Manual backup encryption

Wolfgangthegreat

Hello,

At https://docs.netgate.com/pfsense/en/latest/backup/configuration.html it is written that encrypted manual backup files are encrypted using AES-256.

Is there a tool to decrypt them offline? (assuming, of course, that I have the password) (I'm using Windows)

I also did a small test, I did two manual backups: One without encryption and one with encryption.
Then I used a local app to encrypt the plain text file with AES-256, with the same password I used to do encrypted backup via pfSense - but the format of the file looks very different from the one of the encrypted file from pf.

PF encrypted backup output start like:
"
---- BEGIN config.xml ----
U2FsdGVkX19FwltB4M2tvcgaVxFq1mQ80m27XQrHFcM9UBxy714phpgso5VEl7z8
l67qs6lod/dlrqlU8voA58sSJSOYk6vws3rE3u3MVdUCXgpGOdH3UHFa3DOdZqfE
"

The locally encrypted file from the plain text backup looks like that at the start of it:
"
PK3 A(
0 ׳ל0Le¼lmֱב¿¨  f

@ˆ ׃?ֲ‹״הmנ)­o}‹°ֵ{Eֻˆq>Pר‚<u%ל5m &ֽu
¾ysמ½®ם)1ˆ½‎ת
ך‎hIj‹‘†ַםbת×׃§ױ…כ בŽ׃.4ֲ‰.׃בs(¨ˆ‡\>ְ±Pץָי^‡ְֶœֳ”­;ZŸŒ0<÷´.G^  ָHֺX6pƒ¿n×₪–סrW mֳo¨E•wI3ןg¨dqF שה“´%r˜‏ב°1ִ=ׂ'@ַ ‎ׂ¯$+o"¬₪ֶLנץטץֻD׀ב91¥Š¬ׁֲ@‹¬½o3­ץBִ
˜¥Ž”ֻC}Œgš46Cw׳¾ִŽ#k¸¾oLױ׳0}ָQ״ק₪zקלׂ£œpד‘Yשִװדֱן—„9AX^ס«y='ˆ÷œׁIA½d“4»L׃¥ֱ—נdֶµ¯@¼ֳ†ן_¾¨pRִ”Fע)/Jj[
9ן!ˆ׳±yet~G¼»׀!XjšpZ5wקszׁ"
8ג~>₪ײהFFגכ‰?דס׃ַ(ƒ(ו”3Oˆֵ,[‘hGCg!
(Vv"D‘bףX₪,8frִתתJ_fµיZ/׃ּט5 rx9ֳ²ֶש‎¬ֶ·j}QwS´מֹ­<tהƒךר÷›ּM€םE>;c״~Iי¸ְ8
VdŠ9ױkב[ף²O4ׂ[,9הg7‚ ׁ²´v=0נװt·T;-­תֱU;[ע2Xמ‎JT8ע„g´pֶָn2`¨b&avזƒיq-V|rTך$¹Uַכ'Švכhב!ֹXע¦ז»PװuD7״;|=
־i¸°׃ֻ§šC¹}ו3³’צ]
"

stephenw10

You can using openssl, though I've never tried it in Windows:
https://docs.netgate.com/pfsense/en/latest/backup/restore.html#encrypted-configuration-files

Steve