pfSense

This feature request is following a community post at https://forum.netgate.com/topic/183662/backup-encryption-using-a-public-key

Hello,

Currently the manual backup encryption is using a password the user needs to submit to the device, which is not so friendly and somewhat less secure, since browsers are multi-purpose and has plugins/addons that at times discovered as malicious.

So, I thought - why not do this encryption using a public key?
It can use the current users mechanism, as a user object can store a public key value, currently for SSH access authentication, but it can also be used to encrypt and sign the backup. One can even create a special user just for the goal of backup.

I guess this method can also be applied to the scheduled backups to the pfSense cloud, the "Auto Config Backup" feature.

This way the risk of password leak/exposure or even folks fear that pfSense will "steal" this password, will be gone.
Also, it should be easier for users to verify the authenticity and integrity of the output file and to decrypt it offline when needed, to read the plain text configuration XML file.

Thank you!