Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7914
Views
0
Helpful
4
Replies

How to decrypt the backup file

Go to solution
Lance Wendel
Level 1
Level 1

‎03-25-2014 06:40 AM - edited ‎03-10-2019 09:34 PM

Hi all,

 

I need to find out how to decrypt the backup file(ACS 5.3) on the desktop. Below is relevant to once you import the file to restore. However my issue is to extract the file to your desktop

============================================================

ACS Backup Encryption

ACS backup is now encrypted using a dynamic encryption password. The user is prompted for an encryption password while performing a backup operation. ACS encrypts only the ACS data using a dynamic encryption key. The CARS and ACS view data are encrypted using a static key. Therefore ACS prompts for an encryption password when you run a backup that contains ACS data. The user is prompted for a decryption password while restoring a backup that contains ACS data.

When you run a full backup in ACS, ACS uses the static key to encrypt the CARS and ACS data and makes a .gpg file whereas the ACS backup data is saved inside this .gpg file as a separate .gpg file using the dynamic encryption password. When you restore the full backup, ACS prompts for the decryption password to decrypt the ACS backup data. ACS decrypts the CARS data and ACS view data using the static key.

The encryption password should have:

  • a minimum of 8 characters
  • not more than 32 characters
  • at least one upper case letter.
  • at least one lower case letter.

Special characters are allowed except "`", "$", "(", and ")". ACS displays the password policy if the entered password does not meet the password requirements.

===========================================================

for the people who would ask "why I want to do this" : this is related policy check password standardization

 

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni

‎03-25-2014 10:44 PM

Hi,

I can only think about one way to get your files, that is to restore the file to a temp ACS server then generate a backup that is not encrypted.

I would say we can decrypt the file on your desktop if we know the method that has been used to encrypt it. I think this information is not provided anywhere in cisco doc.

 

Regards,

 

Amjad

Rating useful replies is more useful than saying "Thank you"

View solution in original post

0 Helpful

Go to solution
kaaftab
Level 4
Level 4

‎03-26-2014 03:40 AM

I would suggest to search for the decryption tool (open source) and decrypt it but try to match with the ACS encryption process that information is not easly available or public

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni

‎03-25-2014 10:44 PM

Hi,

I can only think about one way to get your files, that is to restore the file to a temp ACS server then generate a backup that is not encrypted.

I would say we can decrypt the file on your desktop if we know the method that has been used to encrypt it. I think this information is not provided anywhere in cisco doc.

 

Regards,

 

Amjad

Rating useful replies is more useful than saying "Thank you"
0 Helpful

Go to solution
Lance Wendel
Level 1
Level 1
In response to Amjad Abdullah

‎03-26-2014 04:28 AM

Guys,

 

Thanks for the answer, both replies are valid. I found a tool to decrypt the backup file "GnuPG"

 

with regard to Amjad reply

"I can only think about one way to get your files, that is to restore the file to a temp ACS server then generate a backup that is not encrypted"

 

how can I export the backup file unencrypted from the temp ACS. I had a look and couldn’t see any way of doing this.

I had to add: customer stated, when the backup file is auto backed up it doesn’t ask for a password. And he is not aware of this as this job is done by Cronus.

any idea?

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to Lance Wendel

‎03-26-2014 07:26 AM

I guess you could also use cryptophane to decrypt it.

To back up an ACS configuration (not including the ADE OS data), use the acs backup command in the EXEC mode. This doesn't need encryption.

acs backup backup-filename repository repository-name

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-3/command/reference/cli/cli_app_a.html#wp1886805

 

Hope this helps.

Regards,

Jatin Katyal

*Do rate helpful posts*

~Jatin
0 Helpful

Go to solution
kaaftab
Level 4
Level 4

‎03-26-2014 03:40 AM

I would suggest to search for the decryption tool (open source) and decrypt it but try to match with the ACS encryption process that information is not easly available or public

0 Helpful
Customers Also Viewed These Support Documents