To satisfy the decision makers that we can figure out how to reverse the decryption having backed up the keys and filesystem, can you give an openssl enc commandline to decrypt a file? It should be something like:

openssl enc -<cipher> -d -K <key> -iv <IV> -in <infile> -o <outfile>

So far I've had no success trying various combinations of DES ciphers and options.

Try only with Key (without IV)

Hang on, I had to generate a key and IV within Jira; how can it decrypt without an IV? And what cipher should I be using? There are lots of DES variants supported by openssl:

• des
• des3
• des-cbc
• des-cfb
• des-ecb
• des-ede
• des-ede3
• des-ede3-cbc
• des-ede3-cfb
• des-ede3-ofb
• des-ede-cbc
• des-ede-cfb
• des-ede-ofb
• des-ofb
• desx

Also, are there any padding or salt options I should be passing?

Currently, we are working in order to change DES for AES method. 

In this case (DES), is only necessary the key, because we are using DESKeySpec class (provided by java) .Maybe, this page can help you. (https://www.programcreek.com/java-api-examples/?api=javax.crypto.spec.DESKeySpec)

On the other hand, I think that is not possible decrypt if you don't use JIRA. 

When you do the Cipher.getInstance(), what are you passing it? Can you post the scrap of code you're actually using?

Hi Gregory,

 I have similar questions to yours, If we were to do this we have a requirement to be able to decrypt the data independently of JIRA. Did you ever work out how to do this?

Glenn.

Nope, we gave up on this vendor. Single DES uses a 56-bit key, which is insufficient . I stopped working on trying to decrypt manually when I realized how insecure it was. I might take another look if/when they manage to support AES (really, how hard do they think it is? it's just a slightly different Java API).

Thanks for the info. Yes that is not sufficient. We would need it to be AES 256 to look at seriously.

Addon works with AES  (AES/CBC/PKCS5Padding) even for attachments since 1.6.3 plugin version. 

About decrypt the data independently of JIRA, I think that is not possible at the moment, but we are going to create a ticket. 

Thanks for the update Alberto, good to hear about AES support. Let us know if there are developments with decrypt the data independently of JIRA in the future.