How to decrypt your AES-encrypted backups?

Decrypt backups step by step using your RSA private key and AES

Steps to decrypt AES-encrypted backup

  • Download your encrypted backup
  • Download the AES encryption passphrase
  • Decrypt the encryption passphrase using your RSA private key
  • Decrypt your backup using the decrypted passphrase

Step 1. Decrypt your encryption passphrase first using the following command:

cat encryption-passphrase.pass | base64 -d | openssl rsautl -decrypt -inkey private-key.pem -out decryption-passphrase.txt

Where private-key.pem is your private key (you never share it with anyone), encryption-passphrase.pass is the encrypted passphrase used to encrypt your backup via AES-256.


Step 2. Finally, to decrypt your backup, you could use the following command:

openssl enc -d -aes-256-cbc -md sha512 -in encrypted-file-from-simplebackups.sql.gz -out decrypted-file.sql.gz -pass file:/home/path/decryption-passphrase.txt

Where encrypted-file-from-simplebackups.sql.gz is your encrypted SimpleBackups backup archive, decryption-passphrase.txt is the decrypted passphrase which will decrypt your backup.

  • The encryption-passphrase.pass can only be decrypted using your RSA private key
  • Your backup can only be decrypted using the decrypted encryption-passphrase.pass
  • We store your encryption-passphrase.pass on our side, it is unique per backup run
  • You are responsible for securing, and keep your private-key.pem, private
  • No one can read or decrypt your encrypted backups, except you
Did this answer your question?

Last updated on January 24, 2023