Weblogic Server uses AES encryption to save the passwords in file.The database passwords in the jdbc files or passwords in config.xml files are encrypted using a AES cipher and the AES secret key is stored in SerializedSystemIni.dat. At times we will need to decrypt this password to get the plain password.Below are the steps to decrypt the password.
1.Copy the SerializedSystemIni.dat from $DOMAIN_HOME/security folder to the $WL_HOME/common/bin folder.
The SerializedSystemIni.dat file varies across weblogic domains.
2.Create a simple python script file for example(DecryptWLPwd.py) and copy the below contents and save the file.
1.Copy the SerializedSystemIni.dat from $DOMAIN_HOME/security folder to the $WL_HOME/common/bin folder.
The SerializedSystemIni.dat file varies across weblogic domains.
2.Create a simple python script file for example(DecryptWLPwd.py) and copy the below contents and save the file.
from weblogic.security.internal import *
from weblogic.security.internal.encryption import *
# Remind user about how to use
raw_input("Please ensure SerializedSystemIni.dat is in the current directory now, and press ENTER to continue.")
# Get encryption service
encryptionService = SerializedSystemIni.getEncryptionService(".")
clearOrEncryptService = ClearOrEncryptedService(encryptionService)
# Get user to enter password
pwd = raw_input("Enter encrypted password (Eg. {3DES}Y1fA34S...): ")
# Remove unnecessary escape characters
preppwd = pwd.replace("\\", "")
# Decrypt the password
print "Decrypted password is: " + clearOrEncryptService.decrypt(preppwd)
3.Start the Weblogic Scripting tool from $WL_HOME/common/bin
./wlst.sh
4.Execute the script with the below command.
wls:/offline> execfile('DecryptWLPwd.py')
The script will prompt to confirm the SerializedSystemIni.dat file in the current directory and get the encrypted password and output the decrypted password.
No comments:
Post a Comment