https://github.com/coonrad/cfcrypt
A utility that handles the encryption and decryption of pfSense configuration files.
https://github.com/coonrad/cfcrypt
configuraiton decryption encryption pfsense shell utility
Last synced: about 1 year ago
JSON representation
A utility that handles the encryption and decryption of pfSense configuration files.
- Host: GitHub
- URL: https://github.com/coonrad/cfcrypt
- Owner: coonrad
- License: mit
- Created: 2024-06-27T01:53:25.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-06-27T02:22:05.000Z (about 2 years ago)
- Last Synced: 2025-02-18T01:37:05.566Z (over 1 year ago)
- Topics: configuraiton, decryption, encryption, pfsense, shell, utility
- Language: Shell
- Homepage:
- Size: 4.88 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# cfcrypt
**cfcrypt** is a utility that handles the variation of openssl encryption settings used to encrypt and decrypt pfSense configuration files. The details are documented here: [Encrypted Configuration files](https://docs.netgate.com/pfsense/en/latest/backup/restore.html#encrypted-configuration-files)
There are three methods:
- **current**: aes-256-cbc / sha256 / pbkdf2 / iterations 500000
- **old**: aes-256-cbc / sha256 / pbkdf2 / iterations default
- **deprecated**: aes-256-cbc / md5
The openssl commands can be cumbersome, especially if you don't know the encryption method. You can decrypt the config on the firewall:
```bash
pfSsh.php playback cryptconfig decrypt config-encrypted.xml config-decrypted.xml
```
The tool will try to decrypt the file with the current openssl settings, it will then move to old, and then deprecated. If it fails to decrypt the file it will assume the password is wrong. To encrypt files pass the `-e` flag. Files will be encrypted with the current settings `-md sha256 -pbkdf2 -iter 500000`.
## Installation
Clone this repo (or copy the script file) to your system.
Make the script executable `chmod +x cfcrypt`.
Move the file somewhere in your $PATH like `~/bin` or `~/.local/bin`.
## Usage
```bash
Usage:
Decrypt (default)
cfcrypt encrypted-config.xml
Encrypt
cfcrypt -e config.xml
```
## Notes
Tested on macOS, Debian, FreeBSD, pfSense. Let me know of any issues.