looking for a way to decrypt secret variables

[fabrizio chavarria]

hi ,  

i am looking for a way to decrypt secret variables from my server. 

I have tried this with no luck yet. 

sudo -u go bash -c "echo ${1} | openssl enc -aes-128  -a -d -iv 0 -K $(cat /etc/go/cipher)"

any help is appreciated. 

[Ankit Srivastava]

Hi there,

The AES encrypter uses the cipher from the file cipher.aes.  The decryption code is available at AESEncrypter.java, with tests in AESEncrypterTest.java. The code should be mostly self-explanatory, but if it helps here's how you'd go about decrypting a cipher text in the format AES:HEX_ENCODED_IV:HEX_ENCODED_CIPHER_TEXT:

- base64 decode the contents of the cipher.aes file to get a 16-byte secret key used for encryption/decryption
- split the string by a colon `:`
- the first part `AES` is a marker to indicate the type of encryption used, so it allows us the flexibility to use a different encryption scheme later
- the second part is the Initialization Vector(IV) used for AES encryption. You'd be expected to base64 decode it, to get a 16 byte IV.
- the third part is the actual encrypted text. You'd be expected to base64 decode it before decrypting.
- to decrypt, you'd then use the IV and the secret key (from cipher.aes) to decrypt the encrypted text.

This should work for GoCD v18.7.0 and above. We moved towards AES encryption/decryption over DES in 18.7.0 release. 

--
You received this message because you are subscribed to the Google Groups "go-cd" group.
To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/e3817c3b-e5ed-4b52-afa4-da5666e83070%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.