Re: Cisco ISE Password encryption scheme on CSV export

wredelijkheid · ‎06-20-2017

Cisco ISE has the option to export the local user accounts to a CSV file. Passwords in that file are encrypted with a password which is entered upon export.
Now I want to create my own import files, but these need to contain the encrypted passwords (part of an automation process), and not the plain text versions. To do that I need to know which encryption scheme is used to created these encrypted passwords, so I can use this in the creation of the CSV files..

The following is test data I used to export, but I can’t figure out the (OpenSSL?/GPG?) encryption settings
User password = 1q2w3e4r5t6y7u8i9o0p
ISE Export/Import Password = 1234567890
Encrypted password in resulting CSV = m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI=

Anyone got any info on that?

nickbettison · ‎09-08-2017

Did you figure this out? The "encrypted" string is base64, which you can then pipe into openssl... but I've had no luck yet finding the correct combination.

nickbettison · ‎09-08-2017

For anyone who finds this, the following does NOT work, all error with bad magic number.

echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes-128-cbc -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes-128-cfb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes-128-cfb1 -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes-128-cfb8 -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes-128-ecb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes-128-ofb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes-192-cbc -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes-192-cfb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes-192-cfb1 -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes-192-cfb8 -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes-192-ecb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes-192-ofb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes-256-cbc -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes-256-cfb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes-256-cfb1 -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes-256-cfb8 -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes-256-ecb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes-256-ofb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes128 -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes192 -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -aes256 -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -bf -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -bf-cbc -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -bf-cfb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -bf-ecb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -bf-ofb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -blowfish -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -cast -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -cast-cbc -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -cast5-cbc -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -cast5-cfb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -cast5-ecb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -cast5-ofb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -des -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -des-cbc -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -des-cfb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -des-cfb1 -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -des-cfb8 -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -des-ecb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -des-ede -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -des-ede-cbc -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -des-ede-cfb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -des-ede-ofb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -des-ede3 -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -des-ede3-cbc -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -des-ede3-cfb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -des-ede3-cfb1 -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -des-ede3-cfb8 -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -des-ede3-ofb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -des-ofb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -des3 -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -desx -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -desx-cbc -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -rc2 -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -rc2-40-cbc -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -rc2-64-cbc -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -rc2-cbc -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -rc2-cfb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -rc2-ecb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -rc2-ofb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -rc4 -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -rc4-40 -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -seed -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -seed-cbc -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -seed-cfb -d -a -k 1234567890
echo m2VgunDTWtMt187knQGIUnvcZXr1Ld+uGMg3QKuqbGI= | openssl enc -seed-ecb -d -a -k 1234567890