Confirm that you have the right password for encrypted VCSA backups

VCSA 6.7 and 7.0 allow you to choose to encrypt backups:

It feels reassuring to see new daily backups appear on your NFS/FTP or SMB share. However, if you want to make sure that you have the right password for these backups without reconfiguring the schedule here is how you can do it.

Each time a new backup is being deposited on a share it lands in a new folder. Here are the files that each backup consists of:

Notice the “.enc” file extension. These files are being encrypted with AES256 algorithm. Move any file with .enc extension to a Linux VM and run the following command to decrypt it:

openssl aes-256-cbc -d -in file_of_your_choice.tar.gz.enc -out file_of_your_choice.tar.gz

At this point you need to supply the password. If it is correct, then a non-encrypted archive should be created in the same folder. If not, then an error message appears:

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.