03-25-2014 06:40 AM - edited 03-10-2019 09:34 PM
Hi all,
I need to find out how to decrypt the backup file(ACS 5.3) on the desktop. Below is relevant to once you import the file to restore. However my issue is to extract the file to your desktop
============================================================
ACS Backup Encryption
ACS backup is now encrypted using a dynamic encryption password. The user is prompted for an encryption password while performing a backup operation. ACS encrypts only the ACS data using a dynamic encryption key. The CARS and ACS view data are encrypted using a static key. Therefore ACS prompts for an encryption password when you run a backup that contains ACS data. The user is prompted for a decryption password while restoring a backup that contains ACS data.
When you run a full backup in ACS, ACS uses the static key to encrypt the CARS and ACS data and makes a .gpg file whereas the ACS backup data is saved inside this .gpg file as a separate .gpg file using the dynamic encryption password. When you restore the full backup, ACS prompts for the decryption password to decrypt the ACS backup data. ACS decrypts the CARS data and ACS view data using the static key.
The encryption password should have:
Special characters are allowed except "`", "$", "(", and ")". ACS displays the password policy if the entered password does not meet the password requirements.
===========================================================
for the people who would ask "why I want to do this" : this is related policy check password standardization
Solved! Go to Solution.
03-25-2014 10:44 PM
Hi,
I can only think about one way to get your files, that is to restore the file to a temp ACS server then generate a backup that is not encrypted.
I would say we can decrypt the file on your desktop if we know the method that has been used to encrypt it. I think this information is not provided anywhere in cisco doc.
Regards,
Amjad
03-26-2014 03:40 AM
I would suggest to search for the decryption tool (open source) and decrypt it but try to match with the ACS encryption process that information is not easly available or public
03-25-2014 10:44 PM
Hi,
I can only think about one way to get your files, that is to restore the file to a temp ACS server then generate a backup that is not encrypted.
I would say we can decrypt the file on your desktop if we know the method that has been used to encrypt it. I think this information is not provided anywhere in cisco doc.
Regards,
Amjad
03-26-2014 04:28 AM
Guys,
Thanks for the answer, both replies are valid. I found a tool to decrypt the backup file "GnuPG"
with regard to Amjad reply
"I can only think about one way to get your files, that is to restore the file to a temp ACS server then generate a backup that is not encrypted"
how can I export the backup file unencrypted from the temp ACS. I had a look and couldn’t see any way of doing this.
I had to add: customer stated, when the backup file is auto backed up it doesn’t ask for a password. And he is not aware of this as this job is done by Cronus.
any idea?
03-26-2014 07:26 AM
I guess you could also use cryptophane to decrypt it.
To back up an ACS configuration (not including the ADE OS data), use the acs backup command in the EXEC mode. This doesn't need encryption.
acs backup backup-filename repository repository-name
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-3/command/reference/cli/cli_app_a.html#wp1886805
Hope this helps.
Regards,
Jatin Katyal
*Do rate helpful posts*
03-26-2014 03:40 AM
I would suggest to search for the decryption tool (open source) and decrypt it but try to match with the ACS encryption process that information is not easly available or public
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide