OpenIDM 4.5 decrypt password using ./cli

This topic has 1 reply, 2 voices, and was last updated 5 years, 6 months ago by Bill Nelson.

  • Author
    Posts
  • #15807
     Fehmi M’Barek
    Participant

    Hi,

    is there a possibility to decrypt an encrypted JSON-Object via ./cli?

    For example, I have a JSON file with the following Line:

    
    {
        "$crypto": {
          "type": "x-simple-encryption",
          "value": {
            "cipher": "AES/CBC/PKCS5Padding",
            "data": "IUASDoiaslksoRHqwg4sfGVg==",
            "iv": "UxX/ase987asdjhfpuvpWFX+4FDow==",
            "key": "openidm-sym-default"
          }
        }
    }
    

    I want to be able to decrypt it as a clear text, such as “myPassw0rd”.
    I know that there was a way in OpenIDM version 2. But in version 4.5 it uses another JSON library for encryption "json-crypto-core-20.1.0.jar".

    So how to get it done with 4.5?

    Thanks in advanced!

    #15850
     Bill Nelson
    Participant

    When you say that “there was a way in OpenIDM version 2”, I assume that you are referring to this work around: https://bugster.forgerock.org/jira/browse/OPENIDM-1545, yes?

    I am not aware of any specific way to decrypt using the CLI. Now having said that, there is a way to do this that is pretty straightforward using the API decrypt() function found here:

    https://backstage.forgerock.com/docs/openidm/4.5/integrators-guide/appendix-scripting#function-decrypt

    Create your own endpoint that launches a Groovy/JavaScript script that takes the encrypted password as a parameter. In your script, run it through openidm.decrypt() and return the response. Then simply call your new endpoint using curl or postman instead of the cli.sh.

    Now, this assumes of course that the same key is used for encrypting and decrypting the password.

    bill

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?