Skip to content

Instantly share code, notes, and snippets.

@jmiserez
Created December 4, 2015 18:59
Show Gist options
  • Save jmiserez/11a8aafeee9256645ac5 to your computer and use it in GitHub Desktop.
Save jmiserez/11a8aafeee9256645ac5 to your computer and use it in GitHub Desktop.
Decrypt files encrypted by xenvm_backup_encrypted.sh (https://gist.github.com/jmiserez/f7771d0c82455128839d)
#!/bin/bash
#
# xenvm_decrypt_backup.sh
#
# Author: Jeremie Miserez <jeremie@miserez.org>
# Latest version: https://gist.github.com/jmiserez/11a8aafeee9256645ac5
#
# This script will decrypt encrypted images generated by xenvm_backup_encrypted.sh,
# (https://gist.github.com/jmiserez/f7771d0c82455128839d), when given a .key.enc file
# and if all related files are in the same directory as the .key.enc file.
#
set -e
SCRIPT=$(readlink -f $0)
SCRIPTPATH=`dirname $SCRIPT`
SCRIPTNAME=$(basename "$SCRIPT")
if [ "$#" -lt 1 ]
then
echo "Usage: ./$SCRIPTNAME <*.key.enc>"
echo " e.g. ./$SCRIPTNAME mybackup.xva.gz.key.enc"
exit 1
fi
MYBKUPNAME="$1"
MYPRIVATEKEY="$SCRIPTPATH/diagene_xenbackups_private_key.pem"
if [[ $MYBKUPNAME == *.key.enc ]]
then
echo "Processing ${MYBKUPNAME%.key.enc}.enc:"
echo " - encrypted key $MYBKUPNAME"
echo " - encrypted backup ${MYBKUPNAME%.key.enc}.enc"
echo " -> decrypting backup to ${MYBKUPNAME%.key.enc}"
else
echo "Filename must end with .key.enc!"
exit 1
fi
echo "Verifying checksums."
md5sum -c "$MYBKUPNAME.md5"
md5sum -c "${MYBKUPNAME%.key.enc}.enc.md5"
echo "Decrypting symmetric session key to memory."
MYSYMMETRICKEY=`openssl rsautl -decrypt -inkey "$MYPRIVATEKEY" -in "$MYBKUPNAME"`
echo "Decrypting backup."
openssl enc -d -aes-256-cbc -in "${MYBKUPNAME%.key.enc}.enc" -out "${MYBKUPNAME%.key.enc}" -pass file:<( echo -n "$MYSYMMETRICKEY" )
echo "Clearing decrypted symmetric session key from memory."
unset MYSYMMETRICKEY
echo "Done."
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment