Is it possible to decrypt a file encrypted with the AES encryption module, at the command line? e.g. Using openssl?

Background:

  • I'm using AES Encryption together with Backup Migrate.
  • When I restore an encrypted backup on the site that it was created, everything works.
  • When I try to restore the same backup on a recent copy of the original site (with the same key file), it fails with a message indicating a corrupt SQL file.
  • Backup migrate encypts the file like so: $data = aes_encrypt($data, FALSE) and similarly decrypts: $data = aes_decrypt($data, FALSE)

I would like to decrypt the file at the command line just to prove that to myself that the file is recoverable without me having to do any programming. Would I need anything other than the key file?

Comments

dpovshed’s picture

dpovshed CreditAttribution: dpovshed commented

I'd suggest you to briefly take a look at this topic: #677756: Coordinate with perl module . There are some info about passing key through some hashfunction before using.

Referenced topic is dated a few years ago, so it might be not really actual, but we still have decoding in the aes_decrypt function, at the end of the day it narrows to fragments

    $phpsec = new Crypt_AES();
    $phpsec->setKey($key);
    $decrypted = $phpsec->decrypt($string);

or

      mcrypt_generic_init($td, $key, $iv);
      $decrypted = mdecrypt_generic($td, $string);
      mcrypt_generic_deinit($td);

depending of used library.

So just writing a few tests might help you.

In brief, if I had a needs like you have I would try the following:
1) Try to use perl scripts from referenced topics;
2) Try to use openssl following any avaliavle recommendation like this one;
3) maybe implemented a drush command which allows me to decrypt/encrypt from commandline.

Not sure was it helpful or not, anyway, when you solve this - please post your solution here to help others, thanks!

crantok’s picture

crantok CreditAttribution: crantok commented
Status: Active » Fixed

Thanks for pointing me at that PERL topic dpovshed. Now I understand the steps involved. I may pursue that but my focus has changed.

I noticed from the code you included that mcrypt requires $iv in its initialisation (which phpsec does not seem to do.) I had a poke around and ended up using the Devel module variable editor to copy the initialisation vector (my knowledge about encryption has increased drastically in 24 hours :) ! ) from the live site to my local dev site. It worked! Backup migrate module can now import AES encrypted backups.

Thank you :)

dpovshed’s picture

dpovshed CreditAttribution: dpovshed commented

I am happy to hear that, @crantok! :)

Discovering the tpic with PERL was not so hard, never underestimate power of search - simple lookup across this module issues gives me the only result - see https://drupal.org/project/issues/aes?text=command+line+decrypt&status=All

I am not so deep in encryption, but I have feeling your message contains enough info for those who may have need to repeat your achievement. Thanks for sharing!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

ranelpadon’s picture

ranelpadon CreditAttribution: ranelpadon as a volunteer commented

For those wanting to decrypt the AES-encrypted backup files via terminal and not using the Drupal Admin UI (which is not possible when site is down), we ended up creating a stand-alone, custom PHP script that could be run in terminal. Our custom script successfully decrypted the files. See details here: http://dropbucket.org/node/9160.