I was hoping to examine the contents of my repository.
Can openssl natively decode the aes-256-ctr/poly1305 encoded files that restic produces? If so, could you provide an example command-line?
If openssl cannot read the poly1305 signature, could you help with an openssl command line to decrypt the ciphertext?
I think this will read the IV in the config file: hexdump -n 16 -ve '1/1 "%.2x"' config
I think this will read the ciphertext from the config file: tail -c +16 config | head -c -16
The restic repository format is well laid out in the docs. I successfully followed it and hacked up my own Python script to decrypt and inspect blobs. But anything more complex than that, you’ll find yourself basically re-implementing restic logic, and might as well just use restic itself.
For anyone else who might stumble on this thread in the future and who is looking to decrypt repository contents from the command-line without using the client, I’ve been partially successful.
Step one: Obtain the AES encryption key. Currently I use the client for this.
The command-line below will:
extract several master keys from the repository
select the AES encryption key
convert that key from base64 to hexadecimal and output it to stdout
Step two: Once you have the AES key in hex format, you can feed it to openssl to decrypt restic packfiles. Note that this approach ignores the poly1305 digital signature.
The following command line will:
extract the ciphertext from the packfile
extract the IV a packfile and convert it to hexadecimal format
call openssl to decrypt the ciphertext into plaintext (using the IV and the AES key from step one)