You cannot see this page without javascript.

메뉴 건너뛰기

WHKorea

WLST to decrypt Weblogic, jdbc and java keystore passwords offline

 
We can decrypt weblogic, jdbc and java keystore passwords offline using WLST.

Kindly follow below steps to decrypt them offline using WLST ( No Script/Online dependency ):
1.      Login to admin server host
2.      Go to $ORACLE_HOME/oracle_common/common/bin
3.      Invoke wlst.sh OR wlst.cmd
4.      wls:/offline> domain = "<$domain_home_path>"
5.      wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
6.      wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
7.      wls:/offline> print encryption.decrypt("<encrypted password>")
Please note, in encrypted string we have to remove backward slash symbol.

Examples:
For Linux:
[oracle@demomachine ~]$ cd /u02/oracle12213/osb/oracle_home/oracle_common/common/bin
[oracle@demomachine u02]$./wlst.sh

wls:/offline> domain = "/u02/Oracle12213/osb/domain/dev_domain "
wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
wls:/offline> print encryption.decrypt("{AES}577uW8U1WXvE9Ep+9gw7V3ZfJiyjD5TDT3id5X9LtdE= ")
weblogic


For Windows:
C:\windows\system32>cd C:\Oracle12213\Middleware\Oracle_Home\oracle_common\common\bin
C:\Oracle12213\Middleware\Oracle_Home\oracle_common\common\bin>wlst.cmd

Initializing WebLogic Scripting Tool (WLST) ...

Jython scans all the jar files it can find at first startup. Depending on the system, this process may take a few minutes to complete, and WLST may not return a prompt right away.

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> domain = "C:\\Oracle12213\\Middleware\\Oracle_Home\\user_projects\\domains\\dev_domain"
wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
wls:/offline> print encryption.decrypt("{AES}Rx9/lKeFMhllwNMYXWtC+DryFL9zU3MypEPLNtJ+W4w=")
weblogic123

=========================================================================================
Issues Faced:
You may face below issue while decrypting passwords if you don’t remove backward slash symbol.

Error:
wls:/offline> print encryption.decrypt("{AES}Rx9/lKeFMhllwNMYXWtC+DryFL9zU3MypEPLNtJ+W4w\=")
Traceback (innermost last):
  File "<console>", line 1, in ?
        at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:144)
        at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:192)
        at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:99)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)

weblogic.security.internal.encryption.EncryptionServiceException: weblogic.security.internal.encryption.EncryptionServiceException: com.rsa.jsafe.JSAFE_InputException: Invalid input.

Resolution:
If you are facing above error, kindly delete backward slash symbols from the encrypted string and retry.
e.g. From {AES}Rx9/lKeFMhllwNMYXWtC+DryFL9zU3MypEPLNtJ+W4w\=
To {AES}Rx9/lKeFMhllwNMYXWtC+DryFL9zU3MypEPLNtJ+W4w=
위로