Decrypt Camunda Sealed Object in Scala

Camunda runs on JVM and some variables appear encrypted as javax.crypto.SealedObject.

You can decrypt it, having encryption key, and here is a code in Scala to do that:

import org.bouncycastle.jce.provider.BouncyCastleProvider

import java.util.Base64
import javax.crypto.spec.{PBEKeySpec, PBEParameterSpec}
import javax.crypto.{Cipher, SealedObject, SecretKeyFactory}

val sealedString = "rO0ABX..."

// sealed object
val xBytes = Base64.getDecoder.decode(sealedString)
val xOis = new ObjectInputStream(new ByteArrayInputStream(xBytes))
val xSO = xOis.readObject().asInstanceOf[SealedObject]

Security.addProvider(new BouncyCastleProvider())

val phrase = "secret phrase value".toCharArray
val salt = "salt value".getBytes
val pbeParamSpec = new PBEParameterSpec(salt, 20)
val pbeKeySpec = new PBEKeySpec(phrase)
val keyFactory = SecretKeyFactory.getInstance(xSO.getAlgorithm)
val key = keyFactory.generateSecret(pbeKeySpec)
val cipher = Cipher.getInstance(xSO.getAlgorithm)
cipher.init(Cipher.DECRYPT_MODE, key, pbeParamSpec)

val raw = xSO.getObject(cipher) // <- decrypted string

For this to work you need to reference BouncyCastle in your sbt file:

libraryDependencies += "org.bouncycastle" % "bcprov-jdk16" % "1.46"


To contact me, send an email anytime or leave a comment below.