Closed ajbrink88 closed 6 months ago
muemi03
commented
8 months ago Hi @ajbrink88 I recently observed the same and raised a question in the communities. If you like to take a look: https://community.broadcom.com/discussion/decrypt-graphman-client-exported-keys-or-secrets
Regards ...Michael
ajbrink88
commented
7 months ago After reading the community discussion it seems like this isn't a issue but a feature.
graju256
commented
7 months ago @ajbrink88 as it was mentioned in the community thread, adding the ability to the graphman (with the future gateway releases) to export secrets in OpenSSL enc friendly format. So that, you could be able to decrypt them outside of gateway if needed.
muemi03
commented
7 months ago Hi all. Meanwhile, I think a little different about this topic. At least for secrets. There is no need to be able to decrypt a password, similar to other password handlings. This is what I understand: 1) A secret can be set through graphman, either in clear text or encrypted by openssl. 2) A secret can be exported from one gateway and imported to another, meaning copied between gateways. Taking a look at operating systems for example, I am usually not able to figure out a password as well.
From this point of view, there is no need to have the possibility to decrypt an existing password. Just my opinion, as of now :) Best regards ...Michael
graju256
commented
6 months ago We continue to export the secrets in non-OpenSSL enc friendly format for security reasons. Otherwise, we still support importing the secrets to gateway encoded in OpenSSL enc friendly format.
Hi,
I am trying to decrypt one of the secrets that I have exported I am using the command that is listed in the README, using the 7layer passphrase for testing.
Using this I get a bad magic number error from openssl.