Todo #15521: Add alert to use single quotes as escape characters when decrypting config.xml using OpenSSL on command line - pfSense Docs - pfSense bugtracker

Actions

Copy link

Todo #15521

closed

Add alert to use single quotes as escape characters when decrypting config.xml using OpenSSL on command line

Added by Chris W 6 months ago. Updated about 2 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Jim Pingle

Category:

Backup / Restore

Target version:

Start date:

Due date:

% Done:

100%

Estimated time:

Description

https://docs.netgate.com/pfsense/en/latest/backup/restore.html#encrypted-configuration-files

A password such as V!4z!$3YvpYs5e will need single quotes surrounding it or an error is returned. Version is OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023).

openssl enc -d -a -aes-256-cbc -in config-pfSense.home.arpa-20240525205454.xml -out dencryptedfile.xml -pass pass:V!4z!$3YvmYs5e -salt -md sha256 -pbkdf2 -iter 500000
openssl enc -d -a -aes-256-cbc -in config-pfSense.home.arpa-20240525205454.xml -out dencryptedfile.xml -pass pass:Vsudo -izDownloads/3YvmYs5e -salt -md sha256 -pbkdf2 -iter 500000
enc: Unknown cipher: izDownloads/3YvmYs5e
enc: Use -help for summary.
00BEC73FAE760000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (izDownloads/3YvmYs5e : 0), Properties (<null>)

There may be a more graceful way to do this since using an encryption password which contains a single quote will error out as well. The pfSense GUI doesn't seem to have this problem but affects Linux and presumably other systems where you can work with openssl directly like this.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Docs

Todo #15521

Add alert to use single quotes as escape characters when decrypting config.xml using OpenSSL on command line

Updated by Jim Pingle about 2 months ago