Project

General

Profile

Actions
Copy link

Feature #12684

closed

Automatic encryption/decryption of config files, for pfSense ECL configuration feature

Added by Bingo Bingo over 3 years ago. Updated over 3 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Backup / Restore
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

See
https://forum.netgate.com/topic/169077/improvement-idea-configuration-backup-restore-encryption-and-ecl

Reading a bit about Confiuration restore from USB device : /conf/config.xml
And especially ECL, as recovery ....
https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#auto-restore-usb

I would love to be able to use that feature ECL Restore Config ,on remote sites, but my "tinfoil hat" is not happy with handing out a config in clear text.
And since an ECL Restore probably isn't designed to magically know my encryption password, entered when taking the backup.

Would it be possible to get an additional encryption method, based on ???
pfSense Device id or "Mac address of first network adapter" or CPU Serial .

I would like to be able to select "Auto Encryption via device id"
And then pfSense would/should be able to "Auto Decrypt" the config file using the same key used above.

I have no idea how to signal to pfSense that the file is Auto/Device encrypted.
But maybe the filename could be config.enc as opposed to config.xml.

Would that be something Netgate would be interested in implementing ?

Actions
Copy link

Also available in: Atom PDF