Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

AEM Utility to Decrypt Password in AEM?

Avatar

Level 2
Level 2
9/15/20 9:03:07 PM

Hi Experts,

 

I understand AEM provides an out of the box utility at /system/console/crypto to convert plain text passwords to encrypted password. However, we have a requirement to convert such encrypted password to plain text password for verification purposes at later point of time by Production support team. So, is there a utility that AEM provides to decrypt password ?

 

Edit - We are using 6.5 SP2.

 

Thanks.

Views

1.8K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
9/15/20 9:18:43 PM

Hi @bsr78033597 

 

There is no OOTB option to decrypt the encrpted text from consoles. I would suggest if you really need this flexibility, you can do following:

  1. Register servlet using resourceType
  2. In servlet, you can pass encrypted text as some param like etext
  3. you can decrypt text in the servlet itself using Crypto Service and return the result as response like 

 

 

 

@Reference
private CryptoSupport cryptoSupport;

    @Override
    protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServletException, IOException {
        String etext = request.getParameter("etext");
        if(cryptoSupport.isProtected(etext)){
            String dtext = this.cryptoSuport.unProtect(etext);
            response.getWriter().write(dtext);
        }
        else{
            response.getWriter().write("Non Encrypted Text");
        }
}
​

 

 

 

  • Now create a node under /apps with property "sling:resourceType" equivalent to resource type with which your servlet was registerd. Creating it under apps will unsure that the servlet is only accessible to users with access to /apps read write.
  • you can now call you utility like http://<host>:<port>/apps/decrypt?etext=<encrypted-text>

 

Hope it helps!

Thanks!

Nupur

View solution in original post

Views

1.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Community Advisor
Community Advisor
9/15/20 9:18:43 PM

Hi @bsr78033597 

 

There is no OOTB option to decrypt the encrpted text from consoles. I would suggest if you really need this flexibility, you can do following:

  1. Register servlet using resourceType
  2. In servlet, you can pass encrypted text as some param like etext
  3. you can decrypt text in the servlet itself using Crypto Service and return the result as response like 

 

 

 

@Reference
private CryptoSupport cryptoSupport;

    @Override
    protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServletException, IOException {
        String etext = request.getParameter("etext");
        if(cryptoSupport.isProtected(etext)){
            String dtext = this.cryptoSuport.unProtect(etext);
            response.getWriter().write(dtext);
        }
        else{
            response.getWriter().write("Non Encrypted Text");
        }
}
​

 

 

 

  • Now create a node under /apps with property "sling:resourceType" equivalent to resource type with which your servlet was registerd. Creating it under apps will unsure that the servlet is only accessible to users with access to /apps read write.
  • you can now call you utility like http://<host>:<port>/apps/decrypt?etext=<encrypted-text>

 

Hope it helps!

Thanks!

Nupur

Views

1.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
To download assets in the AEM collections which has apparently 1000 assets

Views

62

Likes

0

Replies

1
How to write junit for the below code

Views

55

Likes

0

Replies

1
IF block for request uri in dispatcher

Views

104

Likes

0

Replies

4
I have a problem with the times being off when publishing to sites

Views

63

Likes

0

Replies

1
ACS commons sends mail to multiple recipients separately causing duplicate emails

Views

76

Likes

0

Replies

2