Is it possible to decrypt restic files from the command line?

I was hoping to examine the contents of my repository.

Can openssl natively decode the aes-256-ctr/poly1305 encoded files that restic produces? If so, could you provide an example command-line?

If openssl cannot read the poly1305 signature, could you help with an openssl command line to decrypt the ciphertext?

I think this will read the IV in the config file: hexdump -n 16 -ve '1/1 "%.2x"' config
I think this will read the ciphertext from the config file: tail -c +16 config | head -c -16

So I tried:

tail -c +16 config | head -c -16 | openssl aes-256-ctr -pass file:/myresticdir/.password -iv `hexdump -n 16 -ve '1/1 "%.2x"' config` -d

but I get the dreaded bad magic number message.

You are probably looking for the restic cat command. See restic help cat.

1 Like

restic cat is very helpful and does most of what I’d like.

However, despite the instructions in the design document, restic cat tree does not seem to be supported.

Perhaps there is a similar or alternative command? Or a general method to unpack objects in the repository?

after some experimentation, it seems that restic cat tree has been deprecated, but restic cat blob can be successfully invoked with the tree id.

Still, it would be nice to be able to inspect the repository without relying upon the client.

1 Like

I’m not sure I agree with this point.

“It would be nice to be able to inspect the repository without using the tool designed to inspect the repository.


1 Like

The restic repository format is well laid out in the docs. I successfully followed it and hacked up my own Python script to decrypt and inspect blobs. But anything more complex than that, you’ll find yourself basically re-implementing restic logic, and might as well just use restic itself.

1 Like

For anyone else who might stumble on this thread in the future and who is looking to decrypt repository contents from the command-line without using the client, I’ve been partially successful.

Step one: Obtain the AES encryption key. Currently I use the client for this.

The command-line below will:

  • extract several master keys from the repository
  • select the AES encryption key
  • convert that key from base64 to hexadecimal and output it to stdout
restic -r /path/to/repo cat masterkey | jq -r .encrypt | base64 -d | xxd -p -c32

Step two: Once you have the AES key in hex format, you can feed it to openssl to decrypt restic packfiles. Note that this approach ignores the poly1305 digital signature.

The following command line will:

  • extract the ciphertext from the packfile
  • extract the IV a packfile and convert it to hexadecimal format
  • call openssl to decrypt the ciphertext into plaintext (using the IV and the AES key from step one)
cat packfile | head -c -16 | tail -c +17 | openssl aes-256-ctr -d -iv `cat packfile | head -c 16 | xxd -p` -K aes-encryption-key-in-hex