#2053 Issue closed: decrypt backup.tar.gz

Labels: support / question, fixed / solved / done, external tool, not ReaR / invalid

blagodarno opened issue at 2019-02-26 12:40:

I'm testing with rear 2.3 on OpenSuSe 15

I'm using the following config:

BACKUP=NETFS
OUTPUT=ISO
BACKUP_URL=file:///mnt/sata/
BACKUP_PROG_CRYPT_ENABLED=1 
BACKUP_PROG_CRYPT_KEY=”secretkey”
NETFS_KEEP_OLD_BACKUP_COPY=Y
BACKUP_PROG_EXCLUDE=( ${BACKUP_PROG_EXCLUDE[@]} '/mnt/*' ) 
MODULES_LOAD=( )                                                                                                       
POST_RECOVERY_SCRIPT=(if\ snapper\ --no-dbus\ -r\ $TARGET_FS_ROOT\ get-config\ |\ grep\ -q\ "^QGROUP.*[0-9]/[0-9]"\ ;\ then\ snapper\ --no-dbus\ -r\ $TARGET_FS_ROOT\ set-config\ QGROUP=\ ;\ snapper\ --no-dbus\ -r\ $TARGET_FS_ROOT\ setup-quota\ &&\ echo\ snapper\ setup-quota\ done\ ||\ echo\ snapper\ setup-quota\ failed\ ;\ else\ echo\ snapper\ setup-quota\ not\ used\ ;\ fi)                                                                                                    
REQUIRED_PROGS=(snapper chattr lsattr ${REQUIRED_PROGS[@]})                                                            
COPY_AS_IS=(/usr/lib/snapper/installation-helper /etc/snapper/config-templates/default ${COPY_AS_IS[@]})

I successfully created backup.tar.gz.

What commands ( openssl ? ) can I use to decrypt and unzip this archive manually?

dcz01 commented at 2019-02-26 15:06:

Hello,
you can use the following commands to decrypt and unzip it manually:

show/search of files in an archiv:

dd if=<Pfad zum Archiv>/2016-09-03-0500-F.tar.gz | /usr/bin/openssl aes256 -d -k <password> | tar -tzvf - | grep site.conf

unzip of a single file:

dd if=<Pfad zum Archiv>/2016-09-03-0500-F.tar.gz | /usr/bin/openssl aes256 -d -k <password> | tar -C /root/recover -xzvf - root/rear/site.conf

unzip of a single file to his origin place:

dd if=<Pfad zum Archiv>/2016-09-03-0500-F.tar.gz | /usr/bin/openssl aes256 -d -k <passowrd> | tar -C / -xzvf - root/rear/site.conf

unzip all files with an special file ending:

dd if=<Pfad zum Archiv>/2016-09-03-0500-F.tar.gz | /usr/bin/openssl aes256 -d -k <password> | tar -C /root/recover -xzvf - '*.conf'

blagodarno commented at 2019-02-27 08:58:

Thanks for the answer.
But unfortunately it did not work:

dd if=backup.tar.gz | /usr/bin/openssl aes256 -d -k secretkey | tar -C /root/recover -xzvf - '*.conf'

gzip: stdin: not in gzip format
tar: Child died with signal 13
tar: Error is not recoverable: exiting now
error writing output file

dcz01 commented at 2019-02-27 09:27:

@blagodarno Well the problem is at two positions...
First you haven't used AES256 to encrypt your data, so you must use the default variables set in the default.conf of ReaR which is /usr/bin/openssl des3 -d -k.
And second you set as BACKUP_PROG_CRYPT_KEY=”secretkey” and to decrypt you use only secretkey.
This can't work because the password is then not correct...

@jsmeix Thanks for editing my first comment to something better ;-)

blagodarno commented at 2019-02-27 09:51:

ok!

dd if=backup.tar.gz | /usr/bin/openssl des3 -d -k "secretkey" | tar -C /root/recover -xzvf - '*.conf'

gzip: stdin: not in gzip format
tar: Child died with signal 13
tar: Error is not recoverable: exiting now
error writing output file

dcz01 commented at 2019-02-27 10:11:

@blagodarno Well then would i say that something went wrong at the backup time here.
Please look at the ReaR log and check for errors.

I use for my servers a config like that in the site.conf for full and incremental backup:

OUTPUT=ISO
OUTPUT_URL=file:///root/rear
BACKUP=NETFS
BACKUP_PROG=tar
BACKUP_PROG_CRYPT_ENABLED=1
BACKUP_PROG_CRYPT_KEY=<Password>
BACKUP_PROG_CRYPT_OPTIONS="/usr/bin/openssl aes256 -salt -k"
BACKUP_PROG_DECRYPT_OPTIONS="/usr/bin/openssl aes256 -d -k"
BACKUP_URL=cifs://<Servername>/<Sharename>
BACKUP_OPTIONS="cred=/etc/rear/cifs,sec=ntlmsspi"
BACKUP_TYPE=incremental
FULLBACKUPDAY="Sat"
BACKUP_PROG_EXCLUDE=( '/tmp/*' '/dev/shm/*' $VAR_DIR/output/\* '/opt/tivoli/tsm/rear/*' '/mnt/*' '/media/*' '/var/lib/pgsql/*/data/base/*' '/var/lib/pgsql/*/data/global/*' '/var/lib/pgsql/*/data/pg*/*' )

jsmeix commented at 2019-02-27 10:15:

@dcz01
my pleasure!

Cf. "For the (not so) fun of it:" in
https://github.com/rear/rear/pull/1977#issuecomment-441175204

Thank you for helping here because I myself
know basically nothing about this area.

dcz01 commented at 2019-02-27 10:18:

@jsmeix Ah well thanks.
No problem, i help where i can if i'm good in that materia.

jsmeix commented at 2019-04-26 09:38:

I think the issue was sufficiently answered above.


[Export of Github issue for rear/rear.]