Genesys Engage on-premises

 View Only
Discussion Thread View
Expand all | Collapse all

How to Encrypt Password for Silent Install Xpassword field?

  • 1.  How to Encrypt Password for Silent Install Xpassword field?

    Posted 05-06-2021 14:57
    ​In many of the Genesys installations packages, there is a silent_install.ini file.  And it mentions you can use the 'xpassword=' field to enter an encrypted password.

    [ConfigServer]
    Host=<Host name>
    Port=<Port number>
    User=<User name>

    ; Password of Genesys Configuration Server.
    ; The password can be specified in encrypted or none encrypted form:
    ;  xPassword - is used to specify the encrypted password;
    ;  Password - is used to specify the non encrypted password;
    ; Only one of these keys must be specified in ini file.
    ;xPassword=<User's encrypted password>
    Password=<User's none encrypted password>


    Does anyone know how to generate the encrypted password?   I've tried everything.  Even opened a ticket with support.  But nothing has worked.

    Thanks in advance!
    #Implementation
    #PlatformAdministration
    #SystemAdministration
    #Unsure/Other

    ------------------------------
    Tony Morrow
    ------------------------------


  • 2.  RE: How to Encrypt Password for Silent Install Xpassword field?

    Posted 11-25-2021 10:01
    Did you manage to find an answer? I'm also trying to figure out how to get xPassword to work. Don't want to save passwords in plain text :)

    ------------------------------
    Jordan Cooke
    ACHMEA INTERNE DIENSTEN N.V.
    ------------------------------



  • 3.  RE: How to Encrypt Password for Silent Install Xpassword field?

    Posted 11-26-2021 09:32
    Edited by Saugort García 11-26-2021 09:47
    Hi,

    If you have access to your config server database, you should found the table cfg_person, if I am not wrong, xPassword should match with "salted_string" column

    Also check:

    https://docs.genesys.com/Documentation/System/8.5.x/SDG/UserPswds

    -> "Password Encryption"


  • 4.  RE: How to Encrypt Password for Silent Install Xpassword field?

    Posted 11-29-2021 09:27
    I think i tried the password from the database.  But I can try it again.

    ------------------------------
    Tony Morrow
    ------------------------------



  • 5.  RE: How to Encrypt Password for Silent Install Xpassword field?

    GENESYS
    Posted 11-26-2021 11:00
    Hello Tony,

    Config server can encrypt a plain text password and place it in a file and section of our choice. Try this out.

    1- Create a pass.txt file and place your password under a section. Here, my pass.txt has only the below two lines where abc123 is the plain text password which I would like to encrypt placed under a section [Section1].
    C:\EncrypTest\pass.txt file content:
    [Section1]
    password=abc123

    2. Now, run an instance of config server executable by passing -c and -p parameters like below. The executable self terminates after adding the encrypted password to pass.txt without interfering with any running instance of configuration server.

    C:\GCTI\APPS\CS> .\confserv.exe -c C:\EncrypTest\pass.txt -p Section1 "abc123"
    where
    -c is the full path to the pass.txt file
    -p is  in the format <section name in the pass.txt file under which the plain password is placed> "Password in plain text"

    3- Result:
    C:\GCTI\APPS\CS> .\confserv.exe -c C:\EncrypTest\pass.txt -p Section1 "abc123"
    Genesys Configuration Server. Version 8.5.101.60
    Copyright (c) 1997-2020 Genesys Telecommunications Laboratories, Inc.
    Build information :
    Description : (Content Freeze)
    Timestamp : Jan 27 2021 23:23:20
    Version : 8.5.101.60
    Components :
    Configuration library v.8.5.100.40
    Common library v.8.5.100.80 C2 MT-Safe
    Service library v.8.5.100.35 MT
    Message library v.8.5.100.22
    Log library v.8.5.100.49 MT
    LCA library v.8.5.100.33
    Thread library v.8.5.100.31
    DBServer library v.8.5.101.30
    Genesys License library v.none
    License library v.none
    Stat Script library v.8.5.106.05

    Database password encrypted in the configuration file
    4- The pass.txt after the command execution.
    [Section1]
    password=004028550714770F <<~~ Encrypted password

    [confserv] <<~~ Added automatically by confserv executable
    encryption=true

    Source doc [Encrypting the Configuration Database Password]: https://docs.genesys.com/Documentation/FR/Current/Dep/DepCS#t-0

    Note: I haven't tested the encrypted password generated this way works on silent installation.

    ------------------------------
    Vinod Balan
    Genesys - Employees
    ------------------------------



  • 6.  RE: How to Encrypt Password for Silent Install Xpassword field?

    Posted 11-29-2021 09:31
    Edited by Tony Morrow 11-29-2021 09:36
    I did try this already.  But it does not work.

    Thanks.

    ------------------------------
    Tony Morrow
    ------------------------------



  • 7.  RE: How to Encrypt Password for Silent Install Xpassword field?

    GENESYS
    Posted 12-01-2021 01:49
    Hello everyone,

    The method mentioned above works only for passwords used in configuration files (confserv.cfg / confserv.conf) when encryption=true set under [confserv] section. This method does not work for silent installation.

    C:\GCTI\APPS\CS> .\confserv.exe -c C:\EncrypTest\pass.txt -p Section1 "abc123"

    Our development team mentioned that the documentation reference on silent installation was meant to be used only for remote installation via GA & GDA and never meant to be used to automate an installation. As GDA is no longer available, there are no further enhancements on silent installation topic.

    We will pass on your comments to our development team to see if they can suggest a way to automate the installation process with encrypted password. For now, we will push for a documentation correction on the link below.
    https://docs.genesys.com/Documentation/FR/Current/Dep/SilentSetup

    ------------------------------
    Vinod Balan
    Genesys - Employees
    ------------------------------



  • 8.  RE: How to Encrypt Password for Silent Install Xpassword field?

    GENESYS
    Posted 11-28-2021 19:46
    Hi Tony,

    I am concerned that you raised a case with support and didn't get an answer.

    Could you please share the case number so that I can investigate what went wrong on our side.

    Regards
    Andrew

    ------------------------------
    Andrew Soroka
    Genesys - Employees
    ------------------------------



  • 9.  RE: How to Encrypt Password for Silent Install Xpassword field?

    Posted 11-29-2021 12:30
    Here is the case #0002728719​.

    Looking back at the ticket, they wanted Config Server logs, config details, etc. and thus seemed like they didn't have an understanding of the issue.  Versus just providing steps on how to generate the xPassword first.

    I ended up getting tied up with many other issues and didn't get a chance to circle back to it.

    ------------------------------
    Tony Morrow
    ------------------------------



  • 10.  RE: How to Encrypt Password for Silent Install Xpassword field?

    GENESYS
    Posted 11-30-2021 00:12
    Edited by Andrew Soroka 11-30-2021 00:16

    Hi Tony,

    Thanks for that, things might have gone better if we were in the same timezone and just had a phone conversation.  I agree that we were not on the same wavelength. I do apologize.

    The Genesys silent install is described in the framework deployment guide (page 225).  This only works for the servers:
    Configuration Server
    Message Server
    Solution Control Server
    T-Server
    HA Proxy
    Stat Server

    My understanding is that you have a custom PSDK application that needs to authenticate against config server and you want to hold the password in non clear text.

    Looking at the PSDK documentation, you need to specify the Username, Application name and password at the time of the ConfServerProtocol.open() function call.

    At this point you need to have the password in clear text.  As far as I can tell there is no way around this.

    What you can do is write a basic custom encrypt/decrypt function.  The encrypt is a standalone program that you use to generate your "encrypted" text for your custom ini file. In your code you you reverse this process at runtime.  Clearly this is not going to be high grade security as the encryption key would need to be hard coded in your routines.

    I talked to some developers and they would use something like base64 encode/decode.  It is marginally better than plain text, but its not real security.

    From a security perspective you could use the operating system permissions to protect the .ini file, so the only person that could read the file would have the password anyway.

    Alternately I suppose you could rely on SSO, so you would not need the cfg password.

    I hope this helps.

    If not then please raise a new case and we can ask engineering how they implemented Silent Install.

    Regards
    Andrew



    ------------------------------
    Andrew Soroka
    Genesys - Employees
    ------------------------------



  • 11.  RE: How to Encrypt Password for Silent Install Xpassword field?

    Posted 11-30-2021 12:52
    The PSDK topic can be ignored for now.

    We are having to automate our installs, and thus we are attempting to use the xPassword field.

    ------------------------------
    Tony Morrow
    ------------------------------