Cannot able to decrypt the password field in Quebec version of SeviceNow in scoped application

Hima
Tera Contributor

‎02-11-2021 11:04 PM

Hello Everyone,

While testing my App with the Quebec version of ServiceNow I'm facing an issue while decrypting the 2-way encrypted password. I was using gr.<field_name>.getDecryptedValue() to decrypt the password but Quebec cannot able to decrypt the password.

Find the below results when I tried to decrypt the password it printing encrypted password value only

Fetched crypto module 7d7ee9e3b7030010ebf7082e7e11a979 from cache
Fetched crypto module 7d7ee9e3b7030010ebf7082e7e11a979 from cache
Failed to read nae KMF properties from glide.kmf.properties
Failed to read KMF keysecure properties from glide.kmf.keysecure.properties
KMF keystore properties file: glide.kmf.keystore.properties not found
Failed to read nae KMF properties from glide.kmf.properties
Failed to read KMF keysecure properties from glide.kmf.keysecure.properties
KMF keystore properties file: glide.kmf.keystore.properties not found
Failed to read nae KMF properties from glide.kmf.properties
Failed to read KMF keysecure properties from glide.kmf.keysecure.properties
KMF keystore properties file: glide.kmf.keystore.properties not found
Failed to read nae KMF properties from glide.kmf.properties
Failed to read KMF keysecure properties from glide.kmf.keysecure.properties
KMF keystore properties file: glide.kmf.keystore.properties not found
Failed to read nae KMF properties from glide.kmf.properties
Failed to read KMF keysecure properties from glide.kmf.keysecure.properties
KMF keystore properties file: glide.kmf.keystore.properties not found
Failed to read nae KMF properties from glide.kmf.properties
Failed to read KMF keysecure properties from glide.kmf.keysecure.properties
KMF keystore properties file: glide.kmf.keystore.properties not found
Found keyId : 1b87ad2073321010fa4be27bcaf6a730 in store : com.glide.kmf.KMFDBInstanceKeyStore@53dafc
Found wrapped key in repo. Attempting to unwrap.
Key id kmf_file_keystore_imk NOT found in repo for registry KMFMasterKeyRegistry
Failure getting key from the KMF.  Key ID: 1b87ad2073321010fa4be27bcaf6a730, Error: com.glide.kmf.commons.CryptoOperationException: Error decrypting key bytes, key not present.: com.glide.kmf.commons.CryptoOperationException: Error decrypting key bytes, key not present.: 	com.glide.kmf.KMFFormattedKeyUnwrappingOperation.decryptKeyBytes(KMFFormattedKeyUnwrappingOperation.java:56)
	com.glide.kmf.LocalRegistryWrapper.unwrapKey(LocalRegistryWrapper.java:42)
	com.glide.kmf.AKMFKeyRegistry.getKeyById(AKMFKeyRegistry.java:104)
	com.glide.kmf.KMFInstanceKeyRegistry.getKeyByType(KMFInstanceKeyRegistry.java:116)
	com.glide.kmf.LocalRegistryWrapper.computeHMAC(LocalRegistryWrapper.java:48)
	com.glide.kmf.AKMFKeyRegistry.validateHmac(AKMFKeyRegistry.java:357)
	com.glide.kmf.KMFModuleKeyRegistry.getKeyById(KMFModuleKeyRegistry.java:143)
	com.glide.kmf.KMFModuleKeyRegistry.getKeyByType(KMFModuleKeyRegistry.java:71)
	com.glide.kmf.KMFOutputBaseBuilder.getKMFOutputObject(KMFOutputBaseBuilder.java:98)
	com.glide.kmf.KMFOutputStringBuilder.apply(KMFOutputStringBuilder.java:22)
	com.glide.kmf.KMFGlideEncrypter.decrypt(KMFGlideEncrypter.java:159)
	com.glide.script.glide_elements.GlideElementPassword2.getDecryptedValueFromScript(GlideElementPassword2.java:120)
	com.glide.script.fencing.ScopedGlideElement.jsFunction_getDecryptedValue(ScopedGlideElement.java:133)
	sun.reflect.GeneratedMethodAccessor1256.invoke(Unknown Source)
	sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	java.lang.reflect.Method.invoke(Method.java:498)
	org.mozilla.javascript.MemberBox.invoke(MemberBox.java:138)
	org.mozilla.javascript.FunctionObject.doInvoke(FunctionObject.java:670)
	org.mozilla.javascript.FunctionObject.call(FunctionObject.java:614)
	org.mozilla.javascript.ScriptRuntime.doCall(ScriptRuntime.java:2609)
	org.mozilla.javascript.optimizer.OptRuntime.callProp0(OptRuntime.java:85)
	org.mozilla.javascript.gen.null_null_script_4796._c_script_0(null.null.script:3)
	org.mozilla.javascript.gen.null_null_script_4796.call(null.null.script)
	org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:563)
	org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3459)
	org.mozilla.javascript.gen.null_null_script_4796.call(null.null.script)
	org.mozilla.javascript.gen.null_null_script_4796.exec(null.null.script)
	com.glide.script.ScriptEvaluat...
[truncated]
...va:748)
HMAC validation failed for: 0eef3e7073321010fa4be27bcaf6a72c : com.glide.kmf.AKMFKeyRegistry$KeyRegistryException: Error while computing HMAC at com.glide.kmf.LocalRegistryWrapper@17af773. Could not retrieve hmac key from com.glide.kmf.KMFInstanceKeyRegistry: com.glide.kmf.AKMFKeyRegistry$KeyRegistryException: Error while computing HMAC at com.glide.kmf.LocalRegistryWrapper@17af773. Could not retrieve hmac key from com.glide.kmf.KMFInstanceKeyRegistry: 	com.glide.kmf.AKMFKeyRegistry.validateHmac(AKMFKeyRegistry.java:359)
	com.glide.kmf.KMFModuleKeyRegistry.getKeyById(KMFModuleKeyRegistry.java:143)
	com.glide.kmf.KMFModuleKeyRegistry.getKeyByType(KMFModuleKeyRegistry.java:71)
	com.glide.kmf.KMFOutputBaseBuilder.getKMFOutputObject(KMFOutputBaseBuilder.java:98)
	com.glide.kmf.KMFOutputStringBuilder.apply(KMFOutputStringBuilder.java:22)
	com.glide.kmf.KMFGlideEncrypter.decrypt(KMFGlideEncrypter.java:159)
	com.glide.script.glide_elements.GlideElementPassword2.getDecryptedValueFromScript(GlideElementPassword2.java:120)
	com.glide.script.fencing.ScopedGlideElement.jsFunction_getDecryptedValue(ScopedGlideElement.java:133)
	sun.reflect.GeneratedMethodAccessor1256.invoke(Unknown Source)
	sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	java.lang.reflect.Method.invoke(Method.java:498)
	org.mozilla.javascript.MemberBox.invoke(MemberBox.java:138)
	org.mozilla.javascript.FunctionObject.doInvoke(FunctionObject.java:670)
	org.mozilla.javascript.FunctionObject.call(FunctionObject.java:614)
	org.mozilla.javascript.ScriptRuntime.doCall(ScriptRuntime.java:2609)
	org.mozilla.javascript.optimizer.OptRuntime.callProp0(OptRuntime.java:85)
	org.mozilla.javascript.gen.null_null_script_4796._c_script_0(null.null.script:3)
	org.mozilla.javascript.gen.null_null_script_4796.call(null.null.script)
	org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:563)
	org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3459)
	org.mozilla.javascript.gen.null_null_script_4796.call(null.null.script)
	org.mozilla.javascript.gen.null_null_script_4796.exec(null.null.script)
	com.glide.script.ScriptEvaluator.execute(ScriptEvaluator.java:279)
	com.glide.script.ScriptEvaluator.evaluateString(ScriptEvaluator.java:118)
	com.glide.script.ScriptEvaluator.evaluateString(ScriptEvaluator.java:82)
	com.glide.script.fencing.GlideScopedEvaluator.evaluateScript(GlideScopedEvaluator.java:315)
	com.glide.script.fencing.GlideScopedEvaluator.evaluateScript(GlideScopedEvaluator.java:220)
	com.glide.script.fencing.GlideScopedEvaluator.evaluateScript(GlideScopedEvaluator.java:207)
	com.glide.processors.ScriptProcessor.evaluateScript0(ScriptProcessor.java:365)
	com.glide.processors.ScriptProcessor.lambda$evaluateScriptWithRecordingOption$0(ScriptProcessor.java:354)
	com.glide.rollback.recording.RollbackRecorder.execute(RollbackRecorder.java:67)
	com.glide.processors.ScriptProcessor.evaluateScriptWithRecordingOption(ScriptProcessor.java:354)
	com.glide.processors.ScriptProcessor.evaluateScript(ScriptProcessor.java:334)
	com.glide.processors.ScriptProcessor.runScript(ScriptProcessor.java:247)
	com.glide.processors.ScriptProcessor.process(ScriptProcessor.java:205)
	com.glide.processors.AProcessor.runProcessor(AProcessor.java:596)
	com.glide.processors.AProcessor.processTransaction(AProcessor.java:266)
	com.glide.processors.ProcessorRegistry.process0(ProcessorRegistry.java:181)
	com.glide.processors.ProcessorRegistry.process(ProcessorRegistry.java:169)
	com.glide.ui.GlideServletTransaction.process(GlideServletTransaction.java:44)
	com.glide.sys.Transaction.run(Transaction.java:2338)
	java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	java.lang.Thread.run(Thread.java:748)
string may not be encrypted : Could not fetch key information for encryption
x_572187_test: Name: abc    Password: U3EJeyRTcuQAy/GFvV7Qaa==

 

Does anyone know any other option for decrypting the 2-way encrypted password field in Quebec?

Note: I have tried this in 4 different PDI of Quebec but in 2 of them it is working as expected.

 

Thanks,

Hima

  • 3,732 Views
13 REPLIES 13

Jace Benson
Mega Sage

‎02-11-2021 11:31 PM

A few questions.

  1. What differences are there in versions on the instances, can you share the build tags?
  2. What scopes are the following in;
    • The Table with the Password2 field
    • The Password2 field
    • The Script executing the print out. (fix script/background script)

I tried this from a scope (with fix script in scope, field in scope, table in global) and got a cross-scope access policy error.

Are the cross scope policies set properly?  You can manually do that with a Cross-scope privilege record

 

If you can provide a small reproduceable proof of concept, that makes helping you easier.

0 Helpfuls

Hima
Tera Contributor
In response to Jace Benson

‎02-12-2021 12:38 AM

Hello Jace,

Find my Answers inline - 

  1. What differences are there in versions on the instances, can you share the build tags?
    There is no difference in instances, Both instances have build tag  'glide-quebec-12-09-2020__patch0-hotfix2-01-08-2021'
  2. What scopes are the following in;
      • The Table with the Password2 field - It is in one of my Application Scope
      • The Password2 field - It is in one of my Application Scope
      • The Script executing the printout. (fix script/background script) - it is from the background script with the same scope
0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron

‎02-12-2021 01:05 AM

@Hima 

I am able to get it in Quebec version

Version - glide-quebec-12-09-2020__patch0-hotfix2-01-08-2021

var gr = new GlideRecord('x_421457_testing_my_testing_table');
gr.get('24a66a5d2f5a6010aedd55f62799b6d0');

var encrypted = gr.my_password.getDecryptedValue();  
gs.info(encrypted);

Output:

[0:00:00.125] Script completed in scope x_421457_testing: script

Script execution history and recovery available here

x_421457_testing: testing

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader

Hima
Tera Contributor
In response to Ankur Bawiskar

‎02-12-2021 01:54 AM

Hi Ankur,

Thanks for the reply, I have tried the same script in one of my Quebec instances, but it is not working. but when I have run the same script in another Quebec instance(with the same build tag) it is working fine.

0 Helpfuls