Is it possible to manually (e.g. with a script) decrypt attachments, encrypted with the Encryption Support plugin?

Bozhidar Dimitr
Giga Expert

‎08-08-2017 07:48 AM

Greetings,

I am using the Encryption Support plugin to encrypt attachments, but I want to be able to restore them back to the state they were before they were encrypted. Is it possible to do this via script or any way at all and if possible - how?

Thanks in advance,

Bozhidar

0 Helpfuls
  • 2,818 Views
6 REPLIES 6

Inactive_Us1474
Giga Guru

‎08-08-2017 12:39 PM

Have you tried using scheduled job : Schedule an attachment decryption job


0 Helpfuls

Bozhidar Dimitr
Giga Expert
In response to Inactive_Us1474

‎08-08-2017 10:59 PM

Greetings, Akhil, and thanks for the answer,



As I said, I'm using the Encryption Support plugin and this is of no use as it's for Edge Encryption. The thing is that the encryption happens by calling a method of the GlideSysAttachment class as so:



new GlideSysAttachment().changeEncryptionContext(tableName,


  tableSysId,


  attachmentSysId,


  contextID);



and I'm looking for a similar method to decrypt. I've tried logging the properties of the GlideSysAttachment class and its prototype, but I couldn't find anything useful (and I also couldn't log the changeEncryptionContext, so I'm guessing the encryption methods are injected into the GlideSysAttachment class' prototype, but I can't find anything on the topic. Any other suggestions?


0 Helpfuls

dancook
Kilo Contributor
In response to Bozhidar Dimitr

‎01-24-2019 02:21 AM

Hi Bozhidar, did you find a way to do this or have a work around?

 

0 Helpfuls

mikeadler
ServiceNow Employee
ServiceNow Employee
In response to dancook

‎01-24-2019 03:48 PM

Hi Dan and Bozhidar,

I'm glad you're revisiting this topic. The good news is that there is a method that you might find helpful to do this. The script that follows is a fairly elementary one that decrypts a particular attachment for an incident record. I think this could a building block as part of your next steps to decrypt particular attachments of interest. After successfully running the script, the padlock icon will be removed from the encrypted attachment when viewing the incident record and in the sys_attachment table, the attachment entry's encryption context will be "empty".

Decryption();
 
  function Decryption() {
	gs.log("*********** DECRYPTION RUN BY " + gs.getUserName());
	decryptAttachments("incident");
	gs.log("*********** DECRYPTION COMPLETED");
  }
 
  // Note that whomever runs this script must have access to use the specified encryption context or nothing will happen 

  function decryptAttachments(table) {
 
	gs.log("*********** BEGIN DECRYPTING ATTACHMENTS FOR " + table + " TABLE");
	var attachmentGR = new GlideRecord("sys_attachment");
	attachmentGR.addQuery("sys_id", "2c181788dbdf2f0035ccd8c75e96198b"); // only attachment sys_id for the specified glide record
	attachmentGR.query();
	var count = 0;
	while (attachmentGR.next()) {
		var sysAttachment = new GlideSysAttachment();
		sysAttachment.changeEncryptionContext(attachmentGR.getValue("table_name"), attachmentGR.getValue("table_sys_id"), 
			attachmentGR.sys_id, null);
		gs.log("*********** DECRYPTED [" + attachmentGR.sys_id + "] " + attachmentGR.getValue("file_name"));
		count++;
	}
	gs.log("*********** DECRYPTED " + count + " ATTACHMENTS FOR " + table + " TABLE");
	return count;
  }

Output from the above script shows a successful completion:

Could you please kindly indicate if my response was helpful and/or correct in your reply and for the benefit of the community?

Thanks,

Mike