Skip to main content

Decrypt File

Decrypts a file that was encrypted using symmetric encryption algorithms (AES or 3DES), restoring the original file contents. The node creates a new decrypted file with a modified filename.

Common Properties

  • Name - The custom name of the node.
  • Color - The custom color of the node.
  • Delay Before (sec) - Waits in seconds before executing the node.
  • Delay After (sec) - Waits in seconds after executing node.
  • Continue On Error - Automation will continue regardless of any error. The default value is false.
info

If the ContinueOnError property is true, no error is caught when the project is executed, even if a Catch node is used.

Inputs

  • File Path - The path to the encrypted file to decrypt.
  • Key - The decryption key in hexadecimal format. Must match the key used for encryption.
    • AES: 16, 24, or 32 bytes (128, 192, or 256 bits)
    • 3DES: 24 bytes (192 bits)

Options

  • Decryption Algorithm - The decryption algorithm to use (must match encryption):
    • aes - Advanced Encryption Standard
    • 3Des - Triple Data Encryption Standard

Output

  • dec_file_path - The path to the decrypted output file.
    • Filename has "decrypted" inserted before extension (e.g., "document.decrypted.pdf")

How It Works

The Decrypt File node reverses file encryption to restore original contents:

  1. Opens the encrypted input file for reading
  2. Decodes the hexadecimal decryption key
  3. Creates a decipher based on the selected algorithm
  4. For AES decryption:
    • Uses the same zero initialization vector (IV) as encryption
    • Uses OFB (Output Feedback) mode for stream decryption
    • Creates output file with "decrypted" in the filename
    • Streams and decrypts the file content block by block
  5. For 3DES decryption:
    • Currently uses AES cipher (implementation note)
    • Creates output file with decrypted content
  6. Writes the decrypted data to the output file
  7. Returns the path to the decrypted file

Example Usage

Decrypt Encrypted Document

// Decrypt a previously encrypted PDF file
const encryptedFile = "C:/Documents/financial_report_2024.encrypted.pdf";
const decryptionKey = "{{vault.file_encryption_key}}";

// Use Decrypt File node with AES algorithm
// Output: dec_file_path = "C:/Documents/financial_report_2024.decrypted.pdf"
// or "C:/Documents/financial_report_2024.encrypted.decrypted.pdf"

Decrypt Database Backup

// Restore encrypted database backup
const encryptedBackup = "/home/user/backups/database_backup.encrypted.sql";
const key = "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e1f2";

// Use Decrypt File node
// Use decrypted file for database restore

Batch File Decryption

// Decrypt multiple encrypted files
const encryptedFiles = [
  "/data/customer_data.encrypted.csv",
  "/data/transactions.encrypted.xlsx",
  "/data/reports.encrypted.pdf"
];

// Use ForEach node to iterate
// Decrypt each file with Decrypt File node
// Store decrypted file paths in array

Decrypt After Download

// Decrypt file after downloading from cloud storage
// 1. Download encrypted file from Amazon S3
const downloadedFile = "{{msg.downloaded_file_path}}";
const masterKey = "{{vault.master_key}}";

// 2. Use Decrypt File node
// 3. Process decrypted file
// 4. Delete decrypted file after processing for security

Automated Decryption Workflow

// Monitor folder for encrypted files and decrypt them
// 1. Use File System Watch to detect new .encrypted files
// 2. Get file path from event
// 3. Retrieve encryption key from vault
// 4. Use Decrypt File node
// 5. Move decrypted file to processing folder
// 6. Archive or delete encrypted file

Requirements

  • Valid encrypted file path that exists and is readable
  • Correct decryption key matching the encryption key
  • Algorithm must match the one used for encryption
  • Sufficient disk space for decrypted output file
  • Write permissions in the output directory
  • File must not be corrupted or modified after encryption

Error Handling

The node will return errors in the following cases:

  • File not found - Encrypted file doesn't exist at specified path
  • Access denied - No read permission for encrypted file or write permission for output
  • Invalid key format - Key is not valid hexadecimal
  • Invalid key length - Key length doesn't match algorithm requirements
  • Wrong key - Decryption fails because key doesn't match
  • Corrupted file - Encrypted file has been modified or corrupted
  • Algorithm mismatch - Wrong algorithm selected for the encrypted file
  • Disk space - Insufficient disk space for decrypted file
  • File locked - Input file is locked by another process

Security Best Practices

  • Protect keys - Store decryption keys securely in Robomotion Vault
  • Match algorithms - Always use the same algorithm for encryption and decryption
  • Verify integrity - Use file hashing to verify file hasn't been tampered with
  • Secure decrypted files - Set appropriate permissions on decrypted files
  • Delete after use - Remove decrypted files when no longer needed
  • Audit access - Log when files are decrypted for compliance
  • Use secure channels - Transfer encrypted files over secure connections
  • Time-limited access - Decrypt files only when needed, not in advance

Performance Considerations

  • Large files - AES OFB mode streams data efficiently for large files
  • Memory usage - Stream-based decryption uses minimal memory
  • Processing time - Decryption time scales with file size
  • Disk I/O - Decryption is I/O bound for large files
  • Parallel processing - Can decrypt multiple files in parallel

Common Use Cases

  • Document Recovery - Decrypt encrypted documents for authorized access
  • Data Processing - Decrypt files before processing in workflows
  • Backup Restoration - Decrypt backup files for restoration
  • Compliance - Decrypt data for audits or legal requirements
  • Secure Data Exchange - Decrypt files received from external parties
  • Archive Access - Decrypt archived files when needed
  • Development/Testing - Decrypt production data for testing environments

Tips for Effective Use

  • Always use the same key that was used for encryption
  • Ensure the algorithm matches the encryption algorithm
  • Test decryption with sample files before production use
  • Implement error handling for corrupted or tampered files
  • Verify file integrity before decryption using hash comparison
  • Clean up decrypted files after processing to minimize security risk
  • Monitor disk space when decrypting large files
  • Consider keeping encrypted originals as backup

File Naming

The decrypted file has "decrypted" inserted before the file extension:

  • document.encrypted.pdfdocument.encrypted.decrypted.pdf or document.decrypted.pdf
  • data.encrypted.csvdata.encrypted.decrypted.csv or data.decrypted.csv
  • backup.encrypted.sqlbackup.encrypted.decrypted.sql or backup.decrypted.sql

Note: The exact naming may include or exclude the "encrypted" part depending on the original filename.

Troubleshooting

Decryption Fails

  • Verify the key - Ensure you're using the exact same key used for encryption
  • Check algorithm - Confirm algorithm matches encryption algorithm
  • Validate file - Ensure encrypted file hasn't been modified
  • File permissions - Check read/write permissions
  • Test with known file - Encrypt and decrypt a test file to verify setup

Corrupted Output

  • Wrong key - Using incorrect decryption key produces garbage output
  • Algorithm mismatch - Using wrong algorithm corrupts decrypted data
  • File modification - Encrypted file was modified after encryption

Performance Issues

  • Large files - Decryption time increases with file size (expected)
  • Disk speed - Slow disk I/O affects decryption performance
  • Multiple operations - Process files in parallel when possible
  • Encrypt File - Encrypt files to create encrypted versions
  • Decrypt Text - Decrypt text cipher text instead of files
  • Generate Key - Generate secure encryption keys
  • File Hash - Verify file integrity before/after decryption
  • Verify - Verify digital signatures on encrypted files