jmiserez/xenvm_decrypt_backup.sh

## xenvm_decrypt_backup.sh
#!/bin/bash
#
# xenvm_decrypt_backup.sh
#
# Author: Jeremie Miserez <jeremie@miserez.org>
# Latest version: https://gist.github.com/jmiserez/11a8aafeee9256645ac5
#
# This script will decrypt encrypted images generated by xenvm_backup_encrypted.sh,
# (https://gist.github.com/jmiserez/f7771d0c82455128839d), when given a .key.enc file
# and if all related files are in the same directory as the .key.enc file.
#
set -e

SCRIPT=$(readlink -f $0)
SCRIPTPATH=`dirname $SCRIPT`
SCRIPTNAME=$(basename "$SCRIPT")

if [ "$#" -lt 1 ]
then
  echo "Usage: ./$SCRIPTNAME <*.key.enc>"
  echo "  e.g. ./$SCRIPTNAME mybackup.xva.gz.key.enc"
  exit 1
fi

MYBKUPNAME="$1"
MYPRIVATEKEY="$SCRIPTPATH/diagene_xenbackups_private_key.pem"

if [[ $MYBKUPNAME == *.key.enc ]]
then
 echo "Processing ${MYBKUPNAME%.key.enc}.enc:"
 echo " - encrypted key $MYBKUPNAME"
 echo " - encrypted backup ${MYBKUPNAME%.key.enc}.enc"
 echo "   -> decrypting backup to ${MYBKUPNAME%.key.enc}"
else
 echo "Filename must end with .key.enc!"
 exit 1
fi

echo "Verifying checksums."
md5sum -c "$MYBKUPNAME.md5"
md5sum -c "${MYBKUPNAME%.key.enc}.enc.md5"

echo "Decrypting symmetric session key to memory."
MYSYMMETRICKEY=`openssl rsautl -decrypt -inkey "$MYPRIVATEKEY" -in "$MYBKUPNAME"`
echo "Decrypting backup."
openssl enc -d -aes-256-cbc -in "${MYBKUPNAME%.key.enc}.enc" -out "${MYBKUPNAME%.key.enc}" -pass file:<( echo -n "$MYSYMMETRICKEY" )
echo "Clearing decrypted symmetric session key from memory."
unset MYSYMMETRICKEY
echo "Done."
	#!/bin/bash
	#
	# xenvm_decrypt_backup.sh
	#
	# Author: Jeremie Miserez <jeremie@miserez.org>
	# Latest version: https://gist.github.com/jmiserez/11a8aafeee9256645ac5
	#
	# This script will decrypt encrypted images generated by xenvm_backup_encrypted.sh,
	# (https://gist.github.com/jmiserez/f7771d0c82455128839d), when given a .key.enc file
	# and if all related files are in the same directory as the .key.enc file.
	#
	set -e

	SCRIPT=$(readlink -f $0)
	SCRIPTPATH=`dirname $SCRIPT`
	SCRIPTNAME=$(basename "$SCRIPT")

	if [ "$#" -lt 1 ]
	then
	echo "Usage: ./$SCRIPTNAME <*.key.enc>"
	echo " e.g. ./$SCRIPTNAME mybackup.xva.gz.key.enc"
	exit 1
	fi

	MYBKUPNAME="$1"
	MYPRIVATEKEY="$SCRIPTPATH/diagene_xenbackups_private_key.pem"

	if [[ $MYBKUPNAME == *.key.enc ]]
	then
	echo "Processing ${MYBKUPNAME%.key.enc}.enc:"
	echo " - encrypted key $MYBKUPNAME"
	echo " - encrypted backup ${MYBKUPNAME%.key.enc}.enc"
	echo " -> decrypting backup to ${MYBKUPNAME%.key.enc}"
	else
	echo "Filename must end with .key.enc!"
	exit 1
	fi

	echo "Verifying checksums."
	md5sum -c "$MYBKUPNAME.md5"
	md5sum -c "${MYBKUPNAME%.key.enc}.enc.md5"

	echo "Decrypting symmetric session key to memory."
	MYSYMMETRICKEY=`openssl rsautl -decrypt -inkey "$MYPRIVATEKEY" -in "$MYBKUPNAME"`
	echo "Decrypting backup."
	openssl enc -d -aes-256-cbc -in "${MYBKUPNAME%.key.enc}.enc" -out "${MYBKUPNAME%.key.enc}" -pass file:<( echo -n "$MYSYMMETRICKEY" )
	echo "Clearing decrypted symmetric session key from memory."
	unset MYSYMMETRICKEY
	echo "Done."