Dear Team,

We have a requirement to decrypt the encrypted API response by using AES-256-CBC to get the actual payload from the API call.

However, we are not able to achieve it through ServiceNow inbuild libraries/APIs.

We tried to decrypt the data by using external JavaScript library files and codes, but ServiceNow does not support those library files and related functions.

For decryption, we must follow below steps:

Decryption Process

• Client/Vendor Reads the encrypted data (in Base64 format) from the Response.
• Decode the Base64 encoded encrypted data to obtain the combined IV and encrypted data.

• Split the combined buffer into the IV buffer (first 16 bytes) and the encrypted data buffer.
• Uses the same decryption key (32 bytes FSO-Client-Secret) that was used for encryption.
• Use the crypto module with the same algorithm (AES-256-CBC), the decryption key (32 byte-Client-Secret), and IV (Extracted from Response Payload) are used during encryption.
• Convert the decrypted data (which is in binary format) into a UTF-8 encoded string.
• Assuming the original message was a JSON object, you can parse the decrypted string.
• At this point, the original Object contains the decrypted JSON message in its original form, and you can use it as needed.

Please help here if anyone has done this decryption in Servicenow.