How to decrypt a CAMT.053 file
Here we have a pseudo code to decrypt a CAMT.053 file.
Rest API Endpoint (pushUri)
Implement an Rest API endpoint that can receive content-type multipart/form-data. This endpoint will receive two parts and must process the statement file as described below.
- statement(binary encrypted file)
- metadata(json)
Below is sample code for clarification, you decide you to implement this.
API POST /statement/receive
Content-Type:
INPUT:
statement → multipart file (encrypted content)
metadata → metadata json object (encryption details)
PROCESS:
# Step 1: Load RSA private key
privateKey = loadPrivateKey(your_private_key)
# Step 2: Decode Base64 encrypted Key and then Decrypt AES key
decrypteAESKey = unwrapAESKey(metadata.base64EncryptedKey, metadata.keyEncryptionAlgorithm(), privateKey)
# Step 3: Open input stream from uploaded file
encryptedFile = statement.getFile()
# Step 4: Decrypt the incoming stream using metadata + private key
decryptedXmlContent = decrypt(encryptedFile,decrypteAESKey, metadata.base64PayloadNonce, metadata.payloadEncryptionAlgorithm)
# Step 5: Return HTTP 200 OK
RETURN HTTP_RESPONSE(status = 200)
Decrypting AES Key
FUNCTION unwrapAESKey(base64WrappedKey, keyEncryptionAlgorithm, privateKey):
wrappedKeyBytes = BASE64_DECODE(base64WrappedKey)
rsaCipher = INIT_CIPHER(
algorithm = algorithm,
mode = DECRYPT_MODE,
key = privateKey
)
aesKeyBytes = rsaCipher.DECRYPT(wrappedKeyBytes)
RETURN CREATE_AES_SECRET_KEY(aesKeyBytes)
Decrypting Content
FUNCTION decryptFileWithKey(encryptedFile, decryptedAESKey,base64PayloadNonce, payloadEncryptionAlgorithm):
# Step 1: Decode IV (nonce)
iv = BASE64_DECODE(metadata.base64PayloadNonce)
# Step 2: Initialize AES-GCM cipher
cipher = INIT_CIPHER(
algorithm = payloadEncryptionAlgorithm,
mode = DECRYPT_MODE,
key = aesKey,
iv = iv,
tagLength = GCM_TAG_LENGTH_BITS
)
# Step 3: Return stream that decrypts on read
RETURN CREATE_DECRYPTED_FILE(encryptedFile, cipher)
