Hello,

I would like to present a solution in order to encrypt/decrypt the passwords of registry for example the password in the dfc.properties via Java programming with the following Documentum utilities classes:

com.documentum.fc.tools.RegistryPasswordUtils.encrypt("password to be encrypted") ;
com.documentum.fc.tools.RegistryPasswordUtils.decrypt ("password to be decrypted") ;

Dfc.properties

dfc.globalregistry.repository=globalr
dfc.globalregistry.username=dm_bof_registry
dfc.globalregistry.password=XXXXXfsfezrezxxxxxrezrzrXXX/0ezxxxxxxIGAL

 
To encrypt/decrypt this value via JAVA programming:

  1. Java decrypting method:
    /**
     * Decrypting with BOF utils - shorter, base64 encoded passwords
     * 
     * @param passwordEncrypted
     * @return
     */
    public static String decryptWithBOFUtils(String passwordEncrypted) {
    	String ret = null;
    	try {
    		System.out.print("\tBOF Utils (decrypt) -> " + passwordEncrypted + "\t\t\t\t");
    		ret = com.documentum.fc.tools.RegistryPasswordUtils.decrypt(passwordEncrypted);
    	} catch (Exception e) {
    		System.out.println("ERROR: " + e.getMessage());
    	}
    	return ret;
    }
    

     

  2. Java encrypting method:
    /**
     * Encrypting with BOF utils - shorter, base64 encoded passwords
     * 
     * @param passwordToEncrypt
     * @return
     */
    public static String encryptWithBOFUtils(String passwordToEncrypt) {
    	String ret = null;
    	try {
    		System.out.print("\tBOF Utils (encrypt) -> " + passwordToEncrypt+ "\t\t\t\t");
    		ret = com.documentum.fc.tools.RegistryPasswordUtils.encrypt(passwordToEncrypt);
    	} catch (Exception e) {
    		System.out.println("ERROR: " + e.getMessage());
    	}
    	return ret;
    }
    

     

  3. Test decrypting and encrypting method:
    // --------------------------------- Encrypting/Decrypting with BOF utils
    String password = null;
    String clearText = null;
                            
    password = "XXXXXfsfezrezxxxxxrezrzrXXX/0ezxxxxxxIGAL";
    // try decrypting with BOF utils - shorter, base64 encoded passwords
    System.out.println("\nTrying to decrypt '" + password + "'...\n");
    clearText = decryptWithBOFUtils(password);
    if ((clearText != null) && (clearText.length() > 0)) {
    	System.out.println("'" + clearText + "'");
    }else{
    	System.exit(1);
    }
                
    clearText = "TEST-javablog-Documentum@123";
                
    // try decrypting with BOF utils - shorter, base64 encoded passwords
    System.out.println("\nTrying to encrypt '" + clearText + "'...\n");
    password = encryptWithBOFUtils(clearText);
    if ((password != null) && (password.length() > 0)) {
    	System.out.println("'" + password + "'");
    }else{
    	System.exit(1);
    }
                
    // try decrypting with BOF utils - shorter, base64 encoded passwords
    System.out.println("\nTrying to decrypt again '" + password + "'...\n");
    clearText = decryptWithBOFUtils(password);
    if ((clearText != null) && (clearText.length() > 0)) {
    	System.out.println("'" + clearText + "'");
    }else{
    	System.exit(1);
    }
    

     

 
 
Here, a code found to decrypt BOF and database passwords (https://www.snip2code.com/Snippet/242104/Decrypt-Documentum-database-passwords-) :

/*
 * (C) 2012 MSRoth - msroth.wordpress.com
 * 
 * recoverPW v2
 * 
 * This code will decrypt BOF and database passwords.  It will *NOT* decrypt inline user passwords.
 * 
 * From the D6.5 EMC Documentum Content Server Administration Guide, p. 353:
 * "Passwords encrypted with encryptPassword cannot be decrypted explicitly 
 * by an application or user."
 * 
 * usage:  c:>java recoverPW <password>
 * 
 * aek.key file must exist in c:\documentum\config
 * 
 */

package com.dm_misc.recoverpw;

import com.documentum.fc.client.impl.crypto.CryptoUtils;
import com.documentum.fc.tools.RegistryPasswordUtils;
import com.documentum.dmcl.impl.DmclApi;
import com.documentum.web.formext.session.TrustedAuthenticatorTool;
import com.documentum.web.formext.session.TrustedAuthenticatorUtils;
import java.io.*;

public class RecoverPW {

    private static final String AEK_PATH = "c:/documentum/config/aek.key";
    private static boolean decrypted = false;
    private static String password = "";

    public static void main(String args[]) {

        try {
            if (args.length != 1) {
                System.out.println("usage: c:>java recoverPW <password>");
                System.exit(1);
            }

            File file = new File(AEK_PATH);
            if (!file.exists()) {
                System.out.println("Could not find aek.key file.  Please copy from Content Server to " + AEK_PATH);
                System.exit(1);
            }

            // get encrypted password from command line
            password = args[0];
            System.out.println("\nTrying to decrypt '" + password + "'...\n");

            // try decrypting with BOF utils - shorter, base64 encoded passwords
            try {
                String clearText = "";
                System.out.print("\tBOF Utils ->\t\t\t\t");
                clearText = RegistryPasswordUtils.decrypt(password);
                if ((clearText != null) && (clearText.length() > 0)) {
                    System.out.println("'" + clearText + "'");
                    decrypted = true;
                }

            } catch (Exception e) {
                System.out.println("ERROR: " + e.getMessage());
            }

            // try decrypting with API - longer, dm_encrypt_password passwords
            try {
                String clearText = "";
                System.out.print("\tAPI ->\t\t\t\t\t");
                DmclApi.getInstance().exec("initcrypto,c," + AEK_PATH);
                clearText = DmclApi.getInstance().get("decrypttext,c,DM_ENCR_TEXT=" + password);
                if ((clearText != null) && (clearText.length() > 0)) {
                    System.out.println("'" + clearText + "'");
                    decrypted = true;
                }

            } catch (Exception e) {
                System.out.println("ERROR: " + e.getMessage());
            }

            // try decrypting with CryptoUtils(Password)
            try {
                String clearText = "";
                System.out.print("\tCryptoUtils (password) ->\t\t");
                CryptoUtils c = CryptoUtils.getInstance();
                clearText = c.decryptPassword("DM_ENCR_PASS=" + password);
                if ((clearText != null) && (clearText.length() > 0)) {
                    System.out.println("'" + clearText + "'");
                    decrypted = true;
                }

            } catch (Exception e) {
                System.out.println("ERROR: " + e.getMessage());
            }

            // try decrypting with CryptoUtils(Text)
            try {
                String clearText = "";
                System.out.print("\tCryptoUtils (text) ->\t\t\t");
                CryptoUtils c = CryptoUtils.getInstance();
                clearText = c.decryptText("DM_ENCR_TEXT=" + password, "p6lo3ly1oj5ne&");
                if ((clearText != null) && (clearText.length() > 0)) {
                    System.out.println("'" + clearText + "'");
                    decrypted = true;
                }

            } catch (Exception e) {
                System.out.println("ERROR: " + e.getMessage());
            }

            // try WDK DES
            try {
                String clearText = "";
                System.out.print("\tTrustedAuthenticatorUtils (DES) ->\t");
                clearText = TrustedAuthenticatorUtils.decryptByDES(password);
                if ((clearText != null) && (clearText.length() > 0)) {
                    System.out.println("'" + clearText + "'");
                    decrypted = true;
                }

            } catch (Exception e) {
                System.out.println("ERROR: " + e.getMessage());
            }

            // try WDK decrypt
            try {
                String clearText = "";
                System.out.print("\tTrustedAuthenticatorUtils (decrypt) ->\t");
                clearText = TrustedAuthenticatorUtils.decrypt(password);
                if ((clearText != null) && (clearText.length() > 0)) {
                    System.out.println("'" + clearText + "'");
                    decrypted = true;
                }

            } catch (Exception e) {
                System.out.println("ERROR: " + e.getMessage());
            }

            // try WDK Authenticator Tool - just uses TrustedAuthenticatorUtils to encrypt
            // This will never decrypt, running the main() only does encrypt.
            try {
                System.out.print("\tWDK authenticator tool -> \t\t");

                // create a stream to hold the output since WDK authenticator tool
                // prints to console
                ByteArrayOutputStream baos = new ByteArrayOutputStream();
                PrintStream ps = new PrintStream(baos);
                PrintStream old = System.out;
                System.setOut(ps);

                // call tool to decrypt text
                TrustedAuthenticatorTool.main(new String[]{password});

                // put things back 
                System.out.flush();
                System.setOut(old);

                // see what happened 
                String clearText = baos.toString();
                int idx = clearText.indexOf("Decrypted:");
                if (idx > 0) {
                    clearText = clearText.substring(idx + "Decrypted: [".length(), clearText.length() - 3);
                    System.out.println("'" + clearText + "'");
                    if (clearText.equalsIgnoreCase(password)) {
                        decrypted = false;
                    } else {
                        decrypted = true;
                    }
                } else {
                    System.out.println("ERROR: could not decrypt with WDK Authenticator Tool");
                }

            } catch (Exception e) {
                System.out.println("ERROR: " + e.getMessage());
            }

        } catch (Exception e) {
            System.out.println("General Error: " + e.getMessage());
        }

        System.out.println();
        if (!decrypted) {
            System.out.println("\nSorry, could not decrypt '" + password + "'.");
        }
        System.out.println("Done.");
    }
}

 

That’s all!!!

Huseyin OZVEREN