Hello,
I would like to present a solution in order to encrypt/decrypt the passwords of registry for example the password in the dfc.properties via Java programming with the following Documentum utilities classes:
com.documentum.fc.tools.RegistryPasswordUtils.encrypt("password to be encrypted") ;
com.documentum.fc.tools.RegistryPasswordUtils.decrypt ("password to be decrypted") ;
Dfc.properties
dfc.globalregistry.repository=globalr dfc.globalregistry.username=dm_bof_registry dfc.globalregistry.password=XXXXXfsfezrezxxxxxrezrzrXXX/0ezxxxxxxIGAL
To encrypt/decrypt this value via JAVA programming:
- Java decrypting method:
/** * Decrypting with BOF utils - shorter, base64 encoded passwords * * @param passwordEncrypted * @return */ public static String decryptWithBOFUtils(String passwordEncrypted) { String ret = null; try { System.out.print("\tBOF Utils (decrypt) -> " + passwordEncrypted + "\t\t\t\t"); ret = com.documentum.fc.tools.RegistryPasswordUtils.decrypt(passwordEncrypted); } catch (Exception e) { System.out.println("ERROR: " + e.getMessage()); } return ret; } - Java encrypting method:
/** * Encrypting with BOF utils - shorter, base64 encoded passwords * * @param passwordToEncrypt * @return */ public static String encryptWithBOFUtils(String passwordToEncrypt) { String ret = null; try { System.out.print("\tBOF Utils (encrypt) -> " + passwordToEncrypt+ "\t\t\t\t"); ret = com.documentum.fc.tools.RegistryPasswordUtils.encrypt(passwordToEncrypt); } catch (Exception e) { System.out.println("ERROR: " + e.getMessage()); } return ret; } - Test decrypting and encrypting method:
// --------------------------------- Encrypting/Decrypting with BOF utils String password = null; String clearText = null; password = "XXXXXfsfezrezxxxxxrezrzrXXX/0ezxxxxxxIGAL"; // try decrypting with BOF utils - shorter, base64 encoded passwords System.out.println("\nTrying to decrypt '" + password + "'...\n"); clearText = decryptWithBOFUtils(password); if ((clearText != null) && (clearText.length() > 0)) { System.out.println("'" + clearText + "'"); }else{ System.exit(1); } clearText = "TEST-javablog-Documentum@123"; // try decrypting with BOF utils - shorter, base64 encoded passwords System.out.println("\nTrying to encrypt '" + clearText + "'...\n"); password = encryptWithBOFUtils(clearText); if ((password != null) && (password.length() > 0)) { System.out.println("'" + password + "'"); }else{ System.exit(1); } // try decrypting with BOF utils - shorter, base64 encoded passwords System.out.println("\nTrying to decrypt again '" + password + "'...\n"); clearText = decryptWithBOFUtils(password); if ((clearText != null) && (clearText.length() > 0)) { System.out.println("'" + clearText + "'"); }else{ System.exit(1); }
Here, a code found to decrypt BOF and database passwords (https://www.snip2code.com/Snippet/242104/Decrypt-Documentum-database-passwords-) :
/*
* (C) 2012 MSRoth - msroth.wordpress.com
*
* recoverPW v2
*
* This code will decrypt BOF and database passwords. It will *NOT* decrypt inline user passwords.
*
* From the D6.5 EMC Documentum Content Server Administration Guide, p. 353:
* "Passwords encrypted with encryptPassword cannot be decrypted explicitly
* by an application or user."
*
* usage: c:>java recoverPW <password>
*
* aek.key file must exist in c:\documentum\config
*
*/
package com.dm_misc.recoverpw;
import com.documentum.fc.client.impl.crypto.CryptoUtils;
import com.documentum.fc.tools.RegistryPasswordUtils;
import com.documentum.dmcl.impl.DmclApi;
import com.documentum.web.formext.session.TrustedAuthenticatorTool;
import com.documentum.web.formext.session.TrustedAuthenticatorUtils;
import java.io.*;
public class RecoverPW {
private static final String AEK_PATH = "c:/documentum/config/aek.key";
private static boolean decrypted = false;
private static String password = "";
public static void main(String args[]) {
try {
if (args.length != 1) {
System.out.println("usage: c:>java recoverPW <password>");
System.exit(1);
}
File file = new File(AEK_PATH);
if (!file.exists()) {
System.out.println("Could not find aek.key file. Please copy from Content Server to " + AEK_PATH);
System.exit(1);
}
// get encrypted password from command line
password = args[0];
System.out.println("\nTrying to decrypt '" + password + "'...\n");
// try decrypting with BOF utils - shorter, base64 encoded passwords
try {
String clearText = "";
System.out.print("\tBOF Utils ->\t\t\t\t");
clearText = RegistryPasswordUtils.decrypt(password);
if ((clearText != null) && (clearText.length() > 0)) {
System.out.println("'" + clearText + "'");
decrypted = true;
}
} catch (Exception e) {
System.out.println("ERROR: " + e.getMessage());
}
// try decrypting with API - longer, dm_encrypt_password passwords
try {
String clearText = "";
System.out.print("\tAPI ->\t\t\t\t\t");
DmclApi.getInstance().exec("initcrypto,c," + AEK_PATH);
clearText = DmclApi.getInstance().get("decrypttext,c,DM_ENCR_TEXT=" + password);
if ((clearText != null) && (clearText.length() > 0)) {
System.out.println("'" + clearText + "'");
decrypted = true;
}
} catch (Exception e) {
System.out.println("ERROR: " + e.getMessage());
}
// try decrypting with CryptoUtils(Password)
try {
String clearText = "";
System.out.print("\tCryptoUtils (password) ->\t\t");
CryptoUtils c = CryptoUtils.getInstance();
clearText = c.decryptPassword("DM_ENCR_PASS=" + password);
if ((clearText != null) && (clearText.length() > 0)) {
System.out.println("'" + clearText + "'");
decrypted = true;
}
} catch (Exception e) {
System.out.println("ERROR: " + e.getMessage());
}
// try decrypting with CryptoUtils(Text)
try {
String clearText = "";
System.out.print("\tCryptoUtils (text) ->\t\t\t");
CryptoUtils c = CryptoUtils.getInstance();
clearText = c.decryptText("DM_ENCR_TEXT=" + password, "p6lo3ly1oj5ne&");
if ((clearText != null) && (clearText.length() > 0)) {
System.out.println("'" + clearText + "'");
decrypted = true;
}
} catch (Exception e) {
System.out.println("ERROR: " + e.getMessage());
}
// try WDK DES
try {
String clearText = "";
System.out.print("\tTrustedAuthenticatorUtils (DES) ->\t");
clearText = TrustedAuthenticatorUtils.decryptByDES(password);
if ((clearText != null) && (clearText.length() > 0)) {
System.out.println("'" + clearText + "'");
decrypted = true;
}
} catch (Exception e) {
System.out.println("ERROR: " + e.getMessage());
}
// try WDK decrypt
try {
String clearText = "";
System.out.print("\tTrustedAuthenticatorUtils (decrypt) ->\t");
clearText = TrustedAuthenticatorUtils.decrypt(password);
if ((clearText != null) && (clearText.length() > 0)) {
System.out.println("'" + clearText + "'");
decrypted = true;
}
} catch (Exception e) {
System.out.println("ERROR: " + e.getMessage());
}
// try WDK Authenticator Tool - just uses TrustedAuthenticatorUtils to encrypt
// This will never decrypt, running the main() only does encrypt.
try {
System.out.print("\tWDK authenticator tool -> \t\t");
// create a stream to hold the output since WDK authenticator tool
// prints to console
ByteArrayOutputStream baos = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(baos);
PrintStream old = System.out;
System.setOut(ps);
// call tool to decrypt text
TrustedAuthenticatorTool.main(new String[]{password});
// put things back
System.out.flush();
System.setOut(old);
// see what happened
String clearText = baos.toString();
int idx = clearText.indexOf("Decrypted:");
if (idx > 0) {
clearText = clearText.substring(idx + "Decrypted: [".length(), clearText.length() - 3);
System.out.println("'" + clearText + "'");
if (clearText.equalsIgnoreCase(password)) {
decrypted = false;
} else {
decrypted = true;
}
} else {
System.out.println("ERROR: could not decrypt with WDK Authenticator Tool");
}
} catch (Exception e) {
System.out.println("ERROR: " + e.getMessage());
}
} catch (Exception e) {
System.out.println("General Error: " + e.getMessage());
}
System.out.println();
if (!decrypted) {
System.out.println("\nSorry, could not decrypt '" + password + "'.");
}
System.out.println("Done.");
}
}
That’s all!!!
Huseyin OZVEREN