packer-cn/website/content/docs/templates/hcl_templates/functions/crypto/rsadecrypt.mdx

---
page_title: rsadecrypt - Functions - Configuration Language
description: The rsadecrypt function decrypts an RSA-encrypted message.
---

# `rsadecrypt` Function

`rsadecrypt` decrypts an RSA-encrypted ciphertext, returning the corresponding
cleartext.

```hcl
rsadecrypt(ciphertext, privatekey)
```

`ciphertext` must be a base64-encoded representation of the ciphertext, using
the PKCS #1 v1.5 padding scheme. Packer uses the "standard" Base64 alphabet
as defined in [RFC 4648 section 4](https://tools.ietf.org/html/rfc4648#section-4).

`privatekey` must be a PEM-encoded RSA private key that is not itself
encrypted.

Packer has no corresponding function for _encrypting_ a message. Use this
function to decrypt ciphertexts returned by remote services using a keypair
negotiated out-of-band.

## Examples

```shell-session
> rsadecrypt(base64(file("${path.folder}/ciphertext")), file("privatekey.pem"))
Hello, world!
```
Hcl2 input variables, local variables and functions (#8588) Mainly redefine or reused what Terraform did. * allow to used `variables`, `variable` and `local` blocks * import the following functions and their docs from Terraform: abs, abspath, basename, base64decode, base64encode, bcrypt, can, ceil, chomp, chunklist, cidrhost, cidrnetmask, cidrsubnet, cidrsubnets, coalesce, coalescelist, compact, concat, contains, convert, csvdecode, dirname, distinct, element, file, fileexists, fileset, flatten, floor, format, formatdate, formatlist, indent, index, join, jsondecode, jsonencode, keys, length, log, lookup, lower, max, md5, merge, min, parseint, pathexpand, pow, range, reverse, rsadecrypt, setintersection, setproduct, setunion, sha1, sha256, sha512, signum, slice, sort, split, strrev, substr, timestamp, timeadd, title, trim, trimprefix, trimspace, trimsuffix, try, upper, urlencode, uuidv4, uuidv5, values, yamldecode, yamlencode, zipmap. 2020-02-06 11:49:21 +01:00			`---`
initial port 2020-03-18 18:46:47 -04:00			`page_title: rsadecrypt - Functions - Configuration Language`
			`description: The rsadecrypt function decrypts an RSA-encrypted message.`
Hcl2 input variables, local variables and functions (#8588) Mainly redefine or reused what Terraform did. * allow to used `variables`, `variable` and `local` blocks * import the following functions and their docs from Terraform: abs, abspath, basename, base64decode, base64encode, bcrypt, can, ceil, chomp, chunklist, cidrhost, cidrnetmask, cidrsubnet, cidrsubnets, coalesce, coalescelist, compact, concat, contains, convert, csvdecode, dirname, distinct, element, file, fileexists, fileset, flatten, floor, format, formatdate, formatlist, indent, index, join, jsondecode, jsonencode, keys, length, log, lookup, lower, max, md5, merge, min, parseint, pathexpand, pow, range, reverse, rsadecrypt, setintersection, setproduct, setunion, sha1, sha256, sha512, signum, slice, sort, split, strrev, substr, timestamp, timeadd, title, trim, trimprefix, trimspace, trimsuffix, try, upper, urlencode, uuidv4, uuidv5, values, yamldecode, yamlencode, zipmap. 2020-02-06 11:49:21 +01:00			`---`

			# `rsadecrypt` Function

			`rsadecrypt` decrypts an RSA-encrypted ciphertext, returning the corresponding
			`cleartext.`

			```hcl
			`rsadecrypt(ciphertext, privatekey)`
			```

			`ciphertext` must be a base64-encoded representation of the ciphertext, using
			`the PKCS #1 v1.5 padding scheme. Packer uses the "standard" Base64 alphabet`
			`as defined in [RFC 4648 section 4](https://tools.ietf.org/html/rfc4648#section-4).`

			`privatekey` must be a PEM-encoded RSA private key that is not itself
			`encrypted.`

			`Packer has no corresponding function for _encrypting_ a message. Use this`
			`function to decrypt ciphertexts returned by remote services using a keypair`
			`negotiated out-of-band.`

			`## Examples`

shell snippet fixes, nextjs-scripts upgrades 2020-05-29 17:12:05 -04:00			```shell-session
Hcl2 input variables, local variables and functions (#8588) Mainly redefine or reused what Terraform did. * allow to used `variables`, `variable` and `local` blocks * import the following functions and their docs from Terraform: abs, abspath, basename, base64decode, base64encode, bcrypt, can, ceil, chomp, chunklist, cidrhost, cidrnetmask, cidrsubnet, cidrsubnets, coalesce, coalescelist, compact, concat, contains, convert, csvdecode, dirname, distinct, element, file, fileexists, fileset, flatten, floor, format, formatdate, formatlist, indent, index, join, jsondecode, jsonencode, keys, length, log, lookup, lower, max, md5, merge, min, parseint, pathexpand, pow, range, reverse, rsadecrypt, setintersection, setproduct, setunion, sha1, sha256, sha512, signum, slice, sort, split, strrev, substr, timestamp, timeadd, title, trim, trimprefix, trimspace, trimsuffix, try, upper, urlencode, uuidv4, uuidv5, values, yamldecode, yamlencode, zipmap. 2020-02-06 11:49:21 +01:00			`> rsadecrypt(base64(file("${path.folder}/ciphertext")), file("privatekey.pem"))`
			`Hello, world!`
			```