Encrypt/Decrypt using OpenSSL on Linux
Posted on 2013-01-23
I am trying to setup scripts to encrypt a backup in a tarball to a tape drive and then read the tape and/or restore the data and I am getting errors.
I am running under Ubuntu Server 6.06 and using OpenSSL version 0.9.8a. I am logged in as root user.
I created a script with the following command to backup data to tape:
tar cvf - -T $FILELIST | openssl enc -aes-256-cbc -salt -pass pass:A1b2C3d4E5f6 | dd of=/dev/st0 obs=512 conv=sync
note $FILELIST is location of file containg what is to be backed up
I created a script with the following command to read the contents of the backup tape:
dd if=/dev/st0 | openssl enc -d -aes-256-cbc -pass pass:A1b2C3d4E5f6 | tar tvf -
I created a script with the following command to restore the contents of the backup tape:
dd if=/dev/st0 | openssl enc -d -aes-256-cbc -pass pass:123456 | tar xvf -
The backup runs without any errors.
If I run the tape read or tape restore scripts, the process runs and either displays all the files that were backup or restores all the files correctly, but gives me the following error:
bad decrypt 9670:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:454:
Everything seems to have worked correctly but I receive the error each time. I have tried this just using the encryption directly to a file without the tape drive and there is not error on read or restore. It seems to be a tape issue. Is it possible that it is trying to decrypt a block at the end of the tapes that are not really part of the tar?
Any help is appreciated.