0 Persons are tagged with #openssl

#openssl

bkoehn@diaspora.koehn.com
Brad Koehn ☑️

My one gripe about #kopia, an otherwise fantastic backup tool, is that it stores its passwords in cleartext files. (Everything it puts into storage is encrypted; go figure.)

Anyway, you can encrypt the files it uses (once it creates them) with #openssl and never put them on the filesystem again. 

#!/bin/bash

ENCRYPTED_FILE=/root/.config/kopia/repository.config.aes

DECRYPT="openssl enc -d -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 -in $ENCRYPTED_FILE -pass pass:$KOPIA_PASSWORD"

kopia snapshot create --no-progress /path-to-backup --config-file <($DECRYPT)

This uses process substitution to pass a file descriptor as a command line argument (e.g., /proc/204638/fd/pipe). The output of the openssl command will be written to the file descriptor and can be read until the kopia command exits.

You encrypt the cleartext file using the same openssl command without the -d.

The script above is invoked via ssh, which passes in the KOPIA_PASSWORD environment variable:

ssh root@host KOPIA_PASSWORD=password123 /root/.config/kopia/backup

It’s still there if a hacker were to look for it, but it would take a fair bit more effort to find it.

2 Likes
1 Comments
fla@diaspora-fr.org
Fla

Hacking on #diaspora tonight, we discovered that Ruby 2.7.7 is now patched and correctly get the #openssl version passed in parameters, which means you can force Ruby to use OpenSSL 1, which is nice because we don't support openssl 3 yet, and that's the version that Ubuntu 22.04 ships. So until Ruby 2.7.7 it was not possible to run diaspora on Ubuntu 22.04, but that's now the case!

(and yes, we should upgrade to Ruby 3. If you want to help us with that, you're welcome)

#diaspora-dev

Comparing v2.1.3...v2.1.4 · ruby/openssl

Provides SSL, TLS and general purpose cryptography. - Comparing v2.1.3...v2.1.4 · ruby/openssl

6 Likes
_steve@pod.thewalkingdeaf.net
Steve Simons

Hosting my own pod again

(Read the blog post here)

I couldn’t say why, but I recently had the strong urge to host my own diaspora✻ pod again.

Around eighteen months or so ago I got a docker instance running after a fashion that ran diaspora✻ but it was flaky to say the least, and I wasn’t happy with the lack of control I had over it. I’d had a look at the instructions for getting one to run natively and had decided that a docker instance would be the easier option. In the event I did something really stupid and managed to hose the installation and gave it up as a bad job.

So in more recent weeks I had another look at hosting my own pod and in this new light, it didn’t look all that hard to do. So I spun up an Ubuntu 22.04 server1 on VMWare Fusion on my MacBook and had a go…

#diaspora #linux #ubuntu #openssl #ruby #vm

diaspora✻ pod back up

I have a diaspora* pod running again at pod.thewalkingdeaf.net

9 Likes
5 Comments
3 Shares