Search K
Appearance
Build Signed Payload ​
Signs a JSON payload with an RSA private key and optionally encrypts it with AES, producing a tamper-evident output bundle.
Purpose ​
Use this task whenever a workflow needs to create a cryptographically signed data package — for example, when sending tokens to external systems, bundling audit records that must not be modified in transit, or generating encrypted payloads that only a trusted recipient can read. The task supports RSA signing, optional AES encryption, and three output encodings to suit different integration requirements. When no signing key is provided but an AES key is, the task operates in encrypt-only mode for simple string payloads.
Inputs ​
| Field | Type | Required | Description |
|---|---|---|---|
| Payload (JSON) | Multi-line Text | Yes | The JSON object to sign. In encrypt-only mode (no signing key) any string value is accepted. |
| Signing Key (RSA Private Key) | Multi-line Text | No | RSA private key in encrypted PEM format used to sign the payload. Omit to use encrypt-only mode. |
| Signing Key Passphrase | Text | No | Passphrase to decrypt the RSA private key. Required when a signing key is provided. |
| Encrypt Payload | Dropdown | No | Set to True to AES-encrypt the payload after signing. Defaults to True. |
| Encryption Key (AES) | Text | No | AES key for encrypting the payload. Only used when Encrypt Payload is True. |
| Encryption Mode | Dropdown | No | AES mode: Standard (PBKDF2 key derivation, random IV) or Legacy (zero IV, direct key bytes). Defaults to Standard. |
| Return Mode | Dropdown | No | Output encoding: string (plain text), base64 (base64-encoded), or json (structured envelope with signature and metadata). Defaults to string. |
Visibility Rules ​
Encryption Key (AES) is only shown when Encrypt Payload is set to True. Encryption Mode is only shown when Encrypt Payload is set to True.
Outputs ​
| Name | Description |
|---|---|
| signedPayload | The signed (and optionally encrypted) payload, formatted according to Return Mode. In encrypt-only mode this variable is named encryptedPayload. |
| signature | Base64-encoded RSA signature over the canonical payload bytes. Not present in encrypt-only mode. |
| publicKey | PEM-formatted RSA public key corresponding to the signing key. Not present in encrypt-only mode. |
| hash | SHA-256 hex digest of the canonical payload before encryption. |