Project

General

Profile

Actions

Todo #15521

closed

Add alert to use single quotes as escape characters when decrypting config.xml using OpenSSL on command line

Added by Chris W 7 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Backup / Restore
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:

Description

https://docs.netgate.com/pfsense/en/latest/backup/restore.html#encrypted-configuration-files

A password such as V!4z!$3YvpYs5e will need single quotes surrounding it or an error is returned. Version is OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023).

openssl enc -d -a -aes-256-cbc -in config-pfSense.home.arpa-20240525205454.xml -out dencryptedfile.xml -pass pass:V!4z!$3YvmYs5e -salt -md sha256 -pbkdf2 -iter 500000
openssl enc -d -a -aes-256-cbc -in config-pfSense.home.arpa-20240525205454.xml -out dencryptedfile.xml -pass pass:Vsudo -izDownloads/3YvmYs5e -salt -md sha256 -pbkdf2 -iter 500000
enc: Unknown cipher: izDownloads/3YvmYs5e
enc: Use -help for summary.
00BEC73FAE760000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (izDownloads/3YvmYs5e : 0), Properties (<null>)

There may be a more graceful way to do this since using an encryption password which contains a single quote will error out as well. The pfSense GUI doesn't seem to have this problem but affects Linux and presumably other systems where you can work with openssl directly like this.

Actions #1

Updated by Jim Pingle 3 months ago

  • Status changed from New to Closed
  • Assignee set to Jim Pingle
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF