Hi lads,
Having a wee bit of bother decrypting a dump before a restore following
a 4.0 -> 4.1 migration on i386. Different box, same hardware apart from
a bigger disk.
I've decrypted and restored successfully before and not had any probs,
but was on the same 4.0 box. Could host keys be the issue? Searching
shows me I have the wrong pass phrase, see below:
<[EMAIL PROTECTED] /home 0># ls -l /var/dumpster/spool/teak/_home_0*
-rw-r--r-- 1 root wheel 513409024 Aug 24 04:18
/var/dumpster/spool/teak/_home_0_Year.dump.gz.crypto
-rw-r--r-- 1 root wheel 101 Aug 24 04:19
/var/dumpster/spool/teak/_home_0_Year.dump.gz.crypto.digest
<[EMAIL PROTECTED] /home 0># sha1
/var/dumpster/spool/teak/_home_0_Year.dump.gz.crypto
SHA1 (/var/dumpster/spool/teak/_home_0_Year.dump.gz.crypto) =
6cfb01a847e97608cf5fe6767ee3272fab39c0f5
<[EMAIL PROTECTED] /home 0># cat
/var/dumpster/spool/teak/_home_0_Year.dump.gz.crypto.digest
SHA1 (/var/dumpster/tmp/teak/_home_0_Year.dump.gz.crypto) =
6cfb01a847e97608cf5fe6767ee3272fab39c0f5
<[EMAIL PROTECTED] /home 1># openssl enc -bf -d -salt \
-pass file:/etc/dumpster/teak.dumpster_slices.conf.passwd \
-in /var/dumpster/spool/teak/_home_0_Year.dump.gz.crypto \
-out /var/dumpster/spool/teak/_home_0_Year.dump.gz
bad decrypt
14574:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
decrypt:/usr/src/lib/libssl/src/crypto/evp/evp_enc.c:509:
<[EMAIL PROTECTED] /home 0># ls -l /var/dumpster/spool/teak/_home_0_Year.dump.gz
-rw-r--r-- 1 root wheel 513409000 Aug 27 08:48
/var/dumpster/spool/teak/_home_0_Year.dump.gz
Have a go anyway and see what comes out in the wash:
<[EMAIL PROTECTED] /home 0># gunzip
/var/dumpster/spool/teak/_home_0_Year.dump.gz
<[EMAIL PROTECTED] /home 0># ls -l /var/dumpster/spool/teak/_home_0_Year.dump
-rw-r--r-- 1 root wheel 639454657 Aug 27 08:57
/var/dumpster/spool/teak/_home_0_Year.dump
<[EMAIL PROTECTED] /home 0># restore rf
/var/dumpster/spool/teak/_home_0_Year.dump
./a-user/some/file: (inode 20743) not found on tape
Mount tape volume 2
Enter ``none'' if there are no more tapes
otherwise enter tape name (default:
/var/dumpster/spool/teak/_home_0_Year.dump) none
Warning: End-of-input encountered while extracting ./a-user/another/file
bad entry: incomplete operations
name: ./a-user/some/thing/else.pdf
parent name ./a-user/some/thing
entry type: LEAF
inode number: 46871
flags: NEW
abort? [yn] y
dump core? [yn] n
<[EMAIL PROTECTED] /home 0># rm -rf /home/*
I found this, which suggests a bad password:
http://www.eecis.udel.edu/wiki/ececis-docs/index.php/FAQ/Applications#toc22
To decrypt (notice the -d for decryption) the file created in the
previous example do the following:
% openssl enc -d -in ciphertextout -out outputfile -aes256
enter aes-256-cbc decryption password:
If the password is correct the plaintext will appear in outputfile. Be
sure to delete or protect this file when done. At all times also make
sure that standard permissions would not allow someone to read the
plaintext file.
If an incorrect password is enter something like this will be displayed:
bad decrypt
11044:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
decrypt:evp_enc.c:450:
<[EMAIL PROTECTED] /home 0># cat /etc/dumpster/teak.dumpster_slices.conf.passwd
Super secret phrase
<[EMAIL PROTECTED] /home 0># openssl enc -bf -d -salt \
> -in /var/dumpster/spool/teak/_home_0_Year.dump.gz.crypto \
> -out /var/dumpster/spool/teak/_home_0_Year.dump.gz
enter bf-cbc decryption password:Super secret phrase
bad decrypt
5368:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
decrypt:/usr/src/lib/libssl/src/crypto/evp/evp_enc.c:509:
The pass phrase is over 100 characters long, includes UPPER and lower
letters, digits, and symbols including > ; and others. Could this be the
cause?
TIA for any pointers.
--
========================================================
Craig Skinner [EMAIL PROTECTED]
Phone +44 (0) 1506 673024 5-digit shortdial:x73024
Sun Remote Support Centre, Linlithgow, Scotland, UK
========================================================
