OWASP O2 Platform Blog

Solved the problem with decryping AmazonEC2 Instance’s password

I was able to solve the problem I had with decrypting the AmazonEC2 instance’s password.

Here is the code that is part of the API_AmazonEC2.cs script

        public static string getPassword(this API_AmazonEC2 amazonEC2, RunningInstance runningInstance)   
        {   
            "Tests on  instance with ID: {0}".info(runningInstance.InstanceId);                                       
            var ec2Client = amazonEC2.getEC2Client(runningInstance.Placement.AvailabilityZone.removeLastChar());
            var passwordResponse = ec2Client.GetPasswordData(new GetPasswordDataRequest().WithInstanceId(runningInstance.InstanceId));
            "raw password data : {0}".info(passwordResponse.GetPasswordDataResult.ToXML());                       
            var decryptedPassword = amazonEC2.ApiRsa.decryptPasswordUsingPem(passwordResponse.GetPasswordDataResult.PasswordData.Data);                
            "decrypted password: {0}".info(decryptedPassword);
            return decryptedPassword;           
           }

which calls the ApiRsa.decryptPasswordUsingPem(passwordResponse.GetPasswordDataResult.PasswordData.Data) method from the newly created API_RSA.cs script:

// This file is part of the OWASP O2 Platform (<a href="http://www.owasp.org/index.php/OWASP_O2_Platform">http://www.owasp.org/index.php/OWASP_O2_Platform</a>) and is released under the Apache 2.0 License (<a href="http://www.apache.org/licenses/LICENSE-2.0">http://www.apache.org/licenses/LICENSE-2.0</a>)
using System;
using System.IO;
using System.Text;
using O2.Kernel;
using O2.Kernel.ExtensionMethods;
using O2.DotNetWrappers.ExtensionMethods;
using O2.DotNetWrappers.Windows;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Encodings;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Crypto.Engines;
//O2Ref:itextsharp.dll
//O2Ref:O2_DotNetWrappers.dll
//O2Ref:O2_Kernel.dll</pre>
 

namespace O2.XRules.Database.APIs
{   
    public class API_RSA
    {   
        public string PathToPemKey { get;set;}
       
        public API_RSA()
        {}
       
        public API_RSA(string pathToPemKey)
        {
            PathToPemKey = pathToPemKey;
        }
       
        public  string decryptPasswordUsingPem(string password)
        {
            try
            {
                var passwordBytes = Convert.FromBase64String(password); 
                AsymmetricCipherKeyPair keyPair;
                PathToPemKey =  PathToPemKey ?? "Where is the PEM private Key".askUser();
               
               
                using (var reader = File.OpenText(PathToPemKey)) 
                    keyPair = (AsymmetricCipherKeyPair) new PemReader(reader).ReadObject();
               
                var decryptEngine = new Pkcs1Encoding(new RsaEngine());
                decryptEngine.Init(false, keyPair.Private);
                
                var decryptedPassword = Encoding.UTF8.GetString(decryptEngine.ProcessBlock(passwordBytes, 0, passwordBytes.Length));
                
                return decryptedPassword;
            }
            catch(Exception ex)
            {
                "[API_RSA] in decryptPasswordUsingPem: {0}".error(ex.Message);
                return "";
            }
        }
    }       
}

April 16, 2011 - Posted by | EC2

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: