How to perform AES-128-CBC decryption in ServiceNow server-side script
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-25-2026 11:36 PM
How to decrypt an encrypted string from an external system using AES-128-CBC in ServiceNow backend script? Packages.javax.xxx is disabled.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2026 03:34 AM
Hi Jackie,
Good question — this comes up quite a bit due to platform restrictions.
You cannot directly implement AES-128-CBC decryption using javax libraries in server-side scripts because access to Packages.javax.* is blocked in ServiceNow.
What you can do instead
1. Use GlideEncrypter (limited)
ServiceNow provides:
- GlideEncrypter
However:
- It does not support AES-128-CBC with custom keys or IVs
- It’s mainly intended for platform-managed encryption
So it won’t work for this type of requirement.
2. Use MID Server (recommended)
Best practice is to offload the decryption to a MID Server.
Why:
- MID Server supports full Java capabilities
- You can implement AES-128-CBC logic there
Flow:
- Send the encrypted value to MID Server
- Decrypt it using Java
- Return the result to ServiceNow
3. Use an external service
If MID Server is not an option:
- Build a small external service (Node.js / Java / Python)
- Perform the decryption there
- Call it via REST from ServiceNow
4. Handle it upstream
If possible, decrypt the data before it reaches ServiceNow (source system or integration layer).
