We can decrypt weblogic, jdbc and java keystore passwords offline using WLST.
Kindly follow below steps to decrypt them offline using WLST ( No Script/Online dependency ):
1. Login to admin server host
2. Go to $ORACLE_HOME/oracle_common/common/bin
3. Invoke wlst.sh OR wlst.cmd
4. wls:/offline> domain = "<$domain_home_path>"
5. wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
6. wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
7. wls:/offline> print encryption.decrypt("<encrypted password>")
Please note, in encrypted string we have to remove backward slash symbol.
Examples:
For Linux:
[oracle@demomachine ~]$ cd /u02/oracle12213/osb/oracle_home/oracle_common/common/bin
[oracle@demomachine u02]$./wlst.sh
wls:/offline> domain = "/u02/Oracle12213/osb/domain/dev_domain "
wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
wls:/offline> print encryption.decrypt("{AES}577uW8U1WXvE9Ep+9gw7V3ZfJiyjD5TDT3id5X9LtdE= ")
weblogic
For Windows:
C:\windows\system32>cd C:\Oracle12213\Middleware\Oracle_Home\oracle_common\common\bin
C:\Oracle12213\Middleware\Oracle_Home\oracle_common\common\bin>wlst.cmd
Initializing WebLogic Scripting Tool (WLST) ...
Jython scans all the jar files it can find at first startup. Depending on the system, this process may take a few minutes to complete, and WLST may not return a prompt right away.
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline> domain = "C:\\Oracle12213\\Middleware\\Oracle_Home\\user_projects\\domains\\dev_domain"
wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
wls:/offline> print encryption.decrypt("{AES}Rx9/lKeFMhllwNMYXWtC+DryFL9zU3MypEPLNtJ+W4w=")
weblogic123
=========================================================================================
Issues Faced:
You may face below issue while decrypting passwords if you don’t remove backward slash symbol.
Error:
wls:/offline> print encryption.decrypt("{AES}Rx9/lKeFMhllwNMYXWtC+DryFL9zU3MypEPLNtJ+W4w\=")
Traceback (innermost last):
File "<console>", line 1, in ?
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:144)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:192)
at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:99)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
weblogic.security.internal.encryption.EncryptionServiceException: weblogic.security.internal.encryption.EncryptionServiceException: com.rsa.jsafe.JSAFE_InputException: Invalid input.
Resolution:
If you are facing above error, kindly delete backward slash symbols from the encrypted string and retry.
e.g. From {AES}Rx9/lKeFMhllwNMYXWtC+DryFL9zU3MypEPLNtJ+W4w\=
To {AES}Rx9/lKeFMhllwNMYXWtC+DryFL9zU3MypEPLNtJ+W4w=
Kindly follow below steps to decrypt them offline using WLST ( No Script/Online dependency ):
1. Login to admin server host
2. Go to $ORACLE_HOME/oracle_common/common/bin
3. Invoke wlst.sh OR wlst.cmd
4. wls:/offline> domain = "<$domain_home_path>"
5. wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
6. wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
7. wls:/offline> print encryption.decrypt("<encrypted password>")
Please note, in encrypted string we have to remove backward slash symbol.
Examples:
For Linux:
[oracle@demomachine ~]$ cd /u02/oracle12213/osb/oracle_home/oracle_common/common/bin
[oracle@demomachine u02]$./wlst.sh
wls:/offline> domain = "/u02/Oracle12213/osb/domain/dev_domain "
wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
wls:/offline> print encryption.decrypt("{AES}577uW8U1WXvE9Ep+9gw7V3ZfJiyjD5TDT3id5X9LtdE= ")
weblogic
For Windows:
C:\windows\system32>cd C:\Oracle12213\Middleware\Oracle_Home\oracle_common\common\bin
C:\Oracle12213\Middleware\Oracle_Home\oracle_common\common\bin>wlst.cmd
Initializing WebLogic Scripting Tool (WLST) ...
Jython scans all the jar files it can find at first startup. Depending on the system, this process may take a few minutes to complete, and WLST may not return a prompt right away.
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline> domain = "C:\\Oracle12213\\Middleware\\Oracle_Home\\user_projects\\domains\\dev_domain"
wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
wls:/offline> print encryption.decrypt("{AES}Rx9/lKeFMhllwNMYXWtC+DryFL9zU3MypEPLNtJ+W4w=")
weblogic123
=========================================================================================
Issues Faced:
You may face below issue while decrypting passwords if you don’t remove backward slash symbol.
Error:
wls:/offline> print encryption.decrypt("{AES}Rx9/lKeFMhllwNMYXWtC+DryFL9zU3MypEPLNtJ+W4w\=")
Traceback (innermost last):
File "<console>", line 1, in ?
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:144)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:192)
at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:99)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
weblogic.security.internal.encryption.EncryptionServiceException: weblogic.security.internal.encryption.EncryptionServiceException: com.rsa.jsafe.JSAFE_InputException: Invalid input.
Resolution:
If you are facing above error, kindly delete backward slash symbols from the encrypted string and retry.
e.g. From {AES}Rx9/lKeFMhllwNMYXWtC+DryFL9zU3MypEPLNtJ+W4w\=
To {AES}Rx9/lKeFMhllwNMYXWtC+DryFL9zU3MypEPLNtJ+W4w=
