Advertisements
RSS

Weblogic and Triple-DES encryption

09 Apr

>Weblogic allows you to store clear-text passwords in configuration files when you have a development domain, however production mode forces the use of Triple-DES block ciphers to store these password. (that’s also the reason why the encrypted passwords begin with “{3DES}”)

Often this proces is done automatically by Weblogic, but in some cases it is good to know how to manually convert clear-text to a 3DES encrypted string. You can find these 3DES strings located in the domain’s config.xml, boot.properties, the service accounts used by the Oracle Service Bus (even when you use the RDBMS Security Store under your weblogic domain), etc.

For this we will need the domain’s password salt file SerializedSystemIni.dat.
Cibergavin made a good post explaining the importance of this specific file for your Weblogic domain.

SerializedSystemIni.dat is a WebLogic domain file which contains hashes. SerializedSystemIni.dat is located in the domain directory (WebLogic Server 8.1 and earlier) or in domain/security directory (WebLogic Server 9.x and later). The SerializedSystemIni.dat is created during the creation of a WebLogic domain. The hashes in the file are created using an algorithm that binds the file to the domain in which it has been created. So, a SerializedSystemIni.dat file can be used only within the domain in which it has been created.

Due to the use of the salt file (SerializedSystemIni.dat) you should execute the utility from your domain folder:

cd d:\myDomain\binsetDomainEnv.cmdjava weblogic.security.EncryptPassword: weblogic{3DES}p2rh5zuiDsut1yNTGtUfFg==

You can also pass the password as an argument:

cd d:\myDomain\binsetDomainEnv.cmdjava weblogic.security.Encrypt weblogic{3DES}p2rh5zuiDsut1yNTGtUfFg==

And last but not least you can use WLST:

cd d:\myDomain\binsetDomainEnv.cmdjava weblogic.WLST

Initializing WebLogic Scripting Tool (WLST) ...Welcome to WebLogic Server Administration Scripting ShellType help() for help on available commands

wls:/offline> es = encrypt('weblogic')wls:/offline> print es{3DES}p2rh5zuiDsut1yNTGtUfFg==wls:/offline>
Advertisements
 
1 Comment

Posted by on 09-04-2010 in Oracle, Weblogic, WLST

 

Tags: , ,

One response to “Weblogic and Triple-DES encryption

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: