Decrypting and Viewing AES-Encrypted PDFs in PeopleSoft

 If you’ve encrypted PDF files using AES-256 outside of PeopleSoft (e.g., via OpenSSL), and now need to decrypt and view them inside PeopleSoft—this PeopleCode-based solution lets you do that securely and efficiently.

This is especially useful when you want to keep files encrypted at rest but still allow authorized users to view them through the PeopleSoft UI, without manual decryption.

---

Encryption Setup Outside PeopleSoft

You encrypt the PDF like this using OpenSSL:

openssl enc -aes-256-ecb -in input.pdf -out output.pdf.aes -nosalt -K <64-char hex key>

To decrypt it manually for testing:

openssl enc -d -aes-256-ecb -in output.pdf.aes -out decrypted.pdf -nosalt -K <64-char hex key>

This assumes:

• AES-256 in ECB mode

• No salt

• PKCS5 padding

• A 32-byte key represented as 64 hex characters

---

The PeopleCode Solution

Here’s the full PeopleCode to decrypt the file, display it using ViewAttachment(), and then clean it up:

/* Decrypt and view AES-encrypted PDF inside PeopleSoft */

Local string &key = "Your32ByteAESKey1234567890123456"; /* Must be 32 chars */
Local string &fileName = "decrypted_a.pdf";
Local string &encryptedPath = "/tmp/secured_file.pdf.aes";
Local string &decryptedPath = "/tmp/" | &fileName;

/* Step 1: Validate key length */
If Len(&key) <> 32 Then
   MessageBox(0, "", 0, 0, "Key must be exactly 32 characters for AES-256");
   Return;
End-If;

/* Step 2: Initialize AES cipher using Java */
Local JavaObject &keyBytes = CreateJavaObject("java.lang.String", &key).getBytes();
Local JavaObject &secretKey = CreateJavaObject("javax.crypto.spec.SecretKeySpec", &keyBytes, "AES");
Local JavaObject &cipher = GetJavaClass("javax.crypto.Cipher").getInstance("AES/ECB/PKCS5Padding");
&cipher.init(GetJavaClass("javax.crypto.Cipher").DECRYPT_MODE, &secretKey);

/* Step 3: Read encrypted file and write decrypted output */
Local JavaObject &fis = CreateJavaObject("java.io.FileInputStream", &encryptedPath);
Local JavaObject &cis = CreateJavaObject("javax.crypto.CipherInputStream", &fis, &cipher);
Local JavaObject &fos = CreateJavaObject("java.io.FileOutputStream", &decryptedPath);
Local JavaObject &buffer = CreateJavaArray("byte[]", 1024);
Local number &len;
&total = 0;

While True
   &len = &cis.read(&buffer);
   If &len = -1 Then
      Break;
   End-If;
   &fos.write(&buffer, 0, &len);
   &total = &total + &len;
End-While;

/* Step 4: Close all streams */
&cis.close();
&fos.close();
&fis.close();

/* Step 5: Show the decrypted file to the user */
&RET = ViewAttachment(URL.TEST, &fileName, &fileName);

/* Step 6: Delete the decrypted file after viewing */
Local string &filePath = "/tmp/" | &fileName;
Local File &f = GetFile(&filePath, "W", "A", %FilePath_Absolute);
If &f.IsOpen Then
   &f.Delete();
End-If;

---

Key Considerations

• The key must be exactly 32 characters long for AES-256.

• The encryption must match the decryption logic: ECB mode, no salt, and PKCS5 padding.

• This script decrypts the file to /tmp, shows it using ViewAttachment(), and then deletes the decrypted file to maintain security.

---