Minor improvement regarding the manual and the use of OpenSSL (on Windows) #374
Description
First a little bit of a disclaimer: i barely/don't know what i'm doing :-) And somebody who actually knows more about this stuff should update the manual. But i thought I leave this here in case somebody else is running into issues.
I tried to use openssl encryption for my backups and stumbled across two problems. The manual says
To encrypt your backups with a cert file you have to create a private key and a certificate pem file.
$ openssl req -x509 -new -days 100000 -key private.pem -out certificate.pem
but this doesn't work as "-key" requires an already existing key-file. So you would basically have to run something like
$ openssl genrsa -out private.pem 4096
first... and then the command from the manual.
Also, if you're using Windows you'll run into an "interesting" secondary problem. The files will be encrypted just fine but if you try to decrypt them using the command from the manual you'll end up with a broken file. The problem seems to be that openssl does something funky with the line-breaks upon decryption.
To fix this, you have to use the "-binary" parameter:
$ openssl smime -decrypt -aes256 -inform DER \
-in backup.tar.bz2.enc \
-out backup.tar.bz2 \
-inkey private.pem \
-binary
IDK how much of an issue this is when you're using Linux as I only tested it on Windows.