Encrypt and decrypt with openssl

extremist

New Member
Credits
11
Hello. I have a problem with decrypt our backup.
I use this commands to encrypt

Code:
date=$(date +"%Y-%m-%d")
tar -zcvf /var/sshfs/bac/named_$date.tar.gz /var/named
gzip < /etc/named.conf > /var/sshfs/bac/named.conf_$date.gz
tar -zcvf /var/sshfs/back/dns1_$date.tar.gz /var/sshfs/bac
openssl enc -aes-256-cbc -salt -in /var/sshfs/back/* -out /var/sshfs/backup/dns1_$date.gz.enc -k bgm$wmd:f%msx23_4
Code:
[[email protected] ~]#  openssl enc -aes-256-cbc -d -in dns1_2021-03-22.gz.enc -out dns1_2021-03-22.gz -k bgm$wmd:f%msx23_4
 bad decrypt
140665132689296:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:592:
What wrong with it ?
 


wizardfromoz

Super Moderator
Staff member
Gold Supporter
Credits
13,622
Moving this to Linux Security

Wizard
 

JasKinasis

Well-Known Member
Credits
5,977
Try to use password without character '$'.
I think, that bash interpreted this as variable "$wmd" (or something like that).
This is true, the shell would have interpreted everything after the $ as a variable-name.
But you don't need to exclude the $ from the password.
What you can do is enclose the password in single quotes, then the password becomes a string literal. Any special characters in it, like the $ will not be interpreted and will be treated as literal characters.
e.g.
Code:
-k 'bgm$wmd:f%msx23_4'
This is probably the cleanest fix.

There is another way, and that would be to escape any special characters with a backslash.
e.g.
escaping the $ character with a backslash to make it a literal:
Code:
-k bgm\$wmd:f%msx23_4
Or with double quotes and an escape:
Code:
-k "bgm\$wmd:f%msx23_4"
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Members online


Top