• State Not Answered
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Subscribers 94 subscribers
  • Views 12125 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Decrypt data

evgenj
over 8 years ago

Hi everyone.

I have encrypt some values in D1IM database (CentralPassword for example) with the Crypto configuration tool. I need to decrypt Central password when creating UNS account, because I have to use this field in VB script.

How could I decrypt data? Is there OOTB function available?


Thanks for your response.
BR,
Evgen

  • 0 over 8 years ago

    Hi Evgen,

    the D1IM service is perfectly suited to decrypt encrypted data since it has the private key stored internally. Just mark a process step parameter as encrypted and the service will decrypt it before passing the data to the process task (e.g. a script).

    HTH,

     Oliver

  • 0 over 8 years ago

    Thanks Oliver,

    I see what is your idea. But I still have one question: how could I use this parameter in the script?

    Now I have a function declared like this:

    Public Function PREFIX_UnsAccount_XYZ_Insert(ByVal dbsUnsAccount As SingleDbObjectSnapshot) As String


    Should I declare a new parameter in the function, like

    Public Function PREFIX_UnsAccount_XYZ_Insert(ByVal dbsUnsAccount As SingleDbObjectSnapshot, ByVal myParameter As String) As String?

    Honestly, I have tried this, but no success.

    Thanks for help.

  • 0 over 8 years ago

    Hello Evgen,

    the general rule is: Only the Jobserver is able to decrypt datas because only the Jobserver has the needed private key.

    The behavior of the Jobservice is:
    1. Load the job incl. all parameters from the JobQueue.
    2. Decrypt all parameters which are encrypted and which are marked as encrypted (!)
    3. Execute the job.

    I guess your script is called from a ScriptExec job, that means it will be executed by the Jobserver.

    In this case your idea is right: You should add an new parameter in the script which contains the value of the password.

    As described above this parameter contains the clear text password during the execution of the script.

    Additionally you have to add a new parameter in your ScriptExec job for this 2nd parameter and have to mark it as "encrypted".

    If it doesn't work I would add such a line in the script for debugging purposes:

    vid_write2log("c:\temp\test.log", myParameter)

    That will write the clear text password in a file.

    I hope it helps,

    Steffen

  • 0 over 8 years ago

    Hi Steffen,

    I have similar situation where script is called from web portal to fetch data from 3rd party application interactively. So far we are able to circumvent the problem by triggering job which has decrypt functionality to get the passwords from encrypted config parameters but not able to find a way in interactive use case.

    I would appreciate any ideas.

    Thanks,

    Srini.

  • 0 over 8 years ago

    Hi Srini,


    of course it would be possible to write a script using .Net functions for a decryption.

    But this script would need the private key, a decryption without it is not possible.
    So you could save the private key as a file which is accessable by this script.

    Because Q1IM is a shared system and a script could be called from every machine with a Q1IM installation you would need the key on every (!) machine.

    And as more times the private key is saved everywhere as more vulnerable the system is.

    That's why it's not recommended.

    Steffen

  • 0 over 7 years ago
    Hi, I need the password stored in DPRSystemVariable (Value column). I turned on encryption for DPRSystemVariable.Value in Designer, and then ran Crypto Configuration. When I look at the value in object browser I now see it encrypted.

    So, I created a script that is executed in a process step, the step has a parameter (encrypted checked), the contents of the script is just outputting the value of that parameter to a file with VID_Write2Log, it outputs:

    [E]W0NdQUZxeFJJNXVYdXkzd3o3Z3JMbnVsYXJFemFrSm90ZkY4ZDdmQ0c0bDk4QStNQllqVzRIZ25hVkxBcUpYM1hWMVl1blFkUzVITExzMkhpTVdJUS9wa1BPTXc2aWp4bkJsdGF4U1JrdUdoRWdMOGhVSDZJN0tCK2o1NU1SSDZXbjdzQlNDYldnMEVLbGExcnJoVGxGaWZzRkhhTzNuZUhFSkhHZ3BnUzFwQjF3VFtDXQ==[E]

    which is the exact value stored in the database .

    Can you provide hint as to why the process step is not decrypting?