OpenIDM 4.5 decrypt password using ./cli

This topic has 1 reply, 2 voices, and was last updated 5 years, 6 months ago by Bill Nelson.

  • Author
  • #15807
     Fehmi M’Barek


    is there a possibility to decrypt an encrypted JSON-Object via ./cli?

    For example, I have a JSON file with the following Line:

        "$crypto": {
          "type": "x-simple-encryption",
          "value": {
            "cipher": "AES/CBC/PKCS5Padding",
            "data": "IUASDoiaslksoRHqwg4sfGVg==",
            "iv": "UxX/ase987asdjhfpuvpWFX+4FDow==",
            "key": "openidm-sym-default"

    I want to be able to decrypt it as a clear text, such as “myPassw0rd”.
    I know that there was a way in OpenIDM version 2. But in version 4.5 it uses another JSON library for encryption "json-crypto-core-20.1.0.jar".

    So how to get it done with 4.5?

    Thanks in advanced!

     Bill Nelson

    When you say that “there was a way in OpenIDM version 2”, I assume that you are referring to this work around:, yes?

    I am not aware of any specific way to decrypt using the CLI. Now having said that, there is a way to do this that is pretty straightforward using the API decrypt() function found here:

    Create your own endpoint that launches a Groovy/JavaScript script that takes the encrypted password as a parameter. In your script, run it through openidm.decrypt() and return the response. Then simply call your new endpoint using curl or postman instead of the

    Now, this assumes of course that the same key is used for encrypting and decrypting the password.


Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?