DbConnect 2.2 to 2.4 - Unable to decrypt password

paniaguacinq · ‎03-22-2017

Hi,

Can anyone confirm that DB Connect uses identity.dat file for encryption instead of the splunk.secret file? I have copied the identity.dat file from a 2.2 system to the new 2.4 system (splunk_app_db_connect/certs directory) but no success.

File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbxcrypto.py", line 42, in decrypt
raise Exception("Unable to decrypt password, please re-enter password on identity")
Exception: Unable to decrypt password, please re-enter password on identity

splunk_kk · ‎06-25-2017

Hi Paniagacing,

I've a similar situation where I get the same error "Unable to decrypt password, please re-enter password on identity".

This usually happens when I try to create an Identity via CLI (identities.conf file). Even after restarting Splunk service the error still persists. What I noticed is that, when I check the identities.conf file after restarting Splunk service, the password provided is still in clear text. It hasn't being hashed.

So to solve it, I retype the password via Web GUI in Identities and save it.

This is quite strange.

Did you face a similar situation?

Regards,

paniaguacinq · ‎03-25-2017

After some research, I found the answer in dbxcrypto.py file:

SECRET_PATH = os.path.join(utils.get_cert_dir(), 'identity.dat')
ENCRYPT_CMD = ['openssl', 'aes-256-cbc', '-e', '-base64', '-pass', 'file:' + SECRET_PATH]
DECRYPT_CMD = ['openssl', 'aes-256-cbc', '-d', '-base64', '-pass', 'file:' + SECRET_PATH]

closed!

DbConnect 2.2 to 2.4 - Unable to decrypt password

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?