Skip to content

Commit 3e96e64

Browse files
SpearfootSpearfoot
authored
Update README.md
1 parent a089058 commit 3e96e64

File tree

1 file changed

+6
-8
lines changed

1 file changed

+6
-8
lines changed

Diff for: README.md

+6-8
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,7 @@ Optional features:
7373

7474
Saves your FreeNAS system configuration and password secret seed files to a dataset you specify, optionally sending you an email message containing these files in an encrypted tarball.
7575

76-
Supports the versions of FreeNAS which use an SQLite-based configuration file: these include FreeNAS 9.x-11.x, and probably earlier versions as well.
76+
Supports the versions of FreeNAS which use an SQLite-based configuration file: these include FreeNAS 9.x-12.x, and probably earlier versions as well.
7777

7878
The backup configuration filenames are formed from the hostname, complete FreeNAS version, and date, in this format: _hostname-freenas_version-date.db_. Here is an example from a recent backup on my server named _bandit_:
7979

@@ -94,19 +94,17 @@ The attachment filename is formed from the hostname, complete FreeNAS version, a
9494
```
9595
bandit-FreeNAS-11.0-RELEASE-a2dc21583-20170710234500.tar.gz.enc
9696
```
97-
The script uses `tar` to store the configuration and password secret seed files in a gzipped tarball, which it encrypts by calling `openssl`, using the passphrase you specified above. Here is the command used to encrypt the tarball:
97+
The script uses `tar` to store the configuration and password secret seed files in a gzipped tarball, which it encrypts by calling `openssl`, using the passphrase you specified above. For FreeNAS versions prior to 12.x, this is the command used to encrypt the tarball:
9898

9999
`openssl enc -e -aes-256-cbc -md sha512 -salt -S "$(openssl rand -hex 4)" -pass file:[passphrase_file] -in [tarball] -out [encrypted_tarball]`
100100

101-
To decrypt the email attachment, use this command on your FreeNAS system:
102-
103-
`openssl enc -d -aes-256-cbc -md sha512 -pass file:[passphrase_file] -in [encrypted_file] -out [unencrypted_file]`
101+
For version 12.x of FreeNAS we add the new OpenSSL v1.1.1 options `-pbkdf2` and `-iter` thus:
104102

105-
Note that the command above is specific to the version of OpenSSL used by FreeNAS. FreeNAS version 11.2U8, for example, uses OpenSSL version 1.0.2q-freebsd.
103+
`openssl enc -e -aes-256-cbc -md sha512 -pbkdf2 -iter 128000 -salt -S "$(openssl rand -hex 8)" -pass file:[passphrase_file] -in [tarball] -out [encrypted_tarball]`
106104

107-
You will almost certainly have to use alternative commands for other OpenSSL versions. Here is a working example for OpenSSL 1.1.1.g-2 on Arch Linux (thanks to FreeNAS forum member Dice):
105+
To decrypt the email attachment, use this command on your FreeNAS system:
108106

109-
`openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter 10 -pass file:[passphrase_file] -in [encrypted_file] -out [unencrypted_file]`
107+
`openssl enc -d -aes-256-cbc -md sha512 -pass file:[passphrase_file] -in [encrypted_file] -out [unencrypted_file]`
110108

111109
In the above commands:
112110
* `passphrase_file` is a file containing the same passphrase you configured on your FreeNAS server

0 commit comments

Comments
 (0)