cloak.business

Deanonymizer Guide -- Restoring Original Data

Last Updated: 2026-02-09

The Deanonymizer reverses encrypted anonymization, restoring original values from encrypted text. This only works with text that was anonymized using the Encrypt method.

Table of Contents#

  1. When to Use
  2. How It Works
  3. Requirements
  4. Step-by-Step Instructions
  5. Important Notes
  6. Troubleshooting

When to Use#

Use the Deanonymizer when:

  • You previously anonymized text using the Encrypt method.
  • You need to restore the original PII values.
  • You have the encryption key that was used during anonymization.

The Deanonymizer cannot restore text anonymized with Replace, Redact, Hash, or Mask. Those methods are irreversible by design.

How It Works#

  1. During anonymization with the Encrypt method, each detected PII value is encrypted using AES-256-GCM with your personal encryption key.
  2. The encrypted values are embedded in the text as encoded tokens (e.g., <encrypted:aGVsbG8gd29ybGQ=>).
  3. The Deanonymizer scans the text for these encrypted tokens.
  4. Using your encryption key, it decrypts each token and replaces it with the original value.
  5. The output is the fully restored original text.

Requirements#

To successfully deanonymize text, you need:

  1. Encrypted text -- the anonymized output that contains encrypted tokens.
  2. The same encryption key that was used during the original anonymization.

If you have lost or forgotten your encryption key, the encrypted values cannot be recovered. There is no key recovery mechanism.

Step-by-Step Instructions#

1. Navigate to the Deanonymize Tab#

Open cloak.business and select the Deanonymize tab from the main navigation.

2. Paste Encrypted Text#

Paste the full anonymized text (containing encrypted tokens) into the input area. The text should contain one or more encrypted tokens in the format <encrypted:...>.

3. Enter Your Encryption Key#

Enter the encryption key that was used when the text was originally anonymized. This must be the exact same key -- even a single character difference will cause decryption to fail.

4. Click Decrypt#

Click the Decrypt button to begin deanonymization.

5. Review Restored Text#

The output area displays the text with all encrypted tokens replaced by their original values. Review the result to confirm all values were successfully restored.

6. Download or Copy#

Copy the restored text to clipboard or download it as a file.

Important Notes#

  • Only the Encrypt method is reversible. Text anonymized with Replace, Redact, Hash, or Mask cannot be restored under any circumstances.
  • Keep your encryption key safe. Without the correct key, decryption is impossible.
  • One key per operation. Each anonymization operation uses a single encryption key. If you anonymized different documents with different keys, you must deanonymize each one with its corresponding key.
  • No partial decryption. All encrypted tokens in the text must have been encrypted with the same key. If the text contains tokens from different encryption operations using different keys, only the tokens matching the provided key will be decrypted.

Troubleshooting#

Decryption Fails or Produces Garbled Output#

  • Wrong key: verify you are using the exact encryption key from the original anonymization.
  • Modified text: if the encrypted tokens have been edited, truncated, or corrupted, decryption will fail. Ensure the encrypted text is exactly as produced by the Anonymizer.

Some Tokens Not Decrypted#

  • Tokens may have been encrypted with a different key. Check whether multiple anonymization operations were combined.
  • Ensure the complete token (including the <encrypted: prefix and > suffix) is present and unmodified.

No Encrypted Tokens Found#

  • The text may have been anonymized with a non-reversible method (Replace, Redact, Hash, or Mask).
  • Verify that the text you pasted is the anonymized output, not the original text.