Hello,
Here is the Java file for the Scratch class, that contains among others the
method decryptDES. Ketan had provided us some instructions on how to call
the class.
Best regards,
Alain
On Thursday, August 19, 2021 at 3:57:29 PM UTC+2 Alain Trinh wrote:
> Hello Ketan,
>
> I am off on vacation. We do have a copy of the jar file, I can post it
> once I get back to work.
>
> Alain
>
> On Monday, August 16, 2021 at 4:58:29 AM UTC+2 [email protected]
> wrote:
>
>> This issue <https://github.com/gocd/gocd/issues/3698> may be relevant:
>> someone was using this snippet to encrypt the strings using openssl. It
>> should be possible to decrypt it with openssl. I'm not too familiar with
>> the openssl command line, but you'd probably do this:
>>
>> echo -n 'YOUR-ENCRYPTED-PASS-INPUT' | openssl enc -des-cbc -d -a -iv 0 -K
>> $(cat /etc/go/cipher)'
>>
>> - Ketan
>>
>>
>>
>> On Thu, Aug 5, 2021 at 1:12 PM Roshin Kulakkunnath <[email protected]>
>> wrote:
>>
>>> HI All
>>>
>>> Appreciate if anyone can assist as I am moving some legacy stuff from my
>>> pipeline which is on Go Version:
>>> 16.1.0(2855-ada9b36174cc069c860e7fa032cbf2857f135cfb)
>>>
>>> The encryption is blocking me to decrypt the config file. Is there a way
>>> to get the actual value from
>>>
>>> <variable name="KEYSTORE_KEY" secure="true">
>>> <encryptedValue>blahblah</encryptedValue> </variable> <variable
>>> name="CREDENTIAL_KEY" secure="true"> <encryptedValue>
>>> blahblah</encryptedValue> </variable>
>>>
>>> Thanks in Advance
>>> Roshin
>>>
>>> --
>>>
>> You received this message because you are subscribed to the Google Groups
>>> "go-cd" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>>
>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/go-cd/417e82fa-f2f4-42be-900d-a61ebbab2217n%40googlegroups.com
>>>
>>> <https://groups.google.com/d/msgid/go-cd/417e82fa-f2f4-42be-900d-a61ebbab2217n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"go-cd" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/go-cd/73bbf198-2864-4d65-93fc-00617ef1896an%40googlegroups.com.
import org.bouncycastle.crypto.engines.DESEngine;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.util.encoders.Hex;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
class Scratch {
private static final Base64.Decoder DECODER = Base64.getDecoder();
private static final Base64.Encoder ENCODER = Base64.getEncoder();
public static void main(String[] args) throws IOException {
byte[] cipherBytes = Hex.decode(Files.readString(new File("cipher").toPath()).trim());
byte[] cipherAesBytes = Hex.decode(Files.readString(new File("cipher.aes").toPath()).trim());
try (BufferedReader r = new BufferedReader(new InputStreamReader(System.in))) {
String line;
while ((line = r.readLine()) != null) {
line = line.trim();
System.out.println(reEncryptUsingNewKey(cipherBytes, cipherAesBytes, line));
}
}
}
public static String reEncryptUsingNewKey(byte[] oldCipher, byte[] newCipher, String encryptedValue) {
String plainText = decryptDES(oldCipher, encryptedValue);
return encryptAES(newCipher, plainText);
}
private static String decryptDES(byte[] key, String cipherText) {
try {
PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new DESEngine()));
cipher.init(false, new KeyParameter(key));
byte[] cipherTextBytes = DECODER.decode(cipherText);
byte[] plainTextBytes = new byte[cipher.getOutputSize(cipherTextBytes.length)];
int outputLength = cipher.processBytes(cipherTextBytes, 0, cipherTextBytes.length, plainTextBytes, 0);
cipher.doFinal(plainTextBytes, outputLength);
int paddingStarts = plainTextBytes.length - 1;
for (; paddingStarts >= 0; paddingStarts--) {
if (plainTextBytes[paddingStarts] != 0) {
break;
}
}
return new String(plainTextBytes, 0, paddingStarts + 1);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
private static String encryptAES(byte[] cipher, String plainText) {
try {
byte[] initializationVector = createIV();
Cipher encryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
encryptCipher.init(Cipher.ENCRYPT_MODE, createSecretKeySpec(cipher), new IvParameterSpec(initializationVector));
byte[] bytesToEncrypt = plainText.getBytes(StandardCharsets.UTF_8);
byte[] encryptedBytes = encryptCipher.doFinal(bytesToEncrypt);
return String.join(":", "AES", ENCODER.encodeToString(initializationVector), ENCODER.encodeToString(encryptedBytes));
} catch (Exception e) {
throw new RuntimeException(e);
}
}
private static byte[] createIV() throws NoSuchAlgorithmException {
KeyGenerator keygen = KeyGenerator.getInstance("AES");
keygen.init(128);
return keygen.generateKey().getEncoded();
}
private static SecretKeySpec createSecretKeySpec(byte[] cipher) {
return new SecretKeySpec(cipher, "AES");
}
}
