He of the long foot
- May 13, 2015
How did you encrypt the tarball? On FreeBSD 12+, the script should be using this command (line 112 in save_config_enc.sh), which includes the -pbkdf2 and -iter options:Finally got the time to get into this.
Thanks for the fix. I didn't test the new script yet because I started to go thru your script to understand it and I tried manually to make a tarball, encrypt it and then decrypt it.
Encryption went fine but when I tried to decrypt I got this error:
Code:*** WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better. bad decrypt 34371117056:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:/truenas-releng/freenas/_BE/os/crypto/openssl/crypto/evp/evp_enc.c:583:
... and no decryption. I tried to troubleshoot the command on the Github page for decryption but couldn't get it to work.
openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 128000 -salt -S "$(openssl rand -hex 8)" -pass file:"$enc_passphrasefile" -in "$fnconfigtarball" -out "$fnconfigtarballenc"