Cannot able to decrypt the password field in Quebec version of SeviceNow in scoped application

Hima
Tera Contributor

‎02-11-2021 11:04 PM

Hello Everyone,

While testing my App with the Quebec version of ServiceNow I'm facing an issue while decrypting the 2-way encrypted password. I was using gr.<field_name>.getDecryptedValue() to decrypt the password but Quebec cannot able to decrypt the password.

Find the below results when I tried to decrypt the password it printing encrypted password value only

Fetched crypto module 7d7ee9e3b7030010ebf7082e7e11a979 from cache
Fetched crypto module 7d7ee9e3b7030010ebf7082e7e11a979 from cache
Failed to read nae KMF properties from glide.kmf.properties
Failed to read KMF keysecure properties from glide.kmf.keysecure.properties
KMF keystore properties file: glide.kmf.keystore.properties not found
Failed to read nae KMF properties from glide.kmf.properties
Failed to read KMF keysecure properties from glide.kmf.keysecure.properties
KMF keystore properties file: glide.kmf.keystore.properties not found
Failed to read nae KMF properties from glide.kmf.properties
Failed to read KMF keysecure properties from glide.kmf.keysecure.properties
KMF keystore properties file: glide.kmf.keystore.properties not found
Failed to read nae KMF properties from glide.kmf.properties
Failed to read KMF keysecure properties from glide.kmf.keysecure.properties
KMF keystore properties file: glide.kmf.keystore.properties not found
Failed to read nae KMF properties from glide.kmf.properties
Failed to read KMF keysecure properties from glide.kmf.keysecure.properties
KMF keystore properties file: glide.kmf.keystore.properties not found
Failed to read nae KMF properties from glide.kmf.properties
Failed to read KMF keysecure properties from glide.kmf.keysecure.properties
KMF keystore properties file: glide.kmf.keystore.properties not found
Found keyId : 1b87ad2073321010fa4be27bcaf6a730 in store : com.glide.kmf.KMFDBInstanceKeyStore@53dafc
Found wrapped key in repo. Attempting to unwrap.
Key id kmf_file_keystore_imk NOT found in repo for registry KMFMasterKeyRegistry
Failure getting key from the KMF.  Key ID: 1b87ad2073321010fa4be27bcaf6a730, Error: com.glide.kmf.commons.CryptoOperationException: Error decrypting key bytes, key not present.: com.glide.kmf.commons.CryptoOperationException: Error decrypting key bytes, key not present.: 	com.glide.kmf.KMFFormattedKeyUnwrappingOperation.decryptKeyBytes(KMFFormattedKeyUnwrappingOperation.java:56)
	com.glide.kmf.LocalRegistryWrapper.unwrapKey(LocalRegistryWrapper.java:42)
	com.glide.kmf.AKMFKeyRegistry.getKeyById(AKMFKeyRegistry.java:104)
	com.glide.kmf.KMFInstanceKeyRegistry.getKeyByType(KMFInstanceKeyRegistry.java:116)
	com.glide.kmf.LocalRegistryWrapper.computeHMAC(LocalRegistryWrapper.java:48)
	com.glide.kmf.AKMFKeyRegistry.validateHmac(AKMFKeyRegistry.java:357)
	com.glide.kmf.KMFModuleKeyRegistry.getKeyById(KMFModuleKeyRegistry.java:143)
	com.glide.kmf.KMFModuleKeyRegistry.getKeyByType(KMFModuleKeyRegistry.java:71)
	com.glide.kmf.KMFOutputBaseBuilder.getKMFOutputObject(KMFOutputBaseBuilder.java:98)
	com.glide.kmf.KMFOutputStringBuilder.apply(KMFOutputStringBuilder.java:22)
	com.glide.kmf.KMFGlideEncrypter.decrypt(KMFGlideEncrypter.java:159)
	com.glide.script.glide_elements.GlideElementPassword2.getDecryptedValueFromScript(GlideElementPassword2.java:120)
	com.glide.script.fencing.ScopedGlideElement.jsFunction_getDecryptedValue(ScopedGlideElement.java:133)
	sun.reflect.GeneratedMethodAccessor1256.invoke(Unknown Source)
	sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	java.lang.reflect.Method.invoke(Method.java:498)
	org.mozilla.javascript.MemberBox.invoke(MemberBox.java:138)
	org.mozilla.javascript.FunctionObject.doInvoke(FunctionObject.java:670)
	org.mozilla.javascript.FunctionObject.call(FunctionObject.java:614)
	org.mozilla.javascript.ScriptRuntime.doCall(ScriptRuntime.java:2609)
	org.mozilla.javascript.optimizer.OptRuntime.callProp0(OptRuntime.java:85)
	org.mozilla.javascript.gen.null_null_script_4796._c_script_0(null.null.script:3)
	org.mozilla.javascript.gen.null_null_script_4796.call(null.null.script)
	org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:563)
	org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3459)
	org.mozilla.javascript.gen.null_null_script_4796.call(null.null.script)
	org.mozilla.javascript.gen.null_null_script_4796.exec(null.null.script)
	com.glide.script.ScriptEvaluat...
[truncated]
...va:748)
HMAC validation failed for: 0eef3e7073321010fa4be27bcaf6a72c : com.glide.kmf.AKMFKeyRegistry$KeyRegistryException: Error while computing HMAC at com.glide.kmf.LocalRegistryWrapper@17af773. Could not retrieve hmac key from com.glide.kmf.KMFInstanceKeyRegistry: com.glide.kmf.AKMFKeyRegistry$KeyRegistryException: Error while computing HMAC at com.glide.kmf.LocalRegistryWrapper@17af773. Could not retrieve hmac key from com.glide.kmf.KMFInstanceKeyRegistry: 	com.glide.kmf.AKMFKeyRegistry.validateHmac(AKMFKeyRegistry.java:359)
	com.glide.kmf.KMFModuleKeyRegistry.getKeyById(KMFModuleKeyRegistry.java:143)
	com.glide.kmf.KMFModuleKeyRegistry.getKeyByType(KMFModuleKeyRegistry.java:71)
	com.glide.kmf.KMFOutputBaseBuilder.getKMFOutputObject(KMFOutputBaseBuilder.java:98)
	com.glide.kmf.KMFOutputStringBuilder.apply(KMFOutputStringBuilder.java:22)
	com.glide.kmf.KMFGlideEncrypter.decrypt(KMFGlideEncrypter.java:159)
	com.glide.script.glide_elements.GlideElementPassword2.getDecryptedValueFromScript(GlideElementPassword2.java:120)
	com.glide.script.fencing.ScopedGlideElement.jsFunction_getDecryptedValue(ScopedGlideElement.java:133)
	sun.reflect.GeneratedMethodAccessor1256.invoke(Unknown Source)
	sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	java.lang.reflect.Method.invoke(Method.java:498)
	org.mozilla.javascript.MemberBox.invoke(MemberBox.java:138)
	org.mozilla.javascript.FunctionObject.doInvoke(FunctionObject.java:670)
	org.mozilla.javascript.FunctionObject.call(FunctionObject.java:614)
	org.mozilla.javascript.ScriptRuntime.doCall(ScriptRuntime.java:2609)
	org.mozilla.javascript.optimizer.OptRuntime.callProp0(OptRuntime.java:85)
	org.mozilla.javascript.gen.null_null_script_4796._c_script_0(null.null.script:3)
	org.mozilla.javascript.gen.null_null_script_4796.call(null.null.script)
	org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:563)
	org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3459)
	org.mozilla.javascript.gen.null_null_script_4796.call(null.null.script)
	org.mozilla.javascript.gen.null_null_script_4796.exec(null.null.script)
	com.glide.script.ScriptEvaluator.execute(ScriptEvaluator.java:279)
	com.glide.script.ScriptEvaluator.evaluateString(ScriptEvaluator.java:118)
	com.glide.script.ScriptEvaluator.evaluateString(ScriptEvaluator.java:82)
	com.glide.script.fencing.GlideScopedEvaluator.evaluateScript(GlideScopedEvaluator.java:315)
	com.glide.script.fencing.GlideScopedEvaluator.evaluateScript(GlideScopedEvaluator.java:220)
	com.glide.script.fencing.GlideScopedEvaluator.evaluateScript(GlideScopedEvaluator.java:207)
	com.glide.processors.ScriptProcessor.evaluateScript0(ScriptProcessor.java:365)
	com.glide.processors.ScriptProcessor.lambda$evaluateScriptWithRecordingOption$0(ScriptProcessor.java:354)
	com.glide.rollback.recording.RollbackRecorder.execute(RollbackRecorder.java:67)
	com.glide.processors.ScriptProcessor.evaluateScriptWithRecordingOption(ScriptProcessor.java:354)
	com.glide.processors.ScriptProcessor.evaluateScript(ScriptProcessor.java:334)
	com.glide.processors.ScriptProcessor.runScript(ScriptProcessor.java:247)
	com.glide.processors.ScriptProcessor.process(ScriptProcessor.java:205)
	com.glide.processors.AProcessor.runProcessor(AProcessor.java:596)
	com.glide.processors.AProcessor.processTransaction(AProcessor.java:266)
	com.glide.processors.ProcessorRegistry.process0(ProcessorRegistry.java:181)
	com.glide.processors.ProcessorRegistry.process(ProcessorRegistry.java:169)
	com.glide.ui.GlideServletTransaction.process(GlideServletTransaction.java:44)
	com.glide.sys.Transaction.run(Transaction.java:2338)
	java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	java.lang.Thread.run(Thread.java:748)
string may not be encrypted : Could not fetch key information for encryption
x_572187_test: Name: abc    Password: U3EJeyRTcuQAy/GFvV7Qaa==

 

Does anyone know any other option for decrypting the 2-way encrypted password field in Quebec?

Note: I have tried this in 4 different PDI of Quebec but in 2 of them it is working as expected.

 

Thanks,

Hima

  • 3,735 Views
13 REPLIES 13

Mason7
Kilo Explorer
In response to ChrisRoyer

‎04-28-2021 01:36 PM

I believe the issue has been resolved, but if your instances are still seeing the issue after the upgrade to Quebec, you'll need to contact HI support and have them reinstall/repair the KMF plugin. We had the same problem, but after doing this, the issue was fixed

0 Helpfuls

Community Alums
Not applicable

‎05-28-2021 09:52 AM

Hi Hima,

Were you able to get this sorted?

I am having an issue that believe might be related to this. When attempting to follow the steps on a youtube tutorial in my Quebec Patch 0 PDI, I am getting a "Failure getting key from the KMF" and "HMAC validation failed" errors.

https://youtu.be/2zjMiLe-ZSk?t=1253

Any help would be much appreciated.

0 Helpfuls

Dan Ellis
Kilo Sage
In response to Community Alums

‎05-28-2021 10:23 AM

I believe ServiceNow have fixed this on all impacted customer environments on 14 May.

This was the known error article: https://support.servicenow.com/kb?sysparm_article=KB0961282&id=kb_article_view

I recommend you upgrade your developer instance to the latest Quebec patch and see if ServiceNow have included the fix in an official patch yet.

Rasazna Konagal
ServiceNow Employee
ServiceNow Employee

‎05-30-2022 07:28 AM

seeing the same issue on Sandeigo release as well, which was previously working fine on Rome platform.