cancel
Showing results for 
Search instead for 
Did you mean: 

Password Encryption (des) Problem

Former Member
0 Kudos

Hi,

I'm facing some issue When i try to store the MX_ENCRYPTED_PASSWORD.

i have used the below script to encrypt the password

function fnDes(Par){

key = "C:
Program Files
SAP
IdM
Workflow
configs
KEY
keys.ini";

return UserFunc.uDESEncrypt(key,Par);

}

The job runs without error but it stores null value for this attribute in the backend. if i use

return UserFunc.uDESEncrypt("",Par);

It throws some error. Please help am i missing anything?

Regards,

Pricy

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Dominik,

I saw in help file that

"The Java components, the runtime engine and import/export, require the Java Cryptography Extension (JCE) 1.2.2 for triple DES encryption. "

Do we need to install this JCE? i havent installed this software.

Regards,

Pricy

Former Member
0 Kudos

Hello Pricy,

haven't thought of that, because I thought that this would not be the problem. Adding the [JCE|http://java.sun.com/products/archive/jce/] should solve this problem.

Another option is that you use the Windows engine and a VB script instead of the Java runtime.

Best regards

Dominik

Former Member
0 Kudos

Hi Dominik,

Thank u very much.

It worked with windows runtime but with java script.

Regards,

Mary

Former Member
0 Kudos

hi marry

can you share your solution.

i have the same problem..after download JCO have you set any class path?

please confirm

regards

Answers (6)

Answers (6)

Former Member
0 Kudos

Hi Dominik,

Thanks for all your replies.

I'm new to IDM and working on 7.0

i have placed the key in c:keys.ini still it throws the same key byte error.

I have also tried using half the key (first or second half as you have mentioned) it throws the below error:

org.mozilla.javascript.EvaluatorException: uDESEncrypt got exception decoding buffer.

if i dont specify any key like userfunc.udesencrypt("",Par) it throws the below error:

org.mozilla.javascript.JavaScriptException: java.lang.UnsupportedOperationException: java.lang.NoClassDefFoundError: javax/crypto/SunJCE_b : cannot initialize class because prior initialization attempt failed

As i havent worked in java i'm not able to sort out the issue.

Former Member
0 Kudos

Hello Pricy,

if you write in the key as parameter it has to be done like described in the help:

EncryptionKey

The encryption key. Can be hex-encoded, prefixed with .

If this is empty, the default key file is used. If this is not found, the internal key is used.

It can contain a valid key file name, including the path.

It can contain a valid key that is used for encryption.

But, if I use half of the key without the it works for my decrypt script which should be similar to the encrypt script.

I guess there is another reason which does not directly has to do with the encrypt/decrypt scripts. Maybe the Java Runtime installation is not complete or the Javascript implementation "js.jar" in the "Identity Center" folder is somehow corrupt.

Best regards

Dominik

Former Member
0 Kudos

hi Dominik,

i have tried the methods and have also replaced the key with the key value it still throws the error the key has to be 24 byte long.

the key is used was B54871D505A7A8C66F3093CF287483EDEB299C8A16202170

Regards,

Pricy

Former Member
0 Kudos

Hello Pricy,

I remember now that one key, which is stored in the key.ini, is 48 Byte long. So the first half (or was it the second?) has to be taken.

I tried several times before I got it right back then, so do not give up, it has to work. But I guess that there is another problem, maybe with the file itself or the path to the file. Have you tried storing it in C:\key.ini already?

By the way, what do you use, IdM 7.0 or 7.1? I only used 7.0 by now.

Best regards

Dominik

Former Member
0 Kudos

Hi Dominik,

i'm able to login to the workflow as it is refering the MX_PASSWORD attribute.

value for encrypted password attribute is $FUNCTION.fnDes(%Password%)$$.

if i pass the value %password% without any function it is able to store it in DB. The problem comes only when i use the encryption method.

Correct me if anyother configuration has to be made. I have specified the encryption algorithm as 3DES for both IC and the IS.

Regards,

Pricy

Former Member
0 Kudos

Hello Pricy,

sorry, i meant:

UserFunc.uErrMsg(1, Password))

to write it into the Job log not logging into the workflow.

The specification should be OK, too.

Have you tried taking the encryption key from the .ini-file and use it as first parameter in the script like uDESEncrypt("1234ABC..." , Password)?

Best regards

Dominik

Former Member
0 Kudos

Hi Dominik,

I have installed IDM in my local server. key.ini file is in my local, the file is the default one which was created when installing IDM workflow

Regards,

Pricy

Former Member
0 Kudos

Hello Pricy,

this seems to be OK then.

As it is the standard file, there should be no problems, too. So the "" as first parameter should do the work.

In the pass you call your script, is there everything set up like

$FUNCTION.isv_encryptPassword(%userPassword%)$$

Have you tried logging before returning the value? Or logging the parameter?

I would have tried this to ensure that the problem does not refer to the storing in the database but exists somewhere before during encryption or .

Best regards

Dominik

Former Member
0 Kudos

Hi Dominik,

Thanks for ur reply.

actual key that i have used is C:
Program Files
SAP
IdM
Workflow
configs
KEY
keys.ini

but the
are replaced by enter in the post. i tried the way using file:
or / or\ it throws error as

org.mozilla.javascript.EvaluatorException: uDESEncrypt: Key should be exactly 24 bytes long

Former Member
0 Kudos

Have you stored the ini-file on the server or just on your local machine (assuming you don't have everything installed on your local machine)?

Best regards

Dominik

Former Member
0 Kudos

Hello Pricy,

have you tried

"file://C:\\Program Files\\SAP\\IdM\\Workflow\\configs\\KEY\\keys.ini"

or replacing the \ by /?

Best regards

Dominik