Normally we use any of decrypting software’s to decrypt the Cisco type 7 passwords, which were encrypted by using a Cisco IOS command “service password-encryption”.  Image you don’t have an access to the internet or you don’t have a Cisco password decrypting software’s, what you will do in this situation. No worries you can use the Cisco Router or a Cisco Switch itself to decrypt the Cisco type 7 passwords.  Amazing isn’t it! We can make use of a feature call “key chain” to decrypt the encrypted type 7 passwords. To demonstrate I am just creating a scenario

Step 1

Create a username in your Cisco device and encrypt the password  by using following commands

ITKE-AS01(config)#username itke password joinitke

ITKE-AS01(config)# service password-encryption


Step 2

Let’s see user name and password we created

ITKE-AS01#sho run | include username

username itke password 7 12130A1E1C02180F2F



We can see “7 12130A1E1C02180F2F” is the encrypted password for joinitke which we created in step 1.

Step 3

Now we need to create a key chain and copy the encrypted password as the key string as demonstrated below

ITKE-AS01(config)#key chain getpassword

ITKE-AS01(config-keychain)#key 1

ITKE-AS01(config-keychain-key)#key-string 7 12130A1E1C02180F2F


Step 4

Now we can see the decrypted password by using the Cisco IOS command “show key chain getpassword”

ITKE-AS01#show key chain getpassword

Key-chain getpassword:

key 1 — text “joinitke”

accept lifetime (always valid) – (always valid) [valid now]

send lifetime (always valid) – (always valid) [valid now]



Amazing we can use a Cisco Router or a Cisco Catalyst Switch to decrypt the type 7 encrypted passwords. Use this and do let me know.