WebSphere Application Server & Liberty

 View Only

  • 1.  Needs a script to encrypt and decrypt websphere xml passwords

    Posted Tue July 03, 2018 08:19 AM
    Hi Team, 

    Could you please help me how to use password encoding and decoding utility provided for WAS by IBM.




    Thanks,
    Jitendra Singh

    ------------------------------
    jitendra singh
    ------------------------------


  • 2.  RE: Needs a script to encrypt and decrypt websphere xml passwords

    Posted Tue July 03, 2018 10:46 AM
    ​Jitendra,

    I have never used the utility to unencode a password.  Not sure the utility can do that.  To encode a password follow the following steps.

    This example stores the administrator password so you do not have to enter it at the command line when starting/stopping application servers.

    1. Edit the file ${WAS_HOME}/properties/soap.client.props
    add a username and password to the fields

    com.ibm.SOAP.loginUserid=
    com.ibm.SOAP.loginPassword=

    2. Change to directory

    ${WAS_HOME}/bin/

    Run command
    ./PropFilePasswordEncoder.sh ../properties/soap.client.props com.ibm.SOAP.loginPassword

    After running the command your file will look something like

    com.ibm.SOAP.loginUserid=wasadm
    com.ibm.SOAP.loginPassword={xor}KKWg8Mj5Yuh=

    Basically you are passing it 2 arguments the File Name where the password exists and the Value from the file you want encoded.

    Shawn

    ------------------------------
    Shawn Overs
    Client Technology Manager
    ------------------------------

    Original Message


  • 3.  RE: Needs a script to encrypt and decrypt websphere xml passwords

    Posted Wed July 04, 2018 01:47 AM
    Hey,
    the PropFilePasswordEncoder as described by Shawn can be used to encode passwords in the property files. If you want to de-/encode passwords for other usage you might run the following steps:

    to encrypt password


    cd $WAS_INSTALL_DIR/plugins
    ../java/bin/java -Djava.ext.dirs=.:../lib com.ibm.ws.security.util.PasswordEncoder myPassword

    you should receive similar result

    decoded password == "myPassword", encoded password == "{xor}LDo8LTor"

    decrypt password

    cd $WAS_INSTALL_DIR/plugins
    ../java/bin/java -Djava.ext.dirs=.:../lib com.ibm.ws.security.util.PasswordDecoder {xor}LDo8LTor

    you should receive similar result

    encoded password == "{xor}LDo8LTor", decoded password == "myPassword"

    Hope this helps ....



    ------------------------------
    Hermann Huebler
    ------------------------------

    Original Message


  • 4.  RE: Needs a script to encrypt and decrypt websphere xml passwords

    Posted Tue July 31, 2018 05:06 PM
    there's a website that can help you with that too if you're just doing a one-off:  WebSphere {xor} password decoder and encoder  But if you are trying to do something inside WAS you need to use the given tool.  Here's a youtube video that IBM Support did:  https://www.youtube.com/watch?v=3vjZNADlnZY
    Sometimes it's easier to see it done! Have a good day and good luck!

    ------------------------------
    Rene Summers
    ------------------------------

    Original Message


  • 5.  RE: Needs a script to encrypt and decrypt websphere xml passwords

    Posted Wed August 01, 2018 10:24 AM
    Edited by igor vieira Mon May 11, 2020 01:21 PM

    "Could you please help me how to use password encoding and decoding utility provided for WAS by IBM."
    A:

    The decode can be done with the package com.ibm.wsspi.security.crypto. Reference https://www.ibm.com/support/knowledgecenter/SS7K4U_8.5.5/com.ibm.websphere.javadoc.doc/web/spidocs/com/ibm/wsspi/security/crypto/package-summary.html, https://www.ibm.com/support/knowledgecenter/SSEQTP_8.5.5/com.ibm.websphere.base.doc/ae/csec_plugpoint_custpass_encrypt.html

    The decrypt operation takes the EncryptedInfo object containing a byte[] and the logical key alias and converts it to the decrypted byte[]. The WebSphere Application Server runtime converts the byte[] to a String using new String (byte[], "UTF-8") public byte[] decrypt (EncryptedInfo info) throws PasswordDecryptException;

    Or other common ways to:

    • By proper java: $WAS_INSTALL_DIR/plugins/../java/bin/java -Djava.ext.dirs=.:../lib com.ibm.ws.security.util.PasswordDecoder {xor}base64 =


    ------------------------------

    Original Message


  • 6.  RE: Needs a script to encrypt and decrypt websphere xml passwords

    Posted Mon July 20, 2020 11:41 AM
    Hi there, 
    here you are a sh/bash function to get encrypted/decrypted password.
    Please, let me know if it is enough for you.

    Best regards
    Giulio

    WasEncDec(){ 
    W=${WAS_HOME}
    P="";
    P=$P:$W/plugins/com.ibm.ws.runtime.jar;  
    P=$P:$W/lib/bootstrap.jar;
    P=$P:$W/plugins/com.ibm.ws.emf.jar; 
    P=$P:$W/lib/ffdc.jar;
    P=$P:$W/plugins/org.eclipse.emf.ecore.jar; 
    P=$P:$W/plugins/org.eclipse.emf.common.jar;
    PasswordEncoded=$($W/java/bin/java -cp $P com.ibm.ws.security.util.PasswordEncoder "$1"       | awk '{print $NF}' | sed 's|\"||g'); 
    PasswordDecoded=$($W/java/bin/java -cp $P com.ibm.ws.security.util.PasswordDecoder "{xor}$1=" | awk '{print $NF}' | sed 's|\"||g'); 
    :;};

#ie: WasEncDec MyPasswordInClear;       echo PasswordEncoded=$PasswordEncoded; 
#ie: WasEncDec EiYPPiwsKDAtOxYxHDM6Pi0; echo PasswordDecoded=$PasswordDecoded;


    ------------------------------
    GIULIO RODONO
    ------------------------------

    Original Message


  • 7.  RE: Needs a script to encrypt and decrypt websphere xml passwords

    Posted Wed August 12, 2020 07:02 PM
    Hi, 
    How can we decode passwords from fileregistry.xml ? 
    thanks,
    Jalesh.

    ------------------------------
    jalesh kumar vivekaanandan senior manager
    pune
    9970623234
    ------------------------------

    Original Message


  • 8.  RE: Needs a script to encrypt and decrypt websphere xml passwords

    Posted Thu August 13, 2020 04:50 AM
    You can decode only system passwords which WAS needs in plain text. These are for example J2C authorization aliases (e.g. passwords for connected databases). File repository should not contain passwords – only hashes of real passwords.
    You cannot get real passwords from hashes.

    --
    Sebastian
    ps. As I remember SHA-1 used there, so if you have skills and time – you can try to guess passwords (SHA-1 attack) - but this is totally impractical as you have access to file system anyway so you can do whatever you want (e.g. disable security, create new users).
    Original Message


  • 9.  RE: Needs a script to encrypt and decrypt websphere xml passwords

    Posted Tue January 19, 2021 12:06 PM
    Its very easy with in WAS 8.5.x, Please note that its just encoding (not encryption) unless WAS setting enabled AES encryption
    Password encoder:
    ${WAS_HOME}/java/bin/java -Djava.ext.dirs=${WAS_HOME}/plugins:${WAS_HOME}/lib com.ibm.ws.security.util.PasswordEncoder <passwd>

    Password Decoder:
    ${WAS_HOME}/java/bin/java -Djava.ext.dirs=${WAS_HOME}/plugins:${WAS_HOME}/lib com.ibm.ws.security.util.PasswordDecoder <encoded passwd>

    ------------------------------
    MOHAMMED HAFEEZ
    ------------------------------

    Original Message