Hello,
I would like to present a solution in order to encrypt/decrypt data base password stored in dbpasswd.txt on DCTM server via API commands and Java API programming. When and why this would be necessary ? Perhaps, if the database password has been forgotten by everybody 
API commands
So, the password of database is stored in the dbpasswd.txt file in the docbase’s folder [DCTM_INSTALL_FOLDER]\dba\config\[DOCBASE_FOLDER]. The content of this file would be like:
1 | DM_ENCR_TEXT=Qir0/YsHIxxxxxxxxxxxxxxxxx8MGpK |
To decrypt this value via API commands on Windows:
- On DCTM server, launch a command and connect to targeted docbase via IAPI tool with a SUPERUSER (owner) account:
01D:\Documentum\product\7.2\bin>iapi mydocbase02Please enter auser(hozveren): dmadmin03Please enterpasswordfordmadmin: *********0405EMC Documentum iapi - Interactive API interface06(c) Copyright EMC Corp., 1992 - 201507Allrights reserved.08Client Library Release 7.2.0050.00840910ConnectingtoServer using docbase mydocbase11[DM_SESSION_I_SESSION_START]info:"Session 010xxxxxxxxbcde started for user dmadmin."1213ConnectedtoDocumentum Server runing Release 7.2.0050.0214 Win64.Oracle14Session idiss015API>_ - Execute the API commands initcrypto,c, and decrypttext,c,DM_ENCR_TEXT=xxxxxx:
01D:\Documentum\product\7.2\bin>iapi mydocbase02Please enter auser(hozveren): dmadmin03Please enterpasswordfordmadmin: *********0405EMC Documentum iapi - Interactive API interface06(c) Copyright EMC Corp., 1992 - 201507Allrights reserved.08Client Library Release 7.2.0050.00840910ConnectingtoServer using docbase mydocbase11[DM_SESSION_I_SESSION_START]info:"Session 010xxxxxxxxbcde started for user dmadmin."1213ConnectedtoDocumentum Server runing Release 7.2.0050.0214 Win64.Oracle14Session idiss015API>initcrypto,c,16...17OK18API>decrypttext,c,DM_ENCR_TEXT=Qir0/YsHIxxxxxxxxxxxxxxxxx8MGpK19...20MyDataBasePassword12321API>_
Java API programming
It is also possible to decrypt the password of database (stored in the dbpasswd.txt file in folder [DCTM_INSTALL_FOLDER]\dba\config\[DOCBASE_FOLDER]), via API programming. Reminder the content of this file would be like:
1 | DM_ENCR_TEXT=Qir0/YsHIxxxxxxxxxxxxxxxxx8MGpK |
To encrypt/decrypt this value via JAVA API programming:
- Get the file aek.key from Content Server and prepare a dfc.properties config file. The key file is available in the DCTM folder [DCTM_INSTALL_FOLDER]\dba\secure\.
- Java decrypting method:
01/**02* Decrypting with API - longer, dm_encrypt_password passwords03*04* @param passwordEncrypted05* @return06*/07publicstaticString decryptWithApi(String passwordEncrypted,String AEK_PATH) {08String ret =null;09try{10File file =newFile(AEK_PATH);11if(!file.exists()) {12System.out.println("Could not find aek.key file. Please copy from Content Server to "+ AEK_PATH);13returnnull;14}1516System.out.print("\tAPI (decrypt) -> "+ passwordEncrypted +"\t\t\t\t");17com.documentum.dmcl.impl.DmclApi.getInstance().exec("initcrypto,c,"+ AEK_PATH);18ret = com.documentum.dmcl.impl.DmclApi.getInstance().get("decrypttext,c,DM_ENCR_TEXT="+ passwordEncrypted);19}catch(Exception e) {20System.out.println("ERROR: "+ e.getMessage());21}22returnret;23} - Java encrypting method:
01/**02* Encrypting with API - longer, dm_encrypt_password passwords03*04* @param passwordToEncrypt05* @return06*/07publicstaticString encryptWithApi(String passwordToEncrypt, String AEK_PATH) {08String ret =null;09try{10File file =newFile(AEK_PATH);11if(!file.exists()) {12System.out.println("Could not find aek.key file. Please copy from Content Server to "+ AEK_PATH);13returnnull;14}1516System.out.print("\tAPI (encrypt) -> "+ passwordToEncrypt +"\t\t\t\t");17com.documentum.dmcl.impl.DmclApi.getInstance().exec("initcrypto,c,"+ AEK_PATH);18ret = com.documentum.dmcl.impl.DmclApi.getInstance().get("encryptpass,c,DM_ENCR_TEXT="+ passwordToEncrypt);19}catch(Exception e) {20System.out.println("ERROR: "+ e.getMessage());21}22returnret;23} - Test decrypting and encrypting method via Java API commands:
01// --------------------------------- Encrypting/Decrypting with API02String aekkeyfile ="T:/Public/HUO/aek.key";03password ="DM_ENCR_TEXT=Qir0/YsHIxxxxxxxxxxxxxxxxx8MGpK";04// try decrypting with API - longer, dm_encrypt_password passwords05System.out.println("\nTrying to decrypt '"+ password +"'...\n");06clearText = decryptWithApi(password, aekkeyfile);07if((clearText !=null) && (clearText.length() >0)) {08System.out.println("'"+ clearText +"'");09}else{10System.exit(1);11}1213clearText ="TEST-javablog-Documentum@123";1415// try encrypting with API - longer, dm_encrypt_password passwords16System.out.println("\nTrying to encrypt '"+ clearText +"'...\n");17password = encryptWithApi(clearText, aekkeyfile);18if((password !=null) && (password.length() >0)) {19System.out.println("'"+ password +"'");20}else{21System.exit(1);22}2324// try decrypting with API - longer, dm_encrypt_password passwords25System.out.println("\nTrying to decrypt again '"+ password +"'...\n");26clearText = decryptWithApi(password, aekkeyfile);27if((clearText !=null) && (clearText.length() >0)) {28System.out.println("'"+ clearText +"'");29}else{30System.exit(1);31}
That’s all!!!
Huseyin OZVEREN