Developer activities

Encrypt Text

link

• Algorithm - A drop-down menu which enables you to select the encryption algorithm you want to use. The following options are available: AES GCM, ChaCha20-Poly1305 (Non-FIPS), PGP - Pretty Good Privacy (Non-FIPS), AES (Deprecated), DES (Deprecated), RC2 (Non-FIPS) (Deprecated), Rijndael (Non-FIPS) (Deprecated), and TripleDES (Deprecated). AES GCM and ChaCha20-Poly1305 (Non-FIPS) are authenticated (AEAD) algorithms recommended for new workflows. Select PGP to encrypt with a recipient's public key instead of a symmetric key.
• Text - The text that you want to encrypt. This field supports only strings and String variables.
• Key - The key that you want to use to encrypt the specified string. Used by the symmetric algorithms only. This field supports only strings and String variables. To enter the key as a secure string instead of plain text, select the field's input menu and choose Toggle to Secure input - this uses the Key Secure String property (a SecureString).

Advanced options​

Options​

• Key Encoding - The encoding used to interpret the key specified in the Key property. Used by the symmetric algorithms only. The dropdown lists all text encodings (code pages) available on the machine, with the most common ones shown first: System default, Unicode (UTF-8) (default), Unicode, Unicode (Big-Endian), Unicode (UTF-32), Unicode (UTF-32 Big-Endian), US-ASCII, and Western European (ISO). Additional regional and legacy code pages follow in the list.
• Text Encoding - The encoding used to convert the input text to bytes before encryption. Set this to match the encoding expected by the third-party tool that consumes the ciphertext. Independent from Key Encoding - both offer the same full list of text encodings and default to Unicode (UTF-8). Used by the symmetric algorithms only.
• Continue On Error - Specifies if the automation should continue even if the activity throws an error. This field only supports Boolean values (True, False). The default value is False. As a result, if the field is blank and an error is thrown, the execution of the project stops. If the value is set to True, the execution of the project continues regardless of any error.

Symmetric wire format and interoperability​

• Wire Format - The symmetric ciphertext layout. The following options are available:
  • UiPath (Classic) (default) - UiPath's byte-stable layout (salt(8) + IV + ciphertext [+ tag], PBKDF2-HMAC-SHA1 at 10,000 iterations). Produces the same output as previous versions.
  • UiPath (OWASP 2026) - The Classic layout with a stronger, OWASP-recommended KDF iteration count.
  • Raw (caller-supplied key and IV) - A caller-supplied key and IV, for third-party interoperability. Requires Key Bytes Format to be Hex or Base64.
  • OpenSSL enc (Salted__ + PBKDF2-SHA256) - Produces openssl enc-compatible output.
• Key Bytes Format - How the Key string is interpreted. The following options are available: Hex and Base64. Required when Wire Format is Raw (caller-supplied key and IV); otherwise the key is treated as a password.
• IV - The initialization vector, used when Wire Format is Raw (caller-supplied key and IV). Interpreted according to Key Bytes Format. Optional - leave it empty to let the cipher generate one. Rejected for all other formats.
• KDF Iterations - The PBKDF2 iteration count. 0 uses the format's OWASP-recommended default (1,300,000 for UiPath (OWASP 2026), 600,000 for OpenSSL enc). Rejected for UiPath (Classic) and Raw (caller-supplied key and IV).
• AES Key Size - The AES key size, in bits. The following options are available: 128-bit, 192-bit, and 256-bit (default). Applies only when Algorithm is AES and Wire Format is OpenSSL enc (Salted__ + PBKDF2-SHA256). Must match the key size the peer uses. It is not stored in the wire format, so the encrypt and decrypt sides must use matching values.

PGP​

• Public Key File Path - The path to the recipient's PGP public key file. Required when Algorithm is PGP.
• Private Key File Path - The path to your PGP private key file. Required only when Sign Data is enabled.
• Passphrase - The passphrase that unlocks your private key when signing. To provide it as a secure string instead of plain text, select the field's input menu and switch to the Passphrase (Secure) input (a SecureString).
• Sign Data - When enabled, signs the encrypted data using your private key. This field only supports Boolean values (True, False). The default value is False.

Output​

• Encrypted Text - Reference to the encrypted text stored in a String variable for use in other activities.

Properties panel​

Common​

• Continue On Error - Specifies if the automation should continue even if the activity throws an error. This field only supports Boolean values (True, False). The default value is False. As a result, if the field is blank and an error is thrown, the execution of the project stops. If the value is set to True, the execution of the project continues regardless of any error.
  Note:

  If this activity is included in Try Catch and the value of the Continue On Error property is True, no error is caught when the project is executed.

• DisplayName - The display name of the activity.

Input​

• Algorithm - A drop-down menu which enables you to select the encryption algorithm you want to use. The following options are available: AES (Deprecated), AES GCM, DES (Deprecated), RC2 (Non-FIPS) (Deprecated), Rijndael (Non-FIPS) (Deprecated), and TripleDES.

  Note:

  When using the AES GCM algorithm, the decryption input must be provided in the format of (concatenated bytes): Salt (8bytes) + IV (12 bytes) + encryptedData (variable bytes) + Tag (16 bytes). The activity also uses the following parameters:

  • PBKDF2 iterations count is 10000
  • The generated key is 256-bit (32 bytes)

  Note that the 256-bit generated key is not the same as the Key input option.

• Encoding - The encoding used to interpret the input text and the key specified in the Key property. This field supports only Encoding variables. For more info on this variable type, please view the official Microsoft documentation.

• Key - The key that you want to use to encrypt the specified string. This field supports only strings and String variables.

• Key Secure String - The secure string used to encrypt the input string.

• Text - The text that you want to encrypt. This field supports only strings and String variables.

Misc​

• Private - If selected, the values of variables and arguments are no longer logged at Verbose level.

Output​

• Result - The encrypted text, stored in a String variable.