This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OneDB Encrypted : How to decrypt an Encrypted Password on Config Parameters

ermes.crico over 5 years ago

Hi all,

On production I have the ONE IDM encrypted in this way all internal passwords and connections are not show.

I have a parameter that contains a password. I encrypted the parameter and the original value now is not visible.

I need to take the parameter value on a custom script for a connection string.

I search on site, and I find the statements to descrypt the value. I wrote a function:

        Public Function CCC_Get_DecryptedValue(ByVal EncryptedString As String) As String

            Dim DecryptVal As String
            Dim decrypter As VI.Projector.Security.DatabaseEncryption = New VI.Projector.Security.DatabaseEncryption(Connection.Session)
            ' decryption using the Projector method
            DecryptVal = decrypter.Decrypt(EncryptedString)
            Return DecryptVal
        End Function

The function return the value encrypted and if I check the encrypted string using

Dim check As Boolean = decrypter.IsEncryptedValue(EncryptedString)

The check is false....

Could you tell me what I wrong ?

Thank you very much and best regards

Ermes

Top Replies

Markus Weiss-Ehlers over 5 years ago in reply to ermes.crico +1 verified
The code you posted does work for sync variables only.

I suggest decrypting the string with the Session.Decrypt() method.
```
' Caution: This only work if the script is running in the Job Service.
DecryptVal…
```
Markus Weiss-Ehlers over 5 years ago in reply to ermes.crico +1 suggested

As I've said before.

Markus Weiss-Ehlers said:

The code you posted does work for sync variables only.

I suggest decrypting the string with the Session.Decrypt() method.

Parents

0 Markus Weiss-Ehlers over 5 years ago

Two things. First, where are you testing this? Only when the script is running in the Job Service, it is able to decrypt the strings. Second, where does the value come from that you are trying to decrypt (Sync Variable, Configuration Parameter, etc.)?
Cancel
Up 0 Down

Cancel

Reply

0 Markus Weiss-Ehlers over 5 years ago

Two things. First, where are you testing this? Only when the script is running in the Job Service, it is able to decrypt the strings. Second, where does the value come from that you are trying to decrypt (Sync Variable, Configuration Parameter, etc.)?
Cancel
Up 0 Down

Cancel

Children

0 ermes.crico over 5 years ago in reply to Markus Weiss-Ehlers

Hi Markus,

To discover whats happen I write a log before and after the decrypt:

I executed again the script and the log is:

8/8/2018 1:34:01 PM -
8/8/2018 1:34:01 PM - CCC_UNSAccountB_CRM_SyncAccount - Check For Password Encryption = Call Decrypt function
8/8/2018 1:34:01 PM - CCC_UNSAccountB_CRM_SyncAccount - Encrypted value (Parameter) = [C]AGvg53ws/oFNoQTBIJfYETEL4e6chFQYKaB7CZ+OQMTLInCeomrA/myjMBwidtze4mlzvoLE4rr2Q2RrnJeXK+L7Co1pEbHqJUSc1SUMbV2cGfStxY2e4g5RoLHrWO+UZPlYdubQdmZHpeUF5yaLtDKhhYCSuI5midDPxXovVMS4GRivgZ4uNoc6y1HnXHLI5cWX79Egl7JbVRrnnvlU9a+SY2etqm9dCWTblTuGcyPGAn8SoU4SH3/Ko93p+zpBN03HF2GJlS5UsTEXuUOAYF5BOwrQX9RGHAW4W8eUca1bx7BrsHmvQwS+1BIneIPWAN8KrCMf5dGU6Vyu7L9tEYzaslL30sYo2cBFA7+uu5J+L5vz9Ay+hY4w2kCRUxn4q0UWS4dOCWxWk8MG/dNgAZN3hq2zsv3OgpX2O85bFEgW62AinVdMlT2j90I0Fl/WkaVXlPpS6nOOg9JPUDxaIUMsyzwceDqFbcag9o2x2W+tJ0fEkJGy1rVBmw56bBawSxjab02015XWhD0BVor92dOiaOH186RuP2QPZXrX8dRVhc9YpusVhdo5JByLNzoU86QHdhQEqbKjLHx8M7hSi9E=[C]
8/8/2018 1:34:01 PM - CCC_UNSAccountB_CRM_SyncAccount - Descrypted Value (after Decryption Function) = [C]AGvg53ws/oFNoQTBIJfYETEL4e6chFQYKaB7CZ+OQMTLInCeomrA/myjMBwidtze4mlzvoLE4rr2Q2RrnJeXK+L7Co1pEbHqJUSc1SUMbV2cGfStxY2e4g5RoLHrWO+UZPlYdubQdmZHpeUF5yaLtDKhhYCSuI5midDPxXovVMS4GRivgZ4uNoc6y1HnXHLI5cWX79Egl7JbVRrnnvlU9a+SY2etqm9dCWTblTuGcyPGAn8SoU4SH3/Ko93p+zpBN03HF2GJlS5UsTEXuUOAYF5BOwrQX9RGHAW4W8eUca1bx7BrsHmvQwS+1BIneIPWAN8KrCMf5dGU6Vyu7L9tEYzaslL30sYo2cBFA7+uu5J+L5vz9Ay+hY4w2kCRUxn4q0UWS4dOCWxWk8MG/dNgAZN3hq2zsv3OgpX2O85bFEgW62AinVdMlT2j90I0Fl/WkaVXlPpS6nOOg9JPUDxaIUMsyzwceDqFbcag9o2x2W+tJ0fEkJGy1rVBmw56bBawSxjab02015XWhD0BVor92dOiaOH186RuP2QPZXrX8dRVhc9YpusVhdo5JByLNzoU86QHdhQEqbKjLHx8M7hSi9E=[C]
8/8/2018 1:34:01 PM -

As you can see the decrypt return the same value

Thanks for your help.

Best regards

Ermes
Cancel
Up 0 Down

Cancel
0 ermes.crico over 5 years ago in reply to Markus Weiss-Ehlers

The encrypted value is a config parameter
Cancel
Up 0 Down

Cancel
0 Markus Weiss-Ehlers over 5 years ago in reply to ermes.crico

Another question, what version are you using?
Cancel
Up 0 Down

Cancel
0 ermes.crico over 5 years ago in reply to Markus Weiss-Ehlers

Hi Markus

I am using the 8.0.1
Cancel
Up 0 Down

Cancel
+1 Markus Weiss-Ehlers over 5 years ago in reply to ermes.crico
The code you posted does work for sync variables only.

I suggest decrypting the string with the Session.Decrypt() method.

' Caution: This only work if the script is running in the Job Service. DecryptVal = Session.Decrypt(EncryptedString)

Again, this will only decrypt the value if the script is executed by the Job Service!
Cancel
Up +1 Down

Cancel
0 ermes.crico over 5 years ago in reply to Markus Weiss-Ehlers

Hi Markus,

I confirm you that the script is executed by the job service.

I display the fields value on a file to be sure that they have the correct values.

But as you can see the result is not correct.

These my steps to encrypt the config parameter:

1. I put the clear value

2. I select the "Encrypt" flag

3. The value disapperar and it becames "****"

I executed the script from Designer - Process automation (this script is scheduled)

Thanks

Ermes
Cancel
Up 0 Down

Cancel
0 Markus Weiss-Ehlers over 5 years ago in reply to ermes.crico

Is your Job Service configured with the private.key so that he is able to decrypt stuff?

Do you use my code snippet or yours?
Cancel
Up 0 Down

Cancel
0 ermes.crico over 5 years ago in reply to Markus Weiss-Ehlers

Hi Markus,

Obviously, the Job Service start using the private key generated from the DB encryption steps.

Without the private key the job service cannot start.

The code used as I wrote before is my function:

        Public Function CCC_Get_DecryptedValue(ByVal EncryptedString As String) As String

            Dim DecryptVal As String
            Dim decrypter As VI.Projector.Security.DatabaseEncryption = New VI.Projector.Security.DatabaseEncryption(Connection.Session)
            ' decryption using the Projector method
            DecryptVal = decrypter.Decrypt(EncryptedString)
            Return DecryptVal
        End Function

I deleted from your function the "Encryption" part because I don't need it.
Cancel
Up 0 Down

Cancel
0 Markus Weiss-Ehlers over 5 years ago in reply to ermes.crico

As I've said before.

Markus Weiss-Ehlers said:

The code you posted does work for sync variables only.

I suggest decrypting the string with the Session.Decrypt() method.
Cancel
Up +1 Down

Cancel
0 ermes.crico over 5 years ago in reply to Markus Weiss-Ehlers

Hi Markus,

Using Session.Decrypt() method the script works fine.

Now the parameter is descrypted correctly.

Thank you very much and best regards

Ermes
Cancel
Up 0 Down

Cancel