How to decrypt answer to password reset question

michaelforward · ‎01-12-2016

I'm trying to decrypt the answer field in the pwd_reset_answer table within the PW Reset module.

The dictionary shows the field type as 2-Way Encrypted which should allow decryption, however when I attempt to decrypt a value with the decrypt() function from the GlideEncrypter package, I get the following error:

string may not be encrypted : Input length must be multiple of 8 when decrypting with padded cipher

Here is the script I used to attempt the decryption

var id = "186dcf4b4f7096001c53b4a18110c74e";

var Encrypter = new GlideEncrypter();

var a_encrypted = "";

var a_decrypted = "";

var gr = new GlideRecord('pwd_active_answer');

gr.get(id);

a_encrypted = gr.answer;

a_decrypted = Encrypter.decrypt(a_encrypted);

gs.print(a_decrypted);

Is decryption from our end even possible for this particular encrypted field?

sergiu_panaite · ‎01-12-2016

What if you insert a new row in that table with a new answer. Are you able to decrypt it?

I am trying to understand if you have corrupted data in the table before the upgrade to Fuji and that data might need manual fix, but as field now is 256 should not cause issues for new data.

Regards,

Sergiu

michaelforward · ‎01-12-2016

When I insert a new record directly into the table, I am able to decrypt the answer successfully.

This means that there must be some different type of encryption going on when the record is created through the standard enrollment process.

I only get the error when trying to decrypt answers created through the enrollment process and after tracing the pwd script includes it looks like the code that actually create these records is not exposed.