTR |
| aes256 | ctr | nopad | 256 bits | 128 bits | — | AES-256-CTR |
| aes128 | gcm | nopad | 128 bits | 96 bits | 128 bits | AES-128-GCM |
| aes192 | gcm | nopad | 192 bits | 96 bits | 128 bits | AES-192-GCM |
| aes256 | gcm | nopad | 256 bits | 96 bits | 128 bits | AES-256-GCM |
| aes128 | ccm | nopad | 128 bits | 56 bits | 96 bits | AES-128-CCM |
| aes192 | ccm | nopad | 192 bits | 56 bits | 96 bits | AES-192-CCM |
| aes256 | ccm | nopad | 256 bits | 56 bits | 96 bits | AES-256-CCM |
Basic example
declare local var.key_hex STRING;declare local var.iv_hex STRING;declare local var.ciphertext_base64 STRING;declare local var.plaintext_base64 STRING;
set var.key_hex = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4";set var.iv_hex = "000102030405060708090a0b";set var.ciphertext_base64 = "YATdP+tk7BHUzCaedOtOrgqm9KEpEx10uT25";
set var.plaintext_base64 = crypto.decrypt_base64(aes256, gcm, nopad, var.key_hex, var.iv_hex, var.ciphertext_base64);
if (fastly.error == "EBADDECRYPT") { error 403 "Decryption failed";}For a complete example with secure nonce generation and key derivation, refer to crypto.encrypt_base64.
Authentication tags
For authenticated modes (GCM and CCM), the ciphertext input must include the authentication tag appended to the encrypted data (128 bits for GCM, 96 bits for CCM). This tag is automatically appended by crypto.encrypt_base64 and verified during decryption.
If the authentication tag is invalid or the ciphertext has been tampered with, decryption will fail and fastly.error will be set to EBADDECRYPT.
Decryption modes
AES-GCM and AES-CCM
These authenticated modes verify the integrity of the ciphertext before returning the plaintext. If verification fails, no plaintext is returned and fastly.error is set to EBADDECRYPT. This protects against tampering and ensures the data was encrypted with the correct key.
AES-CTR and AES-CBC
These unauthenticated modes will always produce output if the parameters are valid, even if the key is wrong or the ciphertext has been modified. There is no way to detect tampering or incorrect keys from the decryption result alone. Applications using these modes should implement their own integrity checks.
With AES-CBC and nopad padding, the ciphertext length (after Base64 decoding) must be a multiple of 128 bits (16 bytes). With pkcs7 padding, invalid padding will cause decryption to fail with EBADDECRYPT.
Errors
If the requirements for the given cipher and mode are not met, or if the hex-encoded arguments are not valid hex, then fastly.error will be set to EINVAL. The Base64 decoder is lenient and silently ignores non-Base64 characters rather than rejecting them.
If decryption fails due to authentication tag verification (GCM, CCM) or invalid padding (CBC with pkcs7), then fastly.error will be set to EBADDECRYPT.
Related content
crypto.encrypt_base64- Encrypt to Base64-encoded data.crypto.encrypt_hex- Encrypt with hex encoding.crypto.decrypt_hex- Decrypt hex-encoded data.
