How to Encrypt and Decrypt a Value in Salesforce Using Apex Crypto Class

As per the salesforce documentation, the following algorithms are supported. Please read it before use.

The Crypto class provides the following functions to encrypt and decrypt using the AES algorithm:

encrypt()
decrypt()
encryptWithManagedIV()
decryptWithManagedIV()

The following considerations should be noted:

• The AES128, AES192 and AES256 algorithms are supported
• A private key can either be generated externally or via the Crypto.generateAESKey(Integer size) method. The length of the private key must match to the specified algorithm.
• The private key should not be hardcoded in the Apex code. Instead, it should be placed in a protected custom setting.
• The standard AES algorithm is used with a Cipher Mode of Cipher Block Chaining (CBC) and PKCS#5 padding. Ensure that any applications that you interact with use the same parameters.(Note that PKCS#5 and PKCS#7 are compatible.)
• The algorithm requires an initialization vector of 16 bytes (128 bits). Use the encryptWithManagedIV() function to have Salesforce generate the IV for you in the first 16 bytes of the cipher text.Third party systems that receive the cipher should extract the IV from the first 16 bits. If third party systems send the IV in the first 16 bytes of the cipher, then use the decryptWithManagedIV() method to decrypt.
• If you intend to generate your own initialization vector, then use the encrypt() and/or decrypt() methods, in which the IV is sent as a separate argument. Note that the cipher text passed to the decrypt() method should not contain the IV in the first 16 bytes and neither does the encrypt() function place the IV in the first 16 bytes of the generated cipher.

The below example will illustrate how to encrypt and decrypt a data. Use this utility wherever you need. For demo purpose, I have hardcoded private key in code and used AES128 algorithm.

1. public class CryptoUtil
2. {
3.     // This should be stored and referred from custom setting. Don't hard code here. For demo purpose i have hard coded.
4.     static Blob encryptionKey = Blob.valueOf('8cPkWGCoHv9a3D7K');
5.  
6.     public static string encyptData(String decryptedString)
7.     {
8.         Blob data = Blob.valueOf(decryptedString);
9.         Blob encryptedBlobData = Crypto.encryptWithManagedIV('AES128', encryptionKey , data );
10.         String base64EncryptedString = EncodingUtil.base64Encode(encryptedBlobData);
11.         return base64EncryptedString;
12.     }
13.    
14.     public static string decryptData(String encryptedString)
15.     {
16.         Blob data = EncodingUtil.base64Decode(encryptedString);
17.         Blob decryptedBlobData = Crypto.decryptWithManagedIV('AES128', encryptionKey , data);
18.         String decryptedString= decryptedBlobData.toString();
19.         return decryptedString;
20.     }
21.  
22. }

Run the below code snippet from Developer Console:

1. String encryptedResult = CryptoUtil.encyptData('Arunkumar');
2. System.debug('## Encrypted Result----'+encryptedResult);
3.        
4. String decryptedResult = CryptoUtil.decryptData(encryptedResult);
5. System.debug('## Decrypted Result----'+decryptedResult);

You will get an output like below,

Reference:

Apex Crypto Class

Encoding Util

Crypto Class