Decrypt the encrypted password

Hi there,
I have been scratching my head for some time to fix one issue. We are planning to change the plateform/technology and we need to bring over existing login to new system. In order to have the same password I need to decrypt the password before I send it to new system. When we stored the password, it encrypts them and stores it in database. I am using following code to decrypt it. it's not worlking . This is error I am getting.
Given final block not properly padded
Here is some more information:
Key is :javax.crypto.spec.SecretKeySpec@18f3a
Format is :RAW
getAlgorithm() is :DES
String encrypted = abcdefgh
Provider is: com.sun.crypto.provider.SunJCE()
This is my code to decrypt which throws error " Given final block not properly padded" :
public String decrypt(String encrypted){
          Cipher ci = null;
          byte [] result = null;
          try {
               ci = Cipher.getInstance("DES");
               ci.init(Cipher.DECRYPT_MODE, key);
               System.out.println("CryptoUtil()" +"before hexToByteArray. Byte Data: "+encrypted);
               byte [] encryptedData = hexToByteArray(encrypted, false);
               //Log.out("CryptoUtil()" +"after hexToByteArray. lenth: "+ encryptedData.length);
               result = ci.doFinal(encryptedData);
          catch (Exception e) {
               System.out.println("CryptoUtil()" +"ERROR: "+ e.getMessage());
               return encrypted;
          String strResult = new String(result);
          return strResult;
Please help.
Thank you.

These are the two values I am getting for encrypted password:
97654de7857cd9aab331995cba044fc6
a125a6b2a71e23adc002ac7fbe1a1042
Is this a hex code?
I think the key is: abcdefgh
This is my code to encrypt and decrypt:
      * empty constructor
      * @param keydata
     public CryptoUtil(String keydata){
          if (keydata.trim().equals("")){
               logDebug("CryptoUtil()" +" Constructor didn't get a valid key!");
               usage();
               System.exit(0);
          }else{
               keyBytes = keydata.getBytes();
               key = new SecretKeySpec(keyBytes, 0, keyBytes.length, "DES");
          try {
               Provider sp = new com.sun.crypto.provider.SunJCE();
               //logDebug("CryptoUtil() " + sp.getInfo());
                Security.addProvider(sp);
              }catch (Exception ex) {
                     logDebug("CryptoUtil() " +"Problem loading crypto provider \n error:"+ex.getMessage());
               usage();
                System.exit(0);
      * Encrypt
      * @param s
     public String encrypt(String s){
          Cipher ci = null;
              byte [] result = null;
              try {
               ci = Cipher.getInstance("DES");
               ci.init(Cipher.ENCRYPT_MODE, key);
               result = ci.doFinal(s.getBytes());
              }catch (Exception e) {
                    logDebug("CryptoUtil()" +"ERROR: "+ e.getMessage());
          String strResult = byteArrayToHex(result);
              return strResult;
      * decrypt a card number
      * @param encrypted
     public String decrypt(String encrypted){
          Cipher ci = null;
              byte [] result = null;
              try {
               ci = Cipher.getInstance("DES");
               ci.init(Cipher.DECRYPT_MODE, key);
               //Log.out("CryptoUtil()" +"before hexToByteArray. Byte Data: "+encrypted);
               byte [] encryptedData = hexToByteArray(encrypted, false);
               //Log.out("CryptoUtil()" +"after hexToByteArray. lenth: "+ encryptedData.length);
               result = ci.doFinal(encryptedData);
              catch (Exception e) {
               logError("CryptoUtil()" +"ERROR: "+ e.getMessage());
               return encrypted;
          String strResult = new String(result);
          return strResult;
     static final String hexDigitChars = "0123456789abcdef";
      * @param a
     public static final String byteArrayToHex(byte [] a) {
          int hn, ln, cx;
          StringBuffer buf = new StringBuffer(a.length * 2);
          for(cx = 0; cx < a.length; cx++) {
                hn = ((int)(a[cx]) & 0x00ff) / 16;
                ln = ((int)(a[cx]) & 0x000f);
                buf.append(hexDigitChars.charAt(hn));
                buf.append(hexDigitChars.charAt(ln));
                buf.append(' ');
         return buf.toString();
      * @param str
      * @param rev
     public static final byte [] hexToByteArray(String str, boolean rev) {
          StringBuffer acc = new StringBuffer(str.length() + 1);
          int cx, rp, ff, val;
          char [] s = new char[str.length()];
          str.toLowerCase().getChars(0, str.length(), s, 0);
          for(cx = str.length() - 1, ff = 0; cx >= 0; cx--) {
          if (hexDigitChars.indexOf(s[cx]) >= 0) {
               acc.append(s[cx]);
               ff++;
           }else {
               if ((ff % 2) > 0) acc.append('0');
                    ff = 0;
          if ((ff % 2) > 0) acc.append('0');
          byte [] ret = new byte[acc.length() / 2];
          for(cx = 0, rp = ret.length - 1; cx < acc.length(); cx++, rp--) {
                val = hexDigitChars.indexOf(acc.charAt(cx));
                cx++;
                val += 16 * hexDigitChars.indexOf(acc.charAt(cx));
                ret[rp] = (byte)val;
          if (rev) {
                byte tmp;
                int fx, bx;
                for(fx = 0, bx = ret.length - 1; fx < (ret.length / 2); fx++, bx--) {
                    tmp = ret[bx];
                    ret[bx] = ret[fx];
                    ret[fx] = tmp;
          return ret;
Will that give you any more information to help me?

Similar Messages

  • API for decrypt the encrypted credit card details

    Hi Friends,
    Is there any PLSQL API for decrypt the encrypted credit card detail in oracle application R12.
    Thanks,

    First, to prevent this from happening again, turn off "In App purchases" in the Restrictions settings on your iPad. You may also want to turn off the ability to install apps, to prevent purchases in case the child gets hold of your iTunes Store account information, and set the password to be required immediately. For more information, see:
    http://support.apple.com/kb/HT4213
    As to a refund, that's not automatic since the terms of sale for the iTunes Store state that all sales are final. You can contact the iTunes Store, explain the reason for your request, and ask, though:
    http://www.apple.com/support/itunes/contact.html
    They're usually pretty lenient in the case of inadvertent purchases by children. No guarantees, though, just as if your child was in a store and ate a bunch of food (in other words, something that can't just be returned).
    Good luck.

  • How to compare the texted password with the encrypted password of dba_users

    Hi,
    I have Oracle 10g in my system. I know dba_users table has information of all the created users of the oracle, along with their encrypted passwords.If I want to make a login page based on this table ,how could I compare the password in that case?
    In above situation, I am getting the username with the regular texted password for authentication check. How can we checked this texted password with the encrypted password of dba_users, for the respective username?
    Your input would be appreciated.

    Try use the username/password from login page to create an connection to database.

  • Decrypt the hashed password in SQL Server 2008

    Hello all,
    I have used HASHBYTES to decrypt the password of the user using SHA1, so now there is a requirement to decypt back the password  to its original form, 
    for eg
    Pass word is 'Jhon' so after applying HASHBYTES('SHA1','Jhon') it gices the output as "0xB13B42158655F36814F3C4541C6457F7CAD0F719"
    Now i want back to get Jhon from the encypted value.
    Please suggest an idea to do so.
    Thanks for advance.
    Pankaj Kumar Yadav-

    To expand on what Dan says above, one can use pwdencrypt/pwdcompare from SQL but in a different context (http://stackoverflow.com/questions/173329/how-to-decrypt-a-password-from-sql-server). 
    The context would be more like the one that is used to determine whether your user passes a CORRECT password.  In this case, the hash value saved in the database must be the same as the hash value of the password being passed in.  In this
    manner, while you can't decrypt, you can determine whether the user knows the password or not without storing the password.  Not the best way to enable a password, but a workaround for sure. Similar to Dan's method above but may provide a bit more
    detail as to the why's and wherefore's using the examples listed there.
    R, J

  • Decrypt the encrypted store procedure through the T-SQL programming in SQL Server 2005

    HI ,
    I have a encrypted store procedure in my production server .Right now I do not have the script now I want do some modification.
    Please any one can help me to decrypt the store procedure it will be a great help for me.
    For any suggestion thanks
     in advance.
    " Education is the beginning of transformation. Dedicate yourself to daily learning via Blogs/Forums/books and coaching "
    Click here to read my blog

    I have modified Jon's post so it also supports functions correctly, jon's version gave a syntax error on functions because the dummy func sql was invalid
    1. Connect using "admin:server\instance"  instead of "server\instance" (enable dac if you havent already, its an sp_reconfigure command)
    2. create the below proc
    3. exec SqlDecryptor 'dbo', 'function_or_stored_proc_name'
    ALTER -- CREATE
    proc SqlDecryptor (@objschemaname nvarchar(255), @objname nvarchar(255))
    AS
    DECLARE @objid INT,@objtype NVARCHAR(50),@objtypicalstm NVARCHAR(4000),@objencrypted BIT
    SELECT TOP 1 @objid=o,@objname = n,@objtype = t,@objtypicalstm=s,@objencrypted = (SELECT ([encrypted]) FROM syscomments WHERE [id] = x.o and colid = 1)
    FROM
    SELECT object_id o, name n,
    CASE WHEN [type] = 'P' THEN N'PROCEDURE'
    WHEN [type] = 'V' THEN 'VIEW'
    WHEN [type] IN ('FN','TF','IF') THEN N'FUNCTION'
    ELSE [type]
    END t,
    CASE WHEN [type] = 'P' THEN N'WITH ENCRYPTION AS'
    WHEN [type] = 'V' THEN N'WITH ENCRYPTION AS SELECT 123 ABC'
    WHEN [type] IN ('FN','TF','IF') THEN N' () RETURNS INT WITH ENCRYPTION AS BEGIN RETURN 1 END'
    ELSE [type]
    END s
    FROM sys.all_objects WHERE [type] NOT IN ('S','U','PK','F','D','SQ','IT','X','PC','FS','AF')
    AND name = @objname AND (SCHEMA_NAME([schema_id]) = COALESCE(@objschemaname,'dbo'))
    --UNION ALL SELECT object_id,name,'TRIGGER',N'ON ALL SERVER WITH ENCRYPTION FOR DDL_LOGIN_EVENTS AS SELECT 1' FROM sys.server_triggers WHERE name = @objname
    --UNION ALL SELECT object_id,name,'TRIGGER',N'ON DATABASE WITH ENCRYPTION FOR CREATE_TABLE AS SELECT 1' FROM sys.triggers WHERE name = @objname
    ) x
    --SELECT @objid,@objname,@objtype,@objtypicalstm,@objencrypted
    SET NOCOUNT ON
    IF @objencrypted <> 0
    BEGIN
    IF EXISTS
    SELECT * FROM sys.dm_exec_connections ec JOIN sys.endpoints e
    on (ec.[endpoint_id]=e.[endpoint_id])
    WHERE e.[name]='Dedicated Admin Connection'
    AND ec.[session_id] = @@SPID
    BEGIN
    DECLARE @ChunkNumber INT,@ChunkPiece NVARCHAR(MAX),@CompareChunksAtPosition INT,@DummyChunk NVARCHAR(MAX),@DummyObject VARBINARY(MAX),@EncryptedChunk NVARCHAR(MAX),@EncryptedObject VARBINARY(MAX),@p INT,@p1 NVARCHAR(MAX),@p2 NVARCHAR(MAX),@QueryForDummyObject NVARCHAR(MAX),@ReplacementText NVARCHAR(4000)
    SELECT @EncryptedObject = [imageval] FROM [sys].[sysobjvalues] WHERE [objid] = @objid AND [valclass] = 1
    BEGIN TRANSACTION
    SET @p = 1
    SET @p1= N'ALTER'+SPACE(1)+@objtype+SPACE(1)+ISNULL((@objschemaname+'.'),'')+@objname +SPACE(1)+@objtypicalstm;
    SET @p1=@p1+REPLICATE('-',4000-LEN(@p1))
    SET @p2 = REPLICATE('-',8000)
    SET @QueryForDummyObject = N'EXEC(@p1'
    WHILE @p <=CEILING(DATALENGTH(@EncryptedObject) / 8000.0)
    BEGIN
    SET @QueryForDummyObject=@QueryForDummyObject+N'+@f'
    SET @p =@p +1
    END
    SET @QueryForDummyObject=@QueryForDummyObject+')'
    EXEC sp_executesql @QueryForDummyObject,N'@p1 NVARCHAR(4000),@f VARCHAR(8000)',@p1=@p1,@f=@p2
    SET @DummyObject=(SELECT [imageval] FROM [sys].[sysobjvalues] WHERE [objid] = @objid and [valclass] = 1)
    ROLLBACK TRANSACTION
    SET @ChunkNumber=1
    WHILE @ChunkNumber<=CEILING(DATALENGTH(@EncryptedObject) / 8000.0)
    BEGIN
    SELECT @EncryptedChunk = SUBSTRING(@EncryptedObject, (@ChunkNumber - 1) * 8000 + 1, 8000)
    SELECT @DummyChunk = SUBSTRING(@DummyObject, (@ChunkNumber - 1) * 8000 + 1, 8000)
    IF @ChunkNumber=1
    BEGIN
    SET @ReplacementText=N'CREATE'+SPACE(1)+@objtype+SPACE(1)+ISNULL((@objschemaname+'.'),'')+@objname +SPACE(1)+@objtypicalstm+REPLICATE('-',4000)
    END
    ELSE
    BEGIN
    SET @ReplacementText=REPLICATE('-', 4000)
    END
    SET @ChunkPiece = REPLICATE(N'A', (DATALENGTH(@EncryptedChunk) / 2))
    SET @CompareChunksAtPosition=1
    WHILE @CompareChunksAtPosition<=DATALENGTH(@EncryptedChunk)/2
    BEGIN
    SET @ChunkPiece = STUFF(@ChunkPiece, @CompareChunksAtPosition, 1, NCHAR(UNICODE(SUBSTRING(@EncryptedChunk, @CompareChunksAtPosition, 1)) ^ (UNICODE(SUBSTRING(@ReplacementText, @CompareChunksAtPosition, 1)) ^ UNICODE(SUBSTRING(@DummyChunk, @CompareChunksAtPosition, 1)))))
    SET @CompareChunksAtPosition=@CompareChunksAtPosition+1
    END
    PRINT @ChunkPiece
    SET @ChunkNumber=@ChunkNumber+1
    END
    END
    ELSE
    BEGIN
    PRINT 'Use a DAC Connection'
    END
    END
    ELSE
    BEGIN
    PRINT 'Object not encrypted or not found'
    END
    SET QUOTED_IDENTIFIER OFF
    GO

  • Why can't I create a new backup if I don't remember the encryption password from an old backup?

    I imagine this is so it can simply edit the old backup, but can't I just create a new backup?

    Same issue.  Have deleted the old backup and can't create a new encrypted backup without the password for the old backup. Can't create an unencrypted backup without the password for the old backup.  This is a functional software defect that Apple needs to fix.
    NOTE: I AM NOT TRYING TO ACCESS THE OLD BACKUP, I JUST WANT TO CREATE A NEW ONE.

  • Weblogic 10.3 AS - Error while Decrypting the encrypted message

    Hi,
    I'm trying WS Security with policy. I'm able to configure the keystore and test the axis client(engaging rampart) for signature alone. If I try Encryption with Signature, I'm getting the following error.
    <faultcode>wsse:FailedCheck</faultcode><faultstring>weblogic.xml.crypto.encrypt.api.XMLEncryptionException: weblogic.xml.crypto.api.KeySelectorException: Failed to resolve key using SecurityTokenReference weblogic.xml.crypto.wss.SecurityTokenReferenceImpl@14f83d1</faultstring>
    Complete stack trace available on the server log:::
    java.security.InvalidAlgorithmParameterException: [Security:090596]The WebLogicCertPathProvider was passed an unsupported CertPathSelector.
         at weblogic.security.providers.pk.WebLogicCertPathProviderRuntimeImpl$JDKCertPathBuilder.engineBuild(WebLogicCertPathProviderRuntimeImpl.java:682)
         at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
         at com.bea.common.security.internal.legacy.service.CertPathBuilderImpl$CertPathBuilderProviderImpl.build(CertPathBuilderImpl.java:67)
         at com.bea.common.security.internal.service.CertPathBuilderServiceImpl.build(CertPathBuilderServiceImpl.java:86)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
         at $Proxy41.build(Unknown Source)
         at weblogic.security.service.WLSCertPathBuilderServiceWrapper.build(WLSCertPathBuilderServiceWrapper.java:62)
         at weblogic.security.service.CertPathManager.build(CertPathManager.java:195)
         at weblogic.security.service.CertPathManager$JDKCertPathBuilder.engineBuild(CertPathManager.java:265)
         at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
         at weblogic.xml.crypto.utils.CertUtils.buildCertPath(CertUtils.java:159)
         at weblogic.xml.crypto.utils.CertUtils.lookupCertificate(CertUtils.java:124)
         at weblogic.xml.crypto.utils.CertUtils.lookupCertificate(CertUtils.java:120)
         at weblogic.xml.crypto.wss11.internal.bst.BSTHandler.lookupCertificate(BSTHandler.java:81)
         at weblogic.xml.crypto.wss11.internal.bst.BSTHandler.getTokenByKeyId(BSTHandler.java:59)
         at weblogic.xml.crypto.wss.BinarySecurityTokenHandler.getSecurityToken(BinarySecurityTokenHandler.java:79)
         at weblogic.xml.crypto.common.keyinfo.KeyResolver.setupKeyProviderFromContext(KeyResolver.java:344)
         at weblogic.xml.crypto.common.keyinfo.KeyResolver.getKeyFromSTR(KeyResolver.java:295)
         at weblogic.xml.crypto.common.keyinfo.KeyResolver.select(KeyResolver.java:127)
         at weblogic.xml.crypto.encrypt.WLEncryptedType.getKey(WLEncryptedType.java:336)
         at weblogic.xml.crypto.encrypt.WLEncryptedKey.decryptBytes(WLEncryptedKey.java:151)
         at weblogic.xml.crypto.encrypt.WLEncryptedKey.decryptKey(WLEncryptedKey.java:142)
         at weblogic.xml.crypto.common.keyinfo.EncryptedKeyProvider.getKey(EncryptedKeyProvider.java:153)
         at weblogic.xml.crypto.common.keyinfo.BaseKeyProvider.getKeyByURI(BaseKeyProvider.java:66)
         at weblogic.xml.crypto.common.keyinfo.KeyResolver$2.getKey(KeyResolver.java:547)
         at weblogic.xml.crypto.common.keyinfo.KeyResolver.getKey(KeyResolver.java:516)
         at weblogic.xml.crypto.common.keyinfo.KeyResolver.getKeyFromSTR(KeyResolver.java:324)
         at weblogic.xml.crypto.common.keyinfo.KeyResolver.select(KeyResolver.java:127)
         at weblogic.xml.crypto.encrypt.WLEncryptedType.getKey(WLEncryptedType.java:336)
         at weblogic.xml.crypto.encrypt.WLEncryptedData.decrypt(WLEncryptedData.java:109)
         at weblogic.xml.crypto.encrypt.WLEncryptedData.decryptAndReplace(WLEncryptedData.java:148)
         at weblogic.xml.crypto.wss.SecurityImpl.decrypt(SecurityImpl.java:882)
         at weblogic.xml.crypto.wss.SecurityImpl.unmarshalAndProcessEncryptedKey(SecurityImpl.java:866)
         at weblogic.xml.crypto.wss.SecurityImpl.unmarshalChildren(SecurityImpl.java:561)
         at weblogic.xml.crypto.wss.SecurityImpl.unmarshalInternal(SecurityImpl.java:450)
         at weblogic.xml.crypto.wss.SecurityImpl.unmarshal(SecurityImpl.java:418)
         at weblogic.xml.crypto.wss11.internal.WSS11Factory.unmarshalAndProcessSecurity(WSS11Factory.java:33)
         at weblogic.wsee.security.wssp.handlers.WssServerHandler.processRequest(WssServerHandler.java:46)
         at weblogic.wsee.security.wssp.handlers.WssHandler.handleRequest(WssHandler.java:92)
         at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.java:141)
         at weblogic.wsee.ws.dispatch.server.ServerDispatcher.dispatch(ServerDispatcher.java:114)
         at weblogic.wsee.ws.WsSkel.invoke(WsSkel.java:80)
         at weblogic.wsee.server.servlet.SoapProcessor.handlePost(SoapProcessor.java:66)
         at weblogic.wsee.server.servlet.SoapProcessor.process(SoapProcessor.java:44)
         at weblogic.wsee.server.servlet.BaseWSServlet$AuthorizedInvoke.run(BaseWSServlet.java:285)
         at weblogic.wsee.server.servlet.BaseWSServlet.service(BaseWSServlet.java:169)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3590)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Please advise

    There are examples showcasing WS-Security if you selected that option during installation time (custom install).
    If you did that, then look here:
    <MIDDLEWARE_HOME>\wlserver_10.3\samples\server\examples\src\examples\webservices\security_jws
    I recommend that you make sure you followed all of those same steps and try your example first with a WLS client before trying with an Apache Axis client.
    You can also try cross-posting in the WLS Web Services or WLS Security forums.

  • Delete the encryption password with backups

    Hi, I setup the password for iphone backup in itunes a while ago. Now I cannot get it thru as it keep saying my password wrong. I did it in a hurry so I might have either forgot the password, or I typed the password wrong to begin with... So I am trying clear it. I thought I was able to delete the old backups so the password will be cleared. While I do a new backup I can reset the password for it. But i didn't work. I am not sure if I am in the right path. Can anyone help me on this?
    Thanks!
    (I am using Windows Vista + iphone 3G.)

    "If you cannot remember the password and want to start again, you will have to do a full software restore and when prompted by iTunes to select the backup to restore from, choose "Set up as a new device". "
    ---http://discussions.apple.com/thread.jspa?messageID=10331892&#10331892
    That is a bad design...

  • How to Encrypt - Decrypt the Passwords

    Hi,
    i am developing an integration between SAP and SFTP.
    i want to save the encrypted password of SFTP to database tables and then i want to use the decrypted password to connect SFTP.
    how to convert the encrypted password to decrypted?
    can somebody help me please?
    Best regards.

    Hi
    you will have to encrypt the entered password first and compare the encrypted passwords.
    Im not sure, but maybe FM VRM_COMPUTE_MD5 will do the encrypting-job.
    just check it out and also check below FM
    Try the DB_CRYPTO_PASSWORD function module, there's no way to decrypt it back that I know of. You just pass the user input to the function module and compare the encrypted output to the value stored in the database.
    and also try this two
    Use the following FM to encrypt
    CALL FUNCTION 'FIEB_PASSWORD_ENCRYPT'
    Use the following FM to decrypt
    CALL FUNCTION 'FIEB_PASSWORD_DECRYPT'
    By these FM you can encrypt & decrypt any fields of the Program.
    Warm Regards
      NZAB

  • How to write a pgm to change the existing encrypted password

    Hi all,
    can anybody tell me how to write a pgm to change the existing encrypted password.
    thanks in advance.

    Well, it's going to depend on how it's implemented in the current system.
    But basically it's going to look a lot like the current login actions. Presumably you have something that takes the user ID and password, encrypts the password, looks up the encrypted password in the database matching that user ID, and compares them. This functionality would also take a new password (preferably twice so they can be checked for consistency), and if the existing encrypted passwords match, it will encrypt the new password and put it in the database where the old one was.
    And if the application has a mechanism for new users to sign up, it'll look a lot like this as well.
    But I'm just guessing. This is all going to depend on how the existing functionality is written. Probably the best thing you can do is talk to a programmer at your organization who has worked on the application, and ask them for help.
    Hope this helps anyway.

  • Utility to generate the triple des (3DES) encrypted password in wl 6.1?

    To take advantage of the encrypted passwords in config.xml, as of wl 6.1, is
    there a weblogic utiltiy or api tha could be used to encrypt plaintext into
    the triple-des symmetric key PRIOR to having an SA or DBA type it into the
    console? This would help me greatly in the deployment and security of
    passwords.
    Thanks in Advance,
    Steve Rogers

    Hi,
    Thank you for your question.
    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
    Thank you for your understanding and support.
    Best Regards,
    Aiden
    Aiden Cao
    TechNet Community Support

  • Java API to read the Encrypted Values from Windows Registry settings

    Is there any Java API to read the Encrypted Values from Windows Registry settings ?
    My Java Application invokes a 3rd party Tool that writes the key/value to windows registry settings under : “HKLM\Software\<3rdparty>\dataValue”.
    This entry is in BINARY and encrypted with 3DES, using crypto API from Microsoft.
    3rd party software to encrypt the data stored in registry it
    either uses C++ code: and uses the call “CryptProtectData” and “CryptUnProtectData” or
    If it is a .NET (C#) it uses the call “Protect” or “UnProtect” from class “ProtectData” of WinCrypt.h from the library “Crypt32.lib.
    Note: The data is encrypted using auto-generated machinekey and there is no public key shared to decrypt the Encrypted data.
    Since the data is encrypted using auto-generated machinekey the same can be decrypted from a .Net / C++ application using CryptUnprotectData or UnProtect() API of WinCrypt.h from the library “Crypt32.lib.
    To know more about Auto-Generated MachineKey in Windows refer the links below
    http://aspnetresources.com/tools/machineKey
    http://msdn.microsoft.com/en-us/library/ms998288.aspx
    I need to find a way in Java to find the equivalent API to decrypt (CryptUnprotectData) and Microsoft will automatically use the correct key.
    But i couldn't find any informato related to Java APIs to enrypt or decrypt data using auto-generated machinekey.
    Is there a way to read the encrypted data from Windows regsitry settings that is encrypted using the Auto-Generated Machine Key ?
    Kindly let me know if Java provides any such API or mechanism for this.

    If the symmetric key is "auto-generated" and is not being stored anywhere on the machine, it implies that the key is being regenerated based on known values on the machine. This is the same principle in generating 3DES keys using PBE (password-based-encryption). I would review the documentation on the C# side, figure out the algorithm or "seed" values being used by the algorithm, and then attempt to use the JCE to derive the 3DES key using PBE; you will need to provide the known values as parameters to the PBE key-generation function in JCE. Once derived, it can be used to decrypt the ciphertext from the Regiistry in exactly the same way as the CAPI/CNG framework.
    An alternate way for Java to use this key, is to write a JNI library that will call the native Windows code to do the decryption; then the Java program does not need to know details about the key.
    That said, there is a risk that if your code can derive the key based on known seeds, then so can an attacker. I don't know what your applicatiion is doing, but if this is anything related to compliance for some data-security regulation like PCI-DSS, then you will fail the audit (for being unable to prove you have adequate controls on the symmetric key) if a knowledgable QSA probes this design.
    Arshad Noor
    StrongAuth, Inc.

  • Unencrypted password length vs. Encrypted password length

    Hi,
    Can anybody share the formula to get the resulting String length of an encrypted password.
    For example: how long will the encrypted String be given a 5 letter unencrypted password?
    Will this change across different algo? e.g. MD5/SHA1 and two way hash...
    Need this to make sure the database field is of the correct size for the encrypted password...
    based on prior experience, the resulting encrypted String is always longer than the inputted password but I cannot find a reference stating the formula...
    Thanks in advance

    A few things to keep in mind:
    1) Do not think of Strings when you are using cryptography. Always think in byte buffers (byte[]). Strings can perform implicit character conversions that will mess up your encryption (and decryption).
    2) Do you really need to encrypt the password? Most password files are simply hashed. You can go one step better by adding 'salt' prior to taking the hash.
    As for calculating lengths, it depends on the algorithm. But in all likelihood, rather than trying to calculate the exact, expected size, just make the database field larger. (I know, sloppy programming, but space is cheap, especially for storing a password).
    - Saish
    "My karma ran over your dogma." - Anon

  • Encryption password oracle 10g R2

    Hi !!
    I'm a newbie in oracle..
    I want to encrypt password in a log table
    how can I do that?
    ORA-28365: wallet is not open
    how can open this wallet?
    thanks...
    please help me
    Edited by: user12170257 on May 24, 2010 10:24 PM
    Edited by: user12170257 on May 24, 2010 10:30 PM

    Hi,
    Oracle Database 10g encrypts Columns using a master key, which is stored in a secure location called a wallet, which can be a file on the database server. Encrypted table keys are placed in the data dictionary. When a user enters data into the column defined as encrypted, Oracle Database 10g gets the master key from the wallet, decrypts the encryption key for that table from the data dictionary, uses that encryption key on the input value, and stores the encrypted data in the database
    alter table accounts modify (ssn encrypt using 'AES128');
    You can use AES128, AES192, AES256, or 3DES168 (168-bit Triple DES algorithm) as clauses. The values are self-explanatory; for instance, AES256 is for Advanced Encryption Standard algorithm with 256-bit key.
    For More details -
    http://www.oracle.com/technology/oramag/oracle/05-sep/o55security.html
    Hope this thing works for you.
    Regards,
    Tiger..

  • Default Encrypted  Password

    Dear All,
    i want to insert encrypted Password of 'password' string into table user_dtl column PASSWORD .
    How can i insert Encripted password into table.
    Thanks

    Hi Vedant,
    See the CUSTOM_HASH function that is installed with sample application in the APEX.
    Here is the code for it:
    create or replace function custom_hash (p_username in varchar2, p_password in varchar2)
    return varchar2
    is
      l_password varchar2(4000);
      l_salt varchar2(4000) := 'XFSPL28ZTWEWWM6FHWMK68AG5NQVLU';
    begin
    -- This function should be wrapped, as the hash algorithm is exposed here.
    -- You can change the value of l_salt or the method of which to call the
    -- DBMS_OBFUSCATOIN toolkit, but you much reset all of your passwords
    -- if you choose to do this.
    l_password := utl_raw.cast_to_raw(dbms_obfuscation_toolkit.md5
      (input_string => p_password || substr(l_salt,10,13) || p_username ||
        substr(l_salt, 4,10)));
    return l_password;
    end;
    i want to insert encrypted Password of 'password' string into table user_dtl column PASSWORD.The above function will give the encrypted password which can be inserted into USER_DTL as follows:
    INSERT INTO USER_DTL(USERNAME,PASSWORD) VALUES(:P1_USERNAME, CUSTOM_HASH(:P1_USERNAME,:P1_PASSWORD))Be sure that PASSWORD column in USER_DTL is of type VARCHAR2 and of adequate length as to accommodate the encrypted password.
    Hope it helps!
    Regards,
    Kiran

Maybe you are looking for

  • How do I set-up my Dataset to pull data for Service Requests for a report

    I am using SQL Server 2012 Report Builder 3.0. I have my Data Source added - DWDataMart I want to build my Dataset to query and find a very specific item. Basically I am creating a daily report that will show what each "team" or Support Group (AD Obj

  • How to do when re-install an instance of RAC

    Hi all, We have a RAC system with two nodes, using ASM, Oracle database 10gR2 (10.2.0.40), OS: RHEL 4U6. Now one node in this system down because of hardware problems. We shutdown this node, whole this system is currently running on another healthy n

  • How to fill out a form such as a IRS form

    For an example, lets say you take the 1040 form from the IRS, the user enters input for the form in the console or gui and the input is placed in the correct places on the IRS form. You can't make your own form, it has to be the official IRS form. So

  • Is it possible to delete Itunes movie extras?

    Is it possible to delete just the Itunes movie extras without deleting the movie itself?

  • How to reinitilize an bounded taskflow with multiple jsff's

    Hi, I am having a bounded taskflow which is having two jsff's. On my first jsff i am having an command link on click of which i am navigating to my next jsff, i have added this task flow in my screen in a panel tabbed having 4 tabs .Now i open my fir