Passing an encrypted/password2 string to MID Server jar file no longer works

I have a scoped application that that passes data to a MID Server to do some work. To do that work it is necessary to pass a custom password (stored in password2 field) through the ECC queue. The password is contained inside the payload of the ECC output record and must remain encrypted. Up until recently, I have simply been able to do gr.password.toString() and pass that value to the MID Server in my ECC output payload where it is then sent to a GlideEncrypter for decryption and use.  The string form of the password2 value was a base64 value that was quite happy to be passed around as 8bit text, and the Java GlideEncrypter object, from commons-glide.jar, on the MID Server side was happy to decode it for me. 

But now, the password2 field uses KMF and the string form is no longer 8bit base64, looks like maybe UTF8, and it cannot be passed through the payload, causes errors, and even if you can get it to the Java side of the MID Server, the GlideEncrypter has no idea of what to do with it.

As an aside a Masked Value from the Service Catalog works fine, but there does not seem to be such a filed type for a table.

So simple summary: I need to take a two-way encrypted string filed from a table and pass it to a MID Server extension via a JavascriptProbe, keeping the string encrypted until I explicitly decrypt it. I do not want to use any custom/non-SNow functions to reformat the string for transmission.