Hello,

I would like to present a solution in order to encrypt/decrypt data base password stored in dbpasswd.txt on DCTM server via API commands and Java API programming. When and why this would be necessary ? Perhaps, if the database password has been forgotten by everybody 🙂
 
API commands
So, the password of database is stored in the dbpasswd.txt file in the docbase’s folder [DCTM_INSTALL_FOLDER]\dba\config\[DOCBASE_FOLDER]. The content of this file would be like:

DM_ENCR_TEXT=Qir0/YsHIxxxxxxxxxxxxxxxxx8MGpK

 
To decrypt this value via API commands on Windows:

  1. On DCTM server, launch a command and connect to targeted docbase via IAPI tool with a SUPERUSER (owner) account:
    D:\Documentum\product\7.2\bin>iapi mydocbase
    Please enter a user (hozveren): dmadmin
    Please enter password for dmadmin: *********
    	
    	EMC Documentum iapi - Interactive API interface
    	(c) Copyright EMC Corp., 1992 - 2015
    	All rights reserved.
    	Client Library Release 7.2.0050.0084
    
    Connecting to Server using docbase mydocbase
    [DM_SESSION_I_SESSION_START]info: "Session 010xxxxxxxxbcde started for user dmadmin."
    
    Connected to Documentum Server runing Release 7.2.0050.0214 Win64.Oracle
    Session id is s0
    API>_
    

     

  2. Execute the API commands initcrypto,c, and decrypttext,c,DM_ENCR_TEXT=xxxxxx:
    D:\Documentum\product\7.2\bin>iapi mydocbase
    Please enter a user (hozveren): dmadmin
    Please enter password for dmadmin: *********
    	
    	EMC Documentum iapi - Interactive API interface
    	(c) Copyright EMC Corp., 1992 - 2015
    	All rights reserved.
    	Client Library Release 7.2.0050.0084
    
    Connecting to Server using docbase mydocbase
    [DM_SESSION_I_SESSION_START]info: "Session 010xxxxxxxxbcde started for user dmadmin."
    
    Connected to Documentum Server runing Release 7.2.0050.0214 Win64.Oracle
    Session id is s0
    API>initcrypto,c,
    ...
    OK
    API>decrypttext,c,DM_ENCR_TEXT=Qir0/YsHIxxxxxxxxxxxxxxxxx8MGpK
    ...
    MyDataBasePassword123
    API>_
    

     

 
 
Java API programming

It is also possible to decrypt the password of database (stored in the dbpasswd.txt file in folder [DCTM_INSTALL_FOLDER]\dba\config\[DOCBASE_FOLDER]), via API programming. Reminder the content of this file would be like:

DM_ENCR_TEXT=Qir0/YsHIxxxxxxxxxxxxxxxxx8MGpK

 
To encrypt/decrypt this value via JAVA API programming:

  1. Get the file aek.key from Content Server and prepare a dfc.properties config file. The key file is available in the DCTM folder [DCTM_INSTALL_FOLDER]\dba\secure\.
     
  2. Java decrypting method:
    /**
    * Decrypting with API - longer, dm_encrypt_password passwords
    * 
    * @param passwordEncrypted
    * @return
    */
    public static String decryptWithApi(String passwordEncrypted,String AEK_PATH) {
    	String ret = null;
    	try {
    		File file = new File(AEK_PATH);
    		if (!file.exists()) {
    			System.out.println("Could not find aek.key file.  Please copy from Content Server to "+ AEK_PATH);
    			return null;
    		}
    
    		System.out.print("\tAPI (decrypt) -> " + passwordEncrypted + "\t\t\t\t");
    		com.documentum.dmcl.impl.DmclApi.getInstance().exec("initcrypto,c," + AEK_PATH);
    		ret = com.documentum.dmcl.impl.DmclApi.getInstance().get("decrypttext,c,DM_ENCR_TEXT=" + passwordEncrypted);
    	} catch (Exception e) {
    		System.out.println("ERROR: " + e.getMessage());
    	}
    	return ret;
    }
    

     

  3. Java encrypting method:
    /**
    * Encrypting with API - longer, dm_encrypt_password passwords
    * 
    * @param passwordToEncrypt
    * @return
    */
    public static String encryptWithApi(String passwordToEncrypt, String AEK_PATH) {
    	String ret = null;
    	try {
    		File file = new File(AEK_PATH);
    		if (!file.exists()) {
    			System.out.println("Could not find aek.key file.  Please copy from Content Server to " + AEK_PATH);
    			return null;
    		}
    
    		System.out.print("\tAPI (encrypt) -> " + passwordToEncrypt + "\t\t\t\t");
    		com.documentum.dmcl.impl.DmclApi.getInstance().exec("initcrypto,c," + AEK_PATH);
    		ret = com.documentum.dmcl.impl.DmclApi.getInstance().get("encryptpass,c,DM_ENCR_TEXT=" + passwordToEncrypt);
    	} catch (Exception e) {
    		System.out.println("ERROR: " + e.getMessage());
    	}
    	return ret;
    }
    

     

  4. Test decrypting and encrypting method via Java API commands:
    
    // --------------------------------- Encrypting/Decrypting with API
    String aekkeyfile = "T:/Public/HUO/aek.key";
    password = "DM_ENCR_TEXT=Qir0/YsHIxxxxxxxxxxxxxxxxx8MGpK";
    // try decrypting with API - longer, dm_encrypt_password passwords
    System.out.println("\nTrying to decrypt '" + password + "'...\n");
    clearText = decryptWithApi(password, aekkeyfile);
    if ((clearText != null) && (clearText.length() > 0)) {
    	System.out.println("'" + clearText + "'");
    }else{
    	System.exit(1);
    }
                
    clearText = "TEST-javablog-Documentum@123";
                
    // try encrypting with API - longer, dm_encrypt_password passwords
    System.out.println("\nTrying to encrypt '" + clearText + "'...\n");
    password = encryptWithApi(clearText, aekkeyfile);
    if ((password != null) && (password.length() > 0)) {
    	System.out.println("'" + password + "'");
    }else{
    	System.exit(1);
    }
                
    // try decrypting with API - longer, dm_encrypt_password passwords
    System.out.println("\nTrying to decrypt again '" + password + "'...\n");
    clearText = decryptWithApi(password, aekkeyfile);
    if ((clearText != null) && (clearText.length() > 0)) {
    	System.out.println("'" + clearText + "'");
    }else{
    	System.exit(1);
    }
    

     

 

That’s all!!!

Huseyin OZVEREN