Skip to content

Instantly share code, notes, and snippets.

@markwell-ch

markwell-ch/decrypt-pfsense-config.sh

Forked from JonathonReinhart/decrypt-pfsense-config.sh
Created December 21, 2020 09:23
Show Gist options
  • Save markwell-ch/9247e00e9ce91ebeca6984bf7bc611b1 to your computer and use it in GitHub Desktop.
Save markwell-ch/9247e00e9ce91ebeca6984bf7bc611b1 to your computer and use it in GitHub Desktop.
Download ZIP
Decrypt pfSense encrypted config backups
Raw
decrypt-pfsense-config.sh
#!/bin/bash
# Adapted from https://forum.netgate.com/topic/139561
set -o pipefail
if [[ $# -lt 1 ]]; then
echo "Usage: $(basename $0) <encrypted-config>"
exit 1
fi
inpath="$1"
tmpout="$(mktemp)"
cat "$inpath" \
| openssl enc -a -d -aes-256-cbc -md md5 \
> $tmpout
exitstatus=$?
if [[ $exitstatus -eq 0 ]]; then
cat $tmpout
fi
rm $tmpout
exit $exitstatus
@markwell-ch
Copy link
Author

from openssl enc manual page:

       -a  Base64 process the data. This means that if encryption is taking place the data is base64 encoded after encryption. If decryption is set then the input data is base64
           decoded before being decrypted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment