Created
December 4, 2015 18:59
-
-
Save jmiserez/11a8aafeee9256645ac5 to your computer and use it in GitHub Desktop.
Decrypt files encrypted by xenvm_backup_encrypted.sh (https://gist.github.com/jmiserez/f7771d0c82455128839d)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# xenvm_decrypt_backup.sh | |
# | |
# Author: Jeremie Miserez <jeremie@miserez.org> | |
# Latest version: https://gist.github.com/jmiserez/11a8aafeee9256645ac5 | |
# | |
# This script will decrypt encrypted images generated by xenvm_backup_encrypted.sh, | |
# (https://gist.github.com/jmiserez/f7771d0c82455128839d), when given a .key.enc file | |
# and if all related files are in the same directory as the .key.enc file. | |
# | |
set -e | |
SCRIPT=$(readlink -f $0) | |
SCRIPTPATH=`dirname $SCRIPT` | |
SCRIPTNAME=$(basename "$SCRIPT") | |
if [ "$#" -lt 1 ] | |
then | |
echo "Usage: ./$SCRIPTNAME <*.key.enc>" | |
echo " e.g. ./$SCRIPTNAME mybackup.xva.gz.key.enc" | |
exit 1 | |
fi | |
MYBKUPNAME="$1" | |
MYPRIVATEKEY="$SCRIPTPATH/diagene_xenbackups_private_key.pem" | |
if [[ $MYBKUPNAME == *.key.enc ]] | |
then | |
echo "Processing ${MYBKUPNAME%.key.enc}.enc:" | |
echo " - encrypted key $MYBKUPNAME" | |
echo " - encrypted backup ${MYBKUPNAME%.key.enc}.enc" | |
echo " -> decrypting backup to ${MYBKUPNAME%.key.enc}" | |
else | |
echo "Filename must end with .key.enc!" | |
exit 1 | |
fi | |
echo "Verifying checksums." | |
md5sum -c "$MYBKUPNAME.md5" | |
md5sum -c "${MYBKUPNAME%.key.enc}.enc.md5" | |
echo "Decrypting symmetric session key to memory." | |
MYSYMMETRICKEY=`openssl rsautl -decrypt -inkey "$MYPRIVATEKEY" -in "$MYBKUPNAME"` | |
echo "Decrypting backup." | |
openssl enc -d -aes-256-cbc -in "${MYBKUPNAME%.key.enc}.enc" -out "${MYBKUPNAME%.key.enc}" -pass file:<( echo -n "$MYSYMMETRICKEY" ) | |
echo "Clearing decrypted symmetric session key from memory." | |
unset MYSYMMETRICKEY | |
echo "Done." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment