Hello,
I would like to present a solution in order to encrypt/decrypt data base password stored in dbpasswd.txt on DCTM server via API commands and Java API programming. When and why this would be necessary ? Perhaps, if the database password has been forgotten by everybody 🙂
API commands
So, the password of database is stored in the dbpasswd.txt file in the docbase’s folder [DCTM_INSTALL_FOLDER]\dba\config\[DOCBASE_FOLDER]. The content of this file would be like:
DM_ENCR_TEXT=Qir0/YsHIxxxxxxxxxxxxxxxxx8MGpK
To decrypt this value via API commands on Windows:
- On DCTM server, launch a command and connect to targeted docbase via IAPI tool with a SUPERUSER (owner) account:
D:\Documentum\product\7.2\bin>iapi mydocbase Please enter a user (hozveren): dmadmin Please enter password for dmadmin: ********* EMC Documentum iapi - Interactive API interface (c) Copyright EMC Corp., 1992 - 2015 All rights reserved. Client Library Release 7.2.0050.0084 Connecting to Server using docbase mydocbase [DM_SESSION_I_SESSION_START]info: "Session 010xxxxxxxxbcde started for user dmadmin." Connected to Documentum Server runing Release 7.2.0050.0214 Win64.Oracle Session id is s0 API>_
- Execute the API commands initcrypto,c, and decrypttext,c,DM_ENCR_TEXT=xxxxxx:
D:\Documentum\product\7.2\bin>iapi mydocbase Please enter a user (hozveren): dmadmin Please enter password for dmadmin: ********* EMC Documentum iapi - Interactive API interface (c) Copyright EMC Corp., 1992 - 2015 All rights reserved. Client Library Release 7.2.0050.0084 Connecting to Server using docbase mydocbase [DM_SESSION_I_SESSION_START]info: "Session 010xxxxxxxxbcde started for user dmadmin." Connected to Documentum Server runing Release 7.2.0050.0214 Win64.Oracle Session id is s0 API>initcrypto,c, ... OK API>decrypttext,c,DM_ENCR_TEXT=Qir0/YsHIxxxxxxxxxxxxxxxxx8MGpK ... MyDataBasePassword123 API>_
Java API programming
It is also possible to decrypt the password of database (stored in the dbpasswd.txt file in folder [DCTM_INSTALL_FOLDER]\dba\config\[DOCBASE_FOLDER]), via API programming. Reminder the content of this file would be like:
DM_ENCR_TEXT=Qir0/YsHIxxxxxxxxxxxxxxxxx8MGpK
To encrypt/decrypt this value via JAVA API programming:
- Get the file aek.key from Content Server and prepare a dfc.properties config file. The key file is available in the DCTM folder [DCTM_INSTALL_FOLDER]\dba\secure\.
- Java decrypting method:
/** * Decrypting with API - longer, dm_encrypt_password passwords * * @param passwordEncrypted * @return */ public static String decryptWithApi(String passwordEncrypted,String AEK_PATH) { String ret = null; try { File file = new File(AEK_PATH); if (!file.exists()) { System.out.println("Could not find aek.key file. Please copy from Content Server to "+ AEK_PATH); return null; } System.out.print("\tAPI (decrypt) -> " + passwordEncrypted + "\t\t\t\t"); com.documentum.dmcl.impl.DmclApi.getInstance().exec("initcrypto,c," + AEK_PATH); ret = com.documentum.dmcl.impl.DmclApi.getInstance().get("decrypttext,c,DM_ENCR_TEXT=" + passwordEncrypted); } catch (Exception e) { System.out.println("ERROR: " + e.getMessage()); } return ret; } - Java encrypting method:
/** * Encrypting with API - longer, dm_encrypt_password passwords * * @param passwordToEncrypt * @return */ public static String encryptWithApi(String passwordToEncrypt, String AEK_PATH) { String ret = null; try { File file = new File(AEK_PATH); if (!file.exists()) { System.out.println("Could not find aek.key file. Please copy from Content Server to " + AEK_PATH); return null; } System.out.print("\tAPI (encrypt) -> " + passwordToEncrypt + "\t\t\t\t"); com.documentum.dmcl.impl.DmclApi.getInstance().exec("initcrypto,c," + AEK_PATH); ret = com.documentum.dmcl.impl.DmclApi.getInstance().get("encryptpass,c,DM_ENCR_TEXT=" + passwordToEncrypt); } catch (Exception e) { System.out.println("ERROR: " + e.getMessage()); } return ret; } - Test decrypting and encrypting method via Java API commands:
// --------------------------------- Encrypting/Decrypting with API String aekkeyfile = "T:/Public/HUO/aek.key"; password = "DM_ENCR_TEXT=Qir0/YsHIxxxxxxxxxxxxxxxxx8MGpK"; // try decrypting with API - longer, dm_encrypt_password passwords System.out.println("\nTrying to decrypt '" + password + "'...\n"); clearText = decryptWithApi(password, aekkeyfile); if ((clearText != null) && (clearText.length() > 0)) { System.out.println("'" + clearText + "'"); }else{ System.exit(1); } clearText = "TEST-javablog-Documentum@123"; // try encrypting with API - longer, dm_encrypt_password passwords System.out.println("\nTrying to encrypt '" + clearText + "'...\n"); password = encryptWithApi(clearText, aekkeyfile); if ((password != null) && (password.length() > 0)) { System.out.println("'" + password + "'"); }else{ System.exit(1); } // try decrypting with API - longer, dm_encrypt_password passwords System.out.println("\nTrying to decrypt again '" + password + "'...\n"); clearText = decryptWithApi(password, aekkeyfile); if ((clearText != null) && (clearText.length() > 0)) { System.out.println("'" + clearText + "'"); }else{ System.exit(1); }
That’s all!!!
Huseyin OZVEREN