Hi there, The AES encrypter uses the cipher from the file cipher.aes. The decryption code is available at AESEncrypter.java <https://github.com/gocd/gocd/blob/master/config/config-api/src/main/java/com/thoughtworks/go/security/AESEncrypter.java>, with tests in AESEncrypterTest.java <https://github.com/gocd/gocd/blob/master/config/config-api/src/test/java/com/thoughtworks/go/security/AESEncrypterTest.java>. The code should be mostly self-explanatory, but if it helps here's how you'd go about decrypting a cipher text in the format AES:HEX_ENCODED_IV:HEX_ENCODED_CIPHER_TEXT:
- base64 decode the contents of the cipher.aes file to get a 16-byte secret key used for encryption/decryption - split the string by a colon `:` - the first part `AES` is a marker to indicate the type of encryption used, so it allows us the flexibility to use a different encryption scheme later - the second part is the Initialization Vector(IV) used for AES encryption. You'd be expected to base64 decode it, to get a 16 byte IV. - the third part is the actual encrypted text. You'd be expected to base64 decode it before decrypting. - to decrypt, you'd then use the IV and the secret key (from cipher.aes) to decrypt the encrypted text. This should work for GoCD v18.7.0 and above. We moved towards AES encryption/decryption over DES in 18.7.0 release <https://www.gocd.org/releases/#18-7-0>. On Mon, Jul 15, 2019 at 9:30 AM fabrizio chavarria <[email protected]> wrote: > hi , > > i am looking for a way to decrypt secret variables from my server. > > I have tried this with no luck yet. > > sudo -u go bash -c "echo ${1} | openssl enc -aes-128 -a -d -iv 0 -K $(cat > /etc/go/cipher)" > > any help is appreciated. > > -- > You received this message because you are subscribed to the Google Groups > "go-cd" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/go-cd/e3817c3b-e5ed-4b52-afa4-da5666e83070%40googlegroups.com > <https://groups.google.com/d/msgid/go-cd/e3817c3b-e5ed-4b52-afa4-da5666e83070%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/CAFC4iTUuD-qZWJfTU6VRNQei8MKY-pxvXaXnYW%2BkHM%2BS22qX2Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
