Decrypt Encrypted text with the WSO2 Cipher tool

If you are using any of the WSO2 products, it contains a number of configuration files which are containing so many sensitive information such as passwords, Connection URL’s…etc. In order to hide those sensitive user data, WSO2 products are by default packed with the cipher-tool [1] which is a simple tool to encrypt those data in the config files. Cipher tool is using public key encryption, Which means it’s encrypting data with the public key and decrypt with the private key [2].

If you successfully run the cipher tool for WSO2 products, the encrypted text is stored in the file (The location of this file might differ from product to product). The following is a sample of file after a successful run of cipher tool.

Assume a situation where you need to get the plain text password out of the encrypted value for some reason such as troubleshooting a problem. Usually, the default cipher tool shipped with the WSO2 products is not capable of decrypting values by default. But the following client is created by extending the default cipher tool and adding the decrypt functionality. Please refer the following steps to use that tool.

Steps to follow

Please download the extended cipher tool from here Or else you could clone this git repo and build from the scratch.

If you build the cloned repo, The cipher tool jar file is located in the <cipher-tool-home>/components/ciphertool/target directory.

  • Go to the <PRODUCT_HOME>/lib directory and remove or backup the existing org.wso2.ciphertool-*.jar file
Backing up excising cipher tool jar
  • Copy downloaded or newly build jar file to that location.
  • Now go to the <PRODUCT_HOME>/lib directory and run the cipher tool with -Ddecrypt parameter.
Run with the -Ddecrypt perameter
  • Provide the password of the keystore then past the encrypted value. Eventually, you will prompt with the decrypted value.
Decrypted values