{"id":18601956,"url":"https://github.com/coonrad/cfcrypt","last_synced_at":"2025-05-16T17:34:21.057Z","repository":{"id":246303547,"uuid":"820692197","full_name":"coonrad/cfcrypt","owner":"coonrad","description":"A utility that handles the encryption and decryption of pfSense configuration files.","archived":false,"fork":false,"pushed_at":"2024-06-27T02:22:05.000Z","size":5,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-18T01:37:05.566Z","etag":null,"topics":["configuraiton","decryption","encryption","pfsense","shell","utility"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/coonrad.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-27T01:53:25.000Z","updated_at":"2024-06-27T02:22:09.000Z","dependencies_parsed_at":null,"dependency_job_id":"14d759a3-e0c2-4a89-80ae-b563a12599ac","html_url":"https://github.com/coonrad/cfcrypt","commit_stats":null,"previous_names":["coonrad/cfcrypt"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coonrad%2Fcfcrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coonrad%2Fcfcrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coonrad%2Fcfcrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coonrad%2Fcfcrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/coonrad","download_url":"https://codeload.github.com/coonrad/cfcrypt/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254576751,"owners_count":22094449,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["configuraiton","decryption","encryption","pfsense","shell","utility"],"created_at":"2024-11-07T02:09:50.607Z","updated_at":"2025-05-16T17:34:21.052Z","avatar_url":"https://github.com/coonrad.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cfcrypt\n\n**cfcrypt** is a utility that handles the variation of openssl encryption settings used to encrypt and decrypt pfSense configuration files. The details are documented here: [Encrypted Configuration files](https://docs.netgate.com/pfsense/en/latest/backup/restore.html#encrypted-configuration-files)\n\nThere are three methods:\n\n- **current**: aes-256-cbc / sha256 / pbkdf2 / iterations 500000\n- **old**: aes-256-cbc / sha256 / pbkdf2 / iterations default\n- **deprecated**: aes-256-cbc / md5\n\nThe openssl commands can be cumbersome, especially if you don't know the encryption method. You can decrypt the config on the firewall:\n\n```bash\npfSsh.php playback cryptconfig decrypt config-encrypted.xml config-decrypted.xml\n```\n\nThe tool will try to decrypt the file with the current openssl settings, it will then move to old, and then deprecated. If it fails to decrypt the file it will assume the password is wrong. To encrypt files pass the `-e` flag. Files will be encrypted with the current settings `-md sha256 -pbkdf2 -iter 500000`.\n\n## Installation\nClone this repo (or copy the script file) to your system.\nMake the script executable `chmod +x cfcrypt`.\nMove the file somewhere in your $PATH like `~/bin` or `~/.local/bin`.\n\n## Usage\n\n```bash\nUsage:\n\nDecrypt (default)\n  cfcrypt encrypted-config.xml\n\nEncrypt\n  cfcrypt -e config.xml\n```\n\n## Notes\n\nTested on macOS, Debian, FreeBSD, pfSense. Let me know of any issues.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcoonrad%2Fcfcrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcoonrad%2Fcfcrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcoonrad%2Fcfcrypt/lists"}