• State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 94 subscribers
  • Views 6703 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Job Server encrypted columns not decrypting

hector.jimenez
over 7 years ago

Originally replied here https://www.quest.com/community/products/one-identity/f/identity-manager/5640/decrypt-data/55986#55986

but probably better to put this in a new post:


1IM version 7.0.2

Hi, I need the password stored in DPRSystemVariable table (column Value). I turned on encryption for DPRSystemVariable.Value in Designer, and then ran Crypto Configuration. When I look at the value in object browser I now see it encrypted.

So, I created a script that is executed in a process step, the step has a parameter (encrypted checked), the contents of the script is just outputting the value of that parameter to a file with VID_Write2Log, it outputs:

[E]W0NdQUZxeFJJNXVYdXkzd3o3Z3JMbnVsYXJFemFrSm90ZkY4ZDdmQ0c0bDk4QStNQllqVzRIZ25hVkxBcUpYM1hWMVl1blFkUzVITExzMkhpTVdJUS9wa1BPTXc2aWp4bkJsdGF4U1JrdUdoRWdMOGhVSDZJN0tCK2o1NU1SSDZXbjdzQlNDYldnMEVLbGExcnJoVGxGaWZzRkhhTzNuZUhFSkhHZ3BnUzFwQjF3VFtDXQ==[E]

which is the exact value stored in the database .

Can you provide hint as to why the process step is not decrypting?

  • 0 over 7 years ago
    I do not recommend to globally set the encrypted flag at the column DPRSystemVariable.Value. The values will be encrypted by the Crypto Configuration tool, when the flag IsSecret is enabled for an entry in that table.

    With your configuration change, every variable is now encrypted which leads to unnecessary user interaction, when opening or editing the synchronization projects and is not the recommended way to do that.

    Having said that, i would suggest that you contact support, describe your issue including the encrypted string starting with [E]W0Nd and ask if there is an HotFix available for defect VPR25462.
  • 0 over 5 years ago

    Hi Vector ,

    I am having a similar requirement , wherein  I have enabled 'Issecret'  for some of the DPRSystemvariables and the encrypted password begins with '[E]W0Nd '

    I tried using the password through the process task 'scriptExec' , But it is not able to decrypt it .

    were you able to resolve this issue ?

  • 0 over 5 years ago

    Hi,

    DPRSystemVariable objects are not encrypted the same way as the columns marked for encryption in the database.

    A column that is marked for encryption can 'only' be decrypted by the job server service(s) that have access to the encryption key.

    If you have an issecret valule stored in DPRSystemVariable you can use this code to decrypt it:

    Script to decrypt a variable in a sync project e.g. password

            Public Function CCC_Decrypt_DPRSystemVariable(ByVal EncryptedString As String, ByVal ReturnEncrypted As Boolean) As String

                Dim ReturnString As String
                Dim decrypter As VI.Projector.Security.DatabaseEncryption = New VI.Projector.Security.DatabaseEncryption(Connection.Session)

                ' decryption using the Projector method
                ReturnString = decrypter.Decrypt(EncryptedString)

                ' encryption using the object layer method - this value can be decrypted by the Jobserver
                If ReturnEncrypted Then
                    ReturnString = Connection.Encryption.Encrypt(ReturnString)
                End If

                Return ReturnString

            End Function

    HTH, Barry.

  • 0 over 5 years ago

    Hi Barry , 

    Thanks for your response . This worked for me .