WebSphere Application Server & Liberty

WebSphere Application Server & Liberty

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Needs a script to encrypt and decrypt websphere xml passwords

    Posted Tue July 03, 2018 08:19 AM
    Hi Team, 

    Could you please help me how to use password encoding and decoding utility provided for WAS by IBM.




    Thanks,
    Jitendra Singh

    ------------------------------
    jitendra singh
    ------------------------------


  • 2.  RE: Needs a script to encrypt and decrypt websphere xml passwords

    Posted Tue July 03, 2018 10:46 AM
    ​Jitendra,

    I have never used the utility to unencode a password.  Not sure the utility can do that.  To encode a password follow the following steps.

    This example stores the administrator password so you do not have to enter it at the command line when starting/stopping application servers.

    1. Edit the file ${WAS_HOME}/properties/soap.client.props
    add a username and password to the fields

    com.ibm.SOAP.loginUserid=
    com.ibm.SOAP.loginPassword=

    2. Change to directory

    ${WAS_HOME}/bin/

    Run command
    ./PropFilePasswordEncoder.sh ../properties/soap.client.props com.ibm.SOAP.loginPassword

    After running the command your file will look something like

    com.ibm.SOAP.loginUserid=wasadm
    com.ibm.SOAP.loginPassword={xor}KKWg8Mj5Yuh=

    Basically you are passing it 2 arguments the File Name where the password exists and the Value from the file you want encoded.

    Shawn

    ------------------------------
    Shawn Overs
    Client Technology Manager
    ------------------------------

    Original Message


  • 3.  RE: Needs a script to encrypt and decrypt websphere xml passwords

    Posted Wed July 04, 2018 01:47 AM
    Hey,
    the PropFilePasswordEncoder as described by Shawn can be used to encode passwords in the property files. If you want to de-/encode passwords for other usage you might run the following steps:

    to encrypt password


    cd $WAS_INSTALL_DIR/plugins
    ../java/bin/java -Djava.ext.dirs=.:../lib com.ibm.ws.security.util.PasswordEncoder myPassword

    you should receive similar result

    decoded password == "myPassword", encoded password == "{xor}LDo8LTor"

    decrypt password

    cd $WAS_INSTALL_DIR/plugins
    ../java/bin/java -Djava.ext.dirs=.:../lib com.ibm.ws.security.util.PasswordDecoder {xor}LDo8LTor

    you should receive similar result

    encoded password == "{xor}LDo8LTor", decoded password == "myPassword"

    Hope this helps ....



    ------------------------------
    Hermann Huebler
    ------------------------------

    Original Message


  • 4.  RE: Needs a script to encrypt and decrypt websphere xml passwords

    Posted Tue July 31, 2018 05:06 PM
    there's a website that can help you with that too if you're just doing a one-off:  WebSphere {xor} password decoder and encoder  But if you are trying to do something inside WAS you need to use the given tool.  Here's a youtube video that IBM Support did:  https://www.youtube.com/watch?v=3vjZNADlnZY
    Sometimes it's easier to see it done! Have a good day and good luck!

    ------------------------------
    Rene Summers
    ------------------------------

    Original Message


  • 5.  RE: Needs a script to encrypt and decrypt websphere xml passwords

    Posted Wed August 01, 2018 10:24 AM
    Edited by igor vieira Mon May 11, 2020 01:21 PM

    "Could you please help me how to use password encoding and decoding utility provided for WAS by IBM."
    A:

    The decode can be done with the package com.ibm.wsspi.security.crypto. Reference https://www.ibm.com/support/knowledgecenter/SS7K4U_8.5.5/com.ibm.websphere.javadoc.doc/web/spidocs/com/ibm/wsspi/security/crypto/package-summary.html, https://www.ibm.com/support/knowledgecenter/SSEQTP_8.5.5/com.ibm.websphere.base.doc/ae/csec_plugpoint_custpass_encrypt.html

    The decrypt operation takes the EncryptedInfo object containing a byte[] and the logical key alias and converts it to the decrypted byte[]. The WebSphere Application Server runtime converts the byte[] to a String using new String (byte[], "UTF-8") public byte[] decrypt (EncryptedInfo info) throws PasswordDecryptException;

    Or other common ways to:

    • By proper java: $WAS_INSTALL_DIR/plugins/../java/bin/java -Djava.ext.dirs=.:../lib com.ibm.ws.security.util.PasswordDecoder {xor}base64 =


    ------------------------------

    Original Message


  • 6.  RE: Needs a script to encrypt and decrypt websphere xml passwords

    Posted Mon July 20, 2020 11:41 AM
    Hi there, 
    here you are a sh/bash function to get encrypted/decrypted password.
    Please, let me know if it is enough for you.

    Best regards
    Giulio

    WasEncDec(){ 
    W=${WAS_HOME}
    P="";
    P=$P:$W/plugins/com.ibm.ws.runtime.jar;  
    P=$P:$W/lib/bootstrap.jar;
    P=$P:$W/plugins/com.ibm.ws.emf.jar; 
    P=$P:$W/lib/ffdc.jar;
    P=$P:$W/plugins/org.eclipse.emf.ecore.jar; 
    P=$P:$W/plugins/org.eclipse.emf.common.jar;
    PasswordEncoded=$($W/java/bin/java -cp $P com.ibm.ws.security.util.PasswordEncoder "$1"       | awk '{print $NF}' | sed 's|\"||g'); 
    PasswordDecoded=$($W/java/bin/java -cp $P com.ibm.ws.security.util.PasswordDecoder "{xor}$1=" | awk '{print $NF}' | sed 's|\"||g'); 
    :;};

#ie: WasEncDec MyPasswordInClear;       echo PasswordEncoded=$PasswordEncoded; 
#ie: WasEncDec EiYPPiwsKDAtOxYxHDM6Pi0; echo PasswordDecoded=$PasswordDecoded;


    ------------------------------
    GIULIO RODONO
    ------------------------------

    Original Message


  • 7.  RE: Needs a script to encrypt and decrypt websphere xml passwords

    Posted Wed August 12, 2020 07:02 PM
    Hi, 
    How can we decode passwords from fileregistry.xml ? 
    thanks,
    Jalesh.

    ------------------------------
    jalesh kumar vivekaanandan senior manager
    pune
    9970623234
    ------------------------------

    Original Message


  • 8.  RE: Needs a script to encrypt and decrypt websphere xml passwords

    Posted Thu August 13, 2020 04:50 AM
    You can decode only system passwords which WAS needs in plain text. These are for example J2C authorization aliases (e.g. passwords for connected databases). File repository should not contain passwords – only hashes of real passwords.
    You cannot get real passwords from hashes.

    --
    Sebastian
    ps. As I remember SHA-1 used there, so if you have skills and time – you can try to guess passwords (SHA-1 attack) - but this is totally impractical as you have access to file system anyway so you can do whatever you want (e.g. disable security, create new users).
    Original Message


  • 9.  RE: Needs a script to encrypt and decrypt websphere xml passwords

    Posted Tue January 19, 2021 12:06 PM
    Its very easy with in WAS 8.5.x, Please note that its just encoding (not encryption) unless WAS setting enabled AES encryption
    Password encoder:
    ${WAS_HOME}/java/bin/java -Djava.ext.dirs=${WAS_HOME}/plugins:${WAS_HOME}/lib com.ibm.ws.security.util.PasswordEncoder <passwd>

    Password Decoder:
    ${WAS_HOME}/java/bin/java -Djava.ext.dirs=${WAS_HOME}/plugins:${WAS_HOME}/lib com.ibm.ws.security.util.PasswordDecoder <encoded passwd>

    ------------------------------
    MOHAMMED HAFEEZ
    ------------------------------

    Original Message