Encrypt and decrypt with openssl

extremist

New Member
Joined
Mar 22, 2021
Messages
1
Reaction score
0
Credits
11
Hello. I have a problem with decrypt our backup.
I use this commands to encrypt

Code:
date=$(date +"%Y-%m-%d")
tar -zcvf /var/sshfs/bac/named_$date.tar.gz /var/named
gzip < /etc/named.conf > /var/sshfs/bac/named.conf_$date.gz
tar -zcvf /var/sshfs/back/dns1_$date.tar.gz /var/sshfs/bac
openssl enc -aes-256-cbc -salt -in /var/sshfs/back/* -out /var/sshfs/backup/dns1_$date.gz.enc -k bgm$wmd:f%msx23_4

Code:
[root@v47154 ~]#  openssl enc -aes-256-cbc -d -in dns1_2021-03-22.gz.enc -out dns1_2021-03-22.gz -k bgm$wmd:f%msx23_4
 bad decrypt
140665132689296:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:592:

What wrong with it ?
 


Moving this to Linux Security

Wizard
 
Try to use password without character '$'.
I think, that bash interpreted this as variable "$wmd" (or something like that).
This is true, the shell would have interpreted everything after the $ as a variable-name.
But you don't need to exclude the $ from the password.
What you can do is enclose the password in single quotes, then the password becomes a string literal. Any special characters in it, like the $ will not be interpreted and will be treated as literal characters.
e.g.
Code:
-k 'bgm$wmd:f%msx23_4'
This is probably the cleanest fix.

There is another way, and that would be to escape any special characters with a backslash.
e.g.
escaping the $ character with a backslash to make it a literal:
Code:
-k bgm\$wmd:f%msx23_4
Or with double quotes and an escape:
Code:
-k "bgm\$wmd:f%msx23_4"
 


Top