Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fitful
New Contributor

decrypt file configuration

Hello, I have encrypted backup configuration and I know the password. I would like to decode only the configuration file to check some settings - is it possible without uploading the configuration on the device? From what I have found that the file is encrypted with AES128

5 REPLIES 5
emnoc
Esteemed Contributor III

I would like to know how you found that out? I too was running into the same issue. I believe the encryption key is some hash of the encrypted password that you present during the backup.

 

Keep us posted on what you find, TAC told me there was no way to extract.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
GusTech
Contributor II

fitful wrote:

From what I have found that the file is encrypted with AES128

Are you absolutely sure?

Fortigate <3

Fortigate <3
AndreaSoliva
Contributor III

Hi

 

confirm now way to encrypt locally out of the scratch. Keep in mind that if that would be possible your backup which is encrypted is nonsens if somebody would get you backup file. This is the reason YOU CAN'T ENCRYPT. Of course probably there is a way but of course not comunicated by TAC and of course not a standard way.

 

At least I have to say "it works as designed" :)

 

hope this helps

 

have fun

 

Andrea

GusTech

AndreaSoliva wrote:

Keep in mind that if that would be possible your backup which is encrypted is nonsens if somebody would get you backup file. This is the reason YOU CAN ENCRYPT. 

It's ok.. However, when we know the password to our own files.. It would be really nice with some more info on what is used.

Fortigate <3

Fortigate <3
emnoc
Esteemed Contributor III

FWIW

 

This is why pgp/openssl comes in handy. You can always execute backup and then encrypted the cfg file for additional security using your own define encryption method. This also allow for you to exch the file with other security associates  with out concern for risk and modifications.

 

This also allows you to remove the encryption to review a backup file B4 restoral of if you need to diff various backup from current cfg to previous past.

 

Using the unknown encryption method vrs a known method and with your own key/passphrase.... the latter is more acceptable imho.

 

just my 2cts

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors