Feature #12684
closed
Automatic encryption/decryption of config files, for pfSense ECL configuration feature
0%
Description
Reading a bit about Confiuration restore from USB device : /conf/config.xml
And especially ECL, as recovery ....
https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#auto-restore-usb
I would love to be able to use that feature ECL Restore Config ,on remote sites, but my "tinfoil hat" is not happy with handing out a config in clear text.
And since an ECL Restore probably isn't designed to magically know my encryption password, entered when taking the backup.
Would it be possible to get an additional encryption method, based on ???
pfSense Device id or "Mac address of first network adapter" or CPU Serial .
I would like to be able to select "Auto Encryption via device id"
And then pfSense would/should be able to "Auto Decrypt" the config file using the same key used above.
I have no idea how to signal to pfSense that the file is Auto/Device encrypted.
But maybe the filename could be config.enc as opposed to config.xml.
Would that be something Netgate would be interested in implementing ?
Updated by Viktor Gurov over 3 years ago
I think it's better to add a password prompt to test_config() if "---- BEGIN config.xml ----" header is found:
https://github.com/pfsense/pfsense/blob/master/src/etc/ecl.php#L84
Updated by Bingo Bingo over 3 years ago
The whole idea is for this to run wo. any user interaction , using a Device derived key , for both encryption & decryption.
But if you can add some "magic" to the config.xml , that makes it recognized as a Device/Auto encrypted file , then fine with me.
Updated by Jim Pingle over 3 years ago
- Category changed from Configuration Upgrade to Backup / Restore
- Status changed from New to Rejected
Using any predictable value as encryption/decryption key is not going to happen. It wouldn't be any better than handing someone a clear config if they have access to the hardware.
I could maybe see loading a passphrase from a file on the same directory as an encrypted configuration but even that doesn't seem like a great idea, again, because if you don't trust the person receiving the config to see it in the clear, why give them the passphrase in any form.
Either way it's more security theater than actual security and not viable.
Updated by Viktor Gurov over 3 years ago
Password prompt on encrypted ECL config.xml load:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/563
moved to #12685