#749 Issue `closed`: Suppress or mask log message that shows the decrypting key on console during recover¶

Labels: enhancement, support / question, fixed / solved / done

pexus opened issue at 2016-01-02 21:42:¶

When using rear recover with a decrypting key, I did notice that during the recovery process, I see the following on the console that displays the decrypting archive key. Can this be disabled or masked. Showing the decrypting key is not a best practice from security stand point.

"Decrypting archive with key: XXXXXX"

pexus commented at 2016-01-02 21:44:¶

Version used was : Debian 8 - 1.17.2

gdha commented at 2016-01-04 10:19:¶

Could you show me the local.conf file (mask the key of course)?

pexus commented at 2016-01-08 15:58:¶

Sorry for the delay. I will work on posting the local.conf soon.

pexus commented at 2016-01-09 04:25:¶

Here is the local.conf I am using.¶

OUTPUT=USB
BACKUP=NETFS
BACKUP_URL=usb:///dev/disk/by-label/REAR-000
BACKUP_PROG_CRYPT_ENABLED=1
BACKUP_PROG_CRYPT_KEY="XXXXXX"
BACKUP_PROG_CRYPT_OPTIONS="/usr/bin/openssl aes-256-cbc -salt -k "
BACKUP_PROG_DECRYPT_OPTIONS="/usr/bin/openssl aes-256-cbc -d -k "
BACKUP_PROG_EXCLUDE=( '/tmp/' '/mnt/' '/var/tmp/ppsconfig/mnt/' '/dev/shm/' $VAR_DIR/output/* )

[Export of Github issue for rear/rear.]

#749 Issue closed: Suppress or mask log message that shows the decrypting key on console during recover¶