Help with decrypting a URL from external source using JWS

YenGar
Mega Sage

‎04-02-2024 01:10 PM

Hello all, 

 

I am struggling a bit to accomplish decrypting a URL that is sent through an embedded link in an external site. The URL is encrypted with AES256 algorithm. It is a pure symmetric encryption as there is a shared encryption key. I'm having a hard time setting up the decryption part using a library. I know I can add a library as a script include and call it to decrypt the url but just not sure where to begin. 

 

The thought process is: 

- User clicks button on external site

- User is re-directed to a servicenow catalog item, the URL parameters carries encrypted data from the external site

- servicenow is supposed to use the shared key to decrypt the url parameters and put them in specific fields in the catalog item (note: i can grab parameters through a client script and drop them in the variable fields easily but since it is encrypted, i have to decrypt first and then put them in the specific fields). 

 

Any guidance on where to start is highly appreciated. 

 

Thank you, 

Yen

0 Helpfuls
  • 1,367 Views
11 REPLIES 11

-O-
Kilo Patron
Kilo Patron

‎04-02-2024 03:25 PM

I would try setting up scripted default values, would try to get the URL parameter using GlideTransaction.get().getRequest() and I would try to decrypt the variables using the sn_kmf_ns  API.

 

If you open up module "All Variables" (under application "Service Catalog -> Catalog Variables") in a PDI, you will find similar examples (reading the URL in default values) by searching demo variables where the default values starts with javascript and contains GlideTransaction.

0 Helpfuls

YenGar
Mega Sage
In response to -O-

‎04-03-2024 02:53 PM

Hi O, 

The part I don't understand about sn_kmf_ns API is do I need to create a new Cryptographic module specifically for this symmetric decryption? I tried using the existing ones but I keep getting errors like  the cryptographic module does not exists or that it's not allowed to create a new cryptographic module. I'm very new to KMF 😞

 

Thank you,

Yen

0 Helpfuls

-O-
Kilo Patron
Kilo Patron
In response to YenGar

‎04-03-2024 03:17 PM

Yes, I mean if it is symmetric decryption you do need to have a place where to store the key.

0 Helpfuls

YenGar
Mega Sage
In response to -O-

‎04-04-2024 01:41 PM

Yea, I'm just not clear if the key would be stored in a KMF table or where and how it would be used using the new API sn_kmf_ns

 

Do you have any suggestions for that? 

0 Helpfuls