Forum / Remote Desktop Manager - Feature Request

Shared passphrase security provider decryption

  • Create an Issue
  • Cancel

Is it possible to decrypt the data from a connection using the 'Shared passphrase' security provider?

I tried the same algorithm used for the 'Allow password for external system' setting, but it didn't work. A link to some example code in the dialog would be a world of help. Since you are allowing the key to be set, I would think that allowing the end-user to decrypt it themselves wouldn't be a problem, since they know the key already.

Clock8 yrs

Hi,
We use a mix of our private key and the shared key to ensure that it's secure even if one of your employee knows the shared key. We could create a new provider which offers this feature if you want? This is not yet available in the SDK but it's something we want.
<em>edited by dhervieux on 8/2/2011</em>

David Hervieux

signaturesignature

Clock8 yrs

Ah. That would explain why I can't decrypt it. A new provider that allows for this would be great, as it would allow us to store all data encrypted in the database, but still have our portal able to display it.

Clock8 yrs

David,

Sorry to resurrect an old feature request, but I wanted to see if you had given any additional thought to implementing this and/or a timeframe on when it might become available. Due to compliance requirements, we will likely either need to enable the encryption of all connections in RDM or use MSSQL encryption to protect the database.

I'd prefer not to have to deal with the hassle of implementing MSSQL database encryption if I don't have to. Though at this particular point in time, it would seem to be my only option, as integration with our other systems would be broken if I turned on RDM's encryption algorithm.

Clock7 yrs

Hi,
I'm not sure exactly what you need. You want to decrypt the whole XML?

David Hervieux

signaturesignature

Clock7 yrs

Yes, it would be nice to be able to decrypt XML data using a pre-shared key.

Clock7 yrs

The only problem I see, it's the password. It's always double encrypted. Do you need it? do you think that our PowerShell extension could do the work?

David Hervieux

signaturesignature

Clock7 yrs

If you mean the password for the connection (i.e. the RDP user password), that is fine. You already added a method last year sometime to decrypt that. The password decryption is read-only, but it works for our minimum needs (basically a fail-safe backup of the RDM connections).

If you're talking about the pre-shared key, that would also be fine. The PSK being encrypted with Devolutions private key within the database would just be how you stored it for use in RDM. My code would have a copy for itself that would be manually distributed, so as long as the one my code has matches the one RDM uses, everything works fine.

Clock7 yrs

Forgot to reply to the Powershell piece. A Powershell extension might provide all the interaction we could need if it can provide decrypted data. Our systems would have to be partially redesigned to use it, though. Most of our systems (outside of AD and Exchange) run on Linux, so we can't use a Powershell extension (or any .NET code, for that matter) directly within our systems. So we would have to write some sort of proxy service on a Windows machine that would take data from the Powershell extension and pass it to our systems via a custom-designed API.

With the advent of Remote Desktop Manager Server, if there were a way to create a special user type that could read the XML data (and the already decryptable session password) in an unencrypted form (or at least encrypted with something reversible by non-Devolution's code), that would also work. It would be even better if RDMS had an API of sorts that could also manipulate data (obviously, if you knew some key specific to that instance), but that may just be me shooting for the moon there.

Clock7 yrs

Hi,
Our current PowerShell CmdLet allow you to read the session and extract all the data you need.

http://help.remotedesktopmanager.com/powershell_cmdlets.htm

We could extend if you need more specific feature like maybe the export of the Xml. Maybe just an automated export of the database to an xml file encrypted with your own provider could do the trick?

David Hervieux

signaturesignature

Clock7 yrs

The Powershell extension looks pretty neat, actually. From the documentation, though, it seems like it is meant to be used while the Remote Desktop Manager client is up and running. For our use-case, it would be used on a web server without RDM running, so I'm not sure if it wold really work.

The automated export of the database(s) into an XML file that we could decrypt would definitely do the trick. The only thing we would require in addition to the basic export would be the decryption of passwords (and they could be encrypted with a separate key for security). We've been bitten by the SQL server supporting RDM going down unexpectedly twice now. You don't realize how much you rely on a system until you have to work without it for a little while (hence the reason we want to provide a fail-safe that is always kept in sync with RDM).

Clock7 yrs