Developer activities

Decrypt File

link

• File - The file to be decrypted, stored as an IResource variable. Select the Plus menu to switch to the Input Path input.
• Algorithm - A drop-down menu which enables you to select the decryption algorithm you want to use. The following options are available: AES GCM, ChaCha20-Poly1305 (Non-FIPS), PGP - Pretty Good Privacy (Non-FIPS), AES (Deprecated), DES (Deprecated), RC2 (Non-FIPS) (Deprecated), Rijndael (Non-FIPS) (Deprecated), and TripleDES (Deprecated). Select PGP to decrypt with a private key instead of a symmetric key. The algorithm must match the one used to encrypt the input.
• Key - The key that you want to use to decrypt the specified file. Used by the symmetric algorithms only. This field supports only strings and String variables. To enter the key as a secure string instead of plain text, select the field's input menu and choose Toggle to Secure input - this uses the Key Secure String property (a SecureString).

Advanced options​

Options​

• Key Encoding - The encoding used to interpret the key specified in the Key property. The dropdown lists all text encodings (code pages) available on the machine, with the most common ones shown first: System default, Unicode (UTF-8) (default), Unicode, Unicode (Big-Endian), Unicode (UTF-32), Unicode (UTF-32 Big-Endian), US-ASCII, and Western European (ISO). Additional regional and legacy code pages follow in the list.
• Output file name and location - The path where you want to save the decrypted file. This field supports only strings and String variables.
  Note:

  Relative folder paths are recommended to account for the different file structure between Windows and Linux machines when executing a project. A relative path follows the format newFolder/newFileName.enc. The activity creates the target folder if it does not already exist.

• Overwrite - If a file already exists, selecting On overwrites it. If the toggle is set to Off, a new file is created. The default value is Off.
• Continue On Error - Specifies if the automation should continue even when the activity throws an error. This field only supports Boolean values (True, False). The default value is False. As a result, if the field is blank and an error is thrown, the execution of the project stops. If the value is set to True, the execution of the project continues regardless of any error.

Symmetric wire format and interoperability​

• Wire Format - The symmetric ciphertext layout to decrypt. Must match the format used at encrypt time. The following options are available:
  • UiPath (Classic) (default) - UiPath's byte-stable layout (salt(8) + IV + ciphertext [+ tag], PBKDF2-HMAC-SHA1 at 10,000 iterations). The IV, when present, is read from the ciphertext stream prefix automatically.
  • UiPath (OWASP 2026) - The Classic layout with a stronger, OWASP-recommended KDF iteration count.
  • Raw (caller-supplied key and IV) - A caller-supplied key, for third-party interoperability. Requires Key Bytes Format to be Hex or Base64.
  • OpenSSL enc (Salted__ + PBKDF2-SHA256) - Decrypts openssl enc-compatible input.
• Key Bytes Format - How the Key string is interpreted. The following options are available: Hex and Base64. Required when Wire Format is Raw (caller-supplied key and IV); otherwise the key is treated as a password.
• KDF Iterations - The PBKDF2 iteration count. Must match the value used at encrypt time, because it is not carried in the wire format. 0 uses the format's OWASP-recommended default. Rejected for UiPath (Classic) and Raw (caller-supplied key and IV).
• AES Key Size - The AES key size, in bits, used to encrypt the input. The following options are available: 128-bit, 192-bit, and 256-bit (default). Applies only when Algorithm is AES and Wire Format is OpenSSL enc (Salted__ + PBKDF2-SHA256). Must match the key size the producer used; it is not stored in the wire format.

PGP​

• Private Key File Path - The path to your PGP private key file. Required when Algorithm is PGP.
• Passphrase - The passphrase that unlocks your private key. To provide it as a secure string instead of plain text, select the field's input menu and switch to the Passphrase (Secure) input (a SecureString).
• Verify Signature - When enabled, verifies the PGP signature of the decrypted data using the public key. This field only supports Boolean values (True, False). The default value is False.
• Public Key File Path - The path to the signer's PGP public key file. Required only when Verify Signature is enabled.

Output​

• Decrypted File - Reference to the decrypted file retrieved by the activity for use in other activities.

Properties panel​

Common​

• Continue On Error - Specifies if the automation should continue even when the activity throws an error. This field only supports Boolean values (True, False). The default value is False. As a result, if the field is blank and an error is thrown, the execution of the project stops. If the value is set to True, the execution of the project continues regardless of any error.
  Note:

  If this activity is included in Try Catch and the value of the Continue On Error property is True, no error is caught when the project is executed.

• DisplayName - The display name of the activity.

Input​

• Algorithm - A drop-down menu which enables you to select the decryption algorithm you want to use. The following options are available: AES (Deprecated), AES GCM, DES (Deprecated), RC2 (Non-FIPS) (Deprecated), Rijndael (Non-FIPS) (Deprecated), and TripleDES.

  Note:

  When using the AES GCM algorithm, the decryption input must be provided in the format of (concatenated bytes): Salt (8bytes) + IV (12 bytes) + encryptedData (variable bytes) + Tag (16 bytes). The activity also uses the following parameters:

  • PBKDF2 iterations count is 10000
  • The generated key is 256-bit (32 bytes)

  Note that the 256-bit generated key is not the same as the Key input option.

• Decrypted Filename - The file name you want to use to save the decrypted file.

• InputPath - The path to the file that you want to decrypt. This field supports only strings and String variables.

• Key - The key that you want to use to decrypt the specified file. This field supports only strings and String variables.

• Key Encoding - The encoding used to interpret the key specified in the Key property. This field supports only Encoding variables.

• Key Secure String - The secure string used to decrypt the input file.

• Output file name and location - The path where you want to save the decrypted file. This field supports only strings and String variables.

• Overwrite - If a file already exists at the path specified in the OutputPath field, selecting this check box overwrites it. If unchecked, a new file is created. By default, this check box is cleared.

Misc​

• Private - If selected, the values of variables and arguments are no longer logged at Verbose level.