This function decrypts encrypted data using the supplied algorithm and encryption values. Supply either a value or a valid external key for the password, initialization vector (IV), and salt. You can also use the external keys if you previously created keys in the Key Management section of the Marketing Cloud app. Otherwise, the function generates a password using the password parameter or stored value, the salt parameter or stored value, and the IV parameter or stored value. If you don't pass or reference an initialization vector, the function uses the password parameter or stored value as the initialization vector. This function treats Salt and IV values either directly provided or looked up by key as hex strings, with each pair of characters representing a single byte in the larger strings. Don't attempt to use these values as a cipher string, as you cannot successfully decrypt those strings using this function. You can wrap the EncryptSymmetric() and DecryptSymmetric() functions in Base64Encode() and Base64Decode() functions to view the final string in plain text. You can only use the EncryptSymmetric() and DecryptSymmetric() AMPscript function on data contained within Marketing Cloud. Marketing Cloud does not support the use of these functions in conjunction with outside or third-party encryption and decryption functionality.


DecryptSymmetric(1, 2, 3, 4, 5, 6, 7, 8)

Function Properties

1stringRequiredEncrypted data passed to function
2stringRequiredAlgorithm used to encrypt the data. Valid values include aes, des, and tripledes.
3stringRequiredPassword external key
5stringRequiredSalt external key
6stringRequiredSalt value
7stringRequiredInitialization vector external key
8stringRequiredInitialization vector value


You can set optional mode or padding values for DES or TripleDES algorithms:


  • cbc - default
  • ecb
  • ofb
  • cfb
  • cts


  • none
  • pkcs7 - default
  • zeros
  • ansix923
  • iso10126

The example below sets the @clearData variable to the value of the @endData once the function decrypts that data. This example uses provided values for the password, salt, and IV, and it sets any external key values to the undeclared variable @null. Note that the Salt and IV values provided in the example below represent hex string values - the Salt value includes 8 bytes of information, and the IV value provides 16 bytes.

The example below uses external keys instead of provided values: