• State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 94 subscribers
  • Views 14726 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OneDB Encrypted : How to decrypt an Encrypted Password on Config Parameters

ermes.crico
over 7 years ago

Hi all,

On production I have the ONE IDM encrypted in this way all internal passwords and connections are not show.

I have a parameter that contains a password. I encrypted the parameter and the original value now is not visible.

I need to take the parameter value on a custom script for a connection string.

I search on site, and I find the statements to descrypt the value. I wrote a function:

        Public Function CCC_Get_DecryptedValue(ByVal EncryptedString As String) As String

            Dim DecryptVal As String
            Dim decrypter As VI.Projector.Security.DatabaseEncryption = New VI.Projector.Security.DatabaseEncryption(Connection.Session)
            ' decryption using the Projector method
            DecryptVal = decrypter.Decrypt(EncryptedString)
            Return DecryptVal
        End Function

The function return the value encrypted and if I check the encrypted string using

Dim check As Boolean = decrypter.IsEncryptedValue(EncryptedString)

The check is false....  

Could you tell me what I wrong ?

Thank you very much and best regards

Ermes

Top Replies

  • 0 over 7 years ago

    Two things. First, where are you testing this? Only when the script is running in the Job Service, it is able to decrypt the strings. Second, where does the value come from that you are trying to decrypt (Sync Variable, Configuration Parameter, etc.)?

    • 0 over 7 years ago in reply to Markus Weiss-Ehlers

      Hi Markus,

      To discover whats happen I write a log before and after the decrypt:

      I executed again the script and the log is:

      8/8/2018 1:34:01 PM -  
      8/8/2018 1:34:01 PM - CCC_UNSAccountB_CRM_SyncAccount - Check For Password Encryption = Call Decrypt function
      8/8/2018 1:34:01 PM - CCC_UNSAccountB_CRM_SyncAccount - Encrypted value (Parameter) = [C]AGvg53ws/oFNoQTBIJfYETEL4e6chFQYKaB7CZ+OQMTLInCeomrA/myjMBwidtze4mlzvoLE4rr2Q2RrnJeXK+L7Co1pEbHqJUSc1SUMbV2cGfStxY2e4g5RoLHrWO+UZPlYdubQdmZHpeUF5yaLtDKhhYCSuI5midDPxXovVMS4GRivgZ4uNoc6y1HnXHLI5cWX79Egl7JbVRrnnvlU9a+SY2etqm9dCWTblTuGcyPGAn8SoU4SH3/Ko93p+zpBN03HF2GJlS5UsTEXuUOAYF5BOwrQX9RGHAW4W8eUca1bx7BrsHmvQwS+1BIneIPWAN8KrCMf5dGU6Vyu7L9tEYzaslL30sYo2cBFA7+uu5J+L5vz9Ay+hY4w2kCRUxn4q0UWS4dOCWxWk8MG/dNgAZN3hq2zsv3OgpX2O85bFEgW62AinVdMlT2j90I0Fl/WkaVXlPpS6nOOg9JPUDxaIUMsyzwceDqFbcag9o2x2W+tJ0fEkJGy1rVBmw56bBawSxjab02015XWhD0BVor92dOiaOH186RuP2QPZXrX8dRVhc9YpusVhdo5JByLNzoU86QHdhQEqbKjLHx8M7hSi9E=[C]
      8/8/2018 1:34:01 PM - CCC_UNSAccountB_CRM_SyncAccount - Descrypted Value (after Decryption Function) = [C]AGvg53ws/oFNoQTBIJfYETEL4e6chFQYKaB7CZ+OQMTLInCeomrA/myjMBwidtze4mlzvoLE4rr2Q2RrnJeXK+L7Co1pEbHqJUSc1SUMbV2cGfStxY2e4g5RoLHrWO+UZPlYdubQdmZHpeUF5yaLtDKhhYCSuI5midDPxXovVMS4GRivgZ4uNoc6y1HnXHLI5cWX79Egl7JbVRrnnvlU9a+SY2etqm9dCWTblTuGcyPGAn8SoU4SH3/Ko93p+zpBN03HF2GJlS5UsTEXuUOAYF5BOwrQX9RGHAW4W8eUca1bx7BrsHmvQwS+1BIneIPWAN8KrCMf5dGU6Vyu7L9tEYzaslL30sYo2cBFA7+uu5J+L5vz9Ay+hY4w2kCRUxn4q0UWS4dOCWxWk8MG/dNgAZN3hq2zsv3OgpX2O85bFEgW62AinVdMlT2j90I0Fl/WkaVXlPpS6nOOg9JPUDxaIUMsyzwceDqFbcag9o2x2W+tJ0fEkJGy1rVBmw56bBawSxjab02015XWhD0BVor92dOiaOH186RuP2QPZXrX8dRVhc9YpusVhdo5JByLNzoU86QHdhQEqbKjLHx8M7hSi9E=[C]
      8/8/2018 1:34:01 PM -  

      As you can see the decrypt return the same value

      Thanks for your help.

      Best regards

      Ermes

      • 0 over 7 years ago in reply to Markus Weiss-Ehlers

        The encrypted value is a config parameter

        • 0 over 7 years ago in reply to ermes.crico

          Another question, what version are you using?

          • 0 over 7 years ago in reply to Markus Weiss-Ehlers

            Hi Markus

            I am using the 8.0.1

            • +1 over 7 years ago in reply to ermes.crico

              The code you posted does work for sync variables only.

              I suggest decrypting the string with the Session.Decrypt() method.

              Fullscreen
              1
              2
              ' Caution: This only work if the script is running in the Job Service.
              DecryptVal = Session.Decrypt(EncryptedString)
              XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

              Again, this will only decrypt the value if the script is executed by the Job Service!

              • 0 over 7 years ago in reply to Markus Weiss-Ehlers

                Hi Markus,

                I confirm you that the script is executed by the job service.

                I display the fields value on a file to be sure that they have the correct values.

                But as you can see the result is not correct.

                These my steps to encrypt the config parameter:

                1. I put the clear value

                2. I select the "Encrypt" flag

                3. The value disapperar and it becames "****"

                I executed the script from Designer - Process automation (this script is scheduled)

                Thanks

                Ermes

                • 0 over 7 years ago in reply to ermes.crico

                  Is your Job Service configured with the private.key so that he is able to decrypt stuff?

                  Do you use my code snippet or yours?

                  • 0 over 7 years ago in reply to Markus Weiss-Ehlers

                    Hi Markus,

                    Obviously, the Job Service start using the private key generated from the DB encryption steps.

                    Without the private key the job service cannot start.

                    The code used as I wrote before is my function:

                            Public Function CCC_Get_DecryptedValue(ByVal EncryptedString As String) As String

                                Dim DecryptVal As String
                                Dim decrypter As VI.Projector.Security.DatabaseEncryption = New VI.Projector.Security.DatabaseEncryption(Connection.Session)
                                ' decryption using the Projector method
                                DecryptVal = decrypter.Decrypt(EncryptedString)
                                Return DecryptVal
                            End Function

                    I deleted from your function the "Encryption" part because I don't need it.

                    • 0 over 7 years ago in reply to ermes.crico

                      As I've said before.

                      Markus Weiss-Ehlers said:

                      The code you posted does work for sync variables only.

                      I suggest decrypting the string with the Session.Decrypt() method.

                      • 0 over 7 years ago in reply to Markus Weiss-Ehlers

                        Hi Markus,

                        Using Session.Decrypt() method the script works fine.

                        Now the parameter is descrypted correctly.

                        Thank you very much and best regards

                        Ermes