Hello, I have encrypted backup configuration and I know the password. I would like to decode only the configuration file to check some settings - is it possible without uploading the configuration on the device? From what I have found that the file is encrypted with AES128
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I would like to know how you found that out? I too was running into the same issue. I believe the encryption key is some hash of the encrypted password that you present during the backup.
Keep us posted on what you find, TAC told me there was no way to extract.
PCNSE
NSE
StrongSwan
fitful wrote:Are you absolutely sure?From what I have found that the file is encrypted with AES128
Fortigate <3
Hi
confirm now way to encrypt locally out of the scratch. Keep in mind that if that would be possible your backup which is encrypted is nonsens if somebody would get you backup file. This is the reason YOU CAN'T ENCRYPT. Of course probably there is a way but of course not comunicated by TAC and of course not a standard way.
At least I have to say "it works as designed" :)
hope this helps
have fun
Andrea
AndreaSoliva wrote:It's ok.. However, when we know the password to our own files.. It would be really nice with some more info on what is used.Keep in mind that if that would be possible your backup which is encrypted is nonsens if somebody would get you backup file. This is the reason YOU CAN ENCRYPT.
Fortigate <3
FWIW
This is why pgp/openssl comes in handy. You can always execute backup and then encrypted the cfg file for additional security using your own define encryption method. This also allow for you to exch the file with other security associates with out concern for risk and modifications.
This also allows you to remove the encryption to review a backup file B4 restoral of if you need to diff various backup from current cfg to previous past.
Using the unknown encryption method vrs a known method and with your own key/passphrase.... the latter is more acceptable imho.
just my 2cts
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.