Security

What password encryption scheme does DB Connect App uses for encrypting database passwords?

rsimmons
Splunk Employee
Splunk Employee

What password encryption scheme does DB Connect App uses for encrypting database passwords?

Labels (1)
Tags (1)
1 Solution

rsimmons
Splunk Employee
Splunk Employee

You can use AES encryption with a secret key derived from the splunk.secret file (which is unique per Splunk instance). At initial startup, Splunk creates the file $SPLUNK_HOME/etc/auth/splunk.secret. This file contains a key used to encrypt some of your authentication information.

To manually change on the command line, see example below. It requires the java bridge to be running.

$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt encrypt thisIsMyPassword123 

View solution in original post

datasearchninja
Communicator

For dbx v2/v3:

 $ echo 'password' | base64 --decode | openssl aes-256-cbc -d -pass file:$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat
0 Karma

aleoliva
Engager

Previous command is for decrypting but question was about encrypting.

  • Encrypting:
    $ echo 'thisIsMyPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -e

  • Decrypting:
    $ echo 'thisIsMyEncryptedPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -d

HansWurscht
Path Finder

When using long passwords, you may have to use -A with openssl.
So for us it was:

  • Encrypting:

    $ echo -n 'thisIsMyPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -e -A

  • Decrypting:

    $ echo -n 'thisIsMyEncryptedPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -d

0 Karma

appidi_123
New Member

Hello Hans,

I tried the below as suggested to decrypt the password, but i am getting errors are Invalid password argument and Error getting password, i am confused with -pass file argument, i am passing it as -pass /opt/splunk/etc/auth/splunk.secret, please suggest

$ echo -n 'thisIsMyEncryptedPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -d

0 Karma

nadcohen
Engager

Hello the ser reading this,

if you get "bad decrypt"

try

echo 'U2FsdGVkX1/8/PnefMMBHA8f/IavzfMuBDyTjjNlZtg=' | base64 --decode | /opt/splunk/bin/splunk cmd openssl aes-256-cbc -d -pass file:/opt/splunk/etc/apps/splunk_app_db_connect/certs/identity.dat

the version of the openssl should be the one Splunk uses, otherwise you might get "bad decrypt"

WurschtHans
Engager

Thank YOU!!!

That worked after hours of searching!

0 Karma

frankfowler
Explorer

that is for version 1 of dbConnect - what about version 2 ?

0 Karma

rsimmons
Splunk Employee
Splunk Employee

You can use AES encryption with a secret key derived from the splunk.secret file (which is unique per Splunk instance). At initial startup, Splunk creates the file $SPLUNK_HOME/etc/auth/splunk.secret. This file contains a key used to encrypt some of your authentication information.

To manually change on the command line, see example below. It requires the java bridge to be running.

$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt encrypt thisIsMyPassword123 

gschmitz
Path Finder

I just wondered as well how you would decrypt Dbx2 passwords. Maybe you can update your answer?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...