Skip to content
/ cloudberry_decrypt_python Public

Decrypt files encrypted by Cloudberry Backup and uploaded to Amazon S3

License

MIT license
4 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cdacos/cloudberry_decrypt_python

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
decrypt.py
decrypt.py
 
 
decrypt_lib.py
decrypt_lib.py
 
 
s3_download.py
s3_download.py
 
 

Repository files navigation

Cloudberry Decrypt for Python

Created to decrypt files encrypted by Cloudberry Bare Metal Backup and uploaded to Amazon S3.

Requires:

Installation

Recommend working in a virtualenv.

Clone the repo:

git clone [email protected]:cdacos/cloudberry_decrypt_python.git

To create the virtualenv:

virtualenv cloudberry_decrypt_python

To start the virtualenv:

cd cloudberry_decrypt_python
source bin/activate

Install the AWS Python tools :

pip install boto
pip install pycrypto

Now run the scripts as shown below. For example:

python s3_download.py -h

To close the virtualenv:

deactivate

Example Usage

Pull from Amazon S3 and decrypt in one step

Use s3_download.py. You will need your AWS S3 access and secret keys. The name of the bucket, and then the bucket_key (the path to the specific file, beginning with a / and not including the bucket name). The password is the one you entered into the Cloudberry backup tool to encrypt the data before uploading to Amazon S3. The optional save_to argument can be the path to a specific file, or a directory if it ends with a /. If not specified the file name is taken from the bucket key.

python s3_download.py aws_access_key aws_secret_key bucket_name password bucket_key [save_to]

Example:

python s3_download.py "YOUR-AWS-ACCESS-KEY" "Your-AWS-Secret-Key" "mybackupbucket" "My-very-awesome-and-long-encryption-password" "/CBB_MYMACHINE/D:/Projects/SampleSite/WebRoot/web.config:/20131205160904/web.config"

Will result in web.config being downloaded, decrypted and saved in the working directory.

Decrypt a file already downloaded

If you've already downloaded the file and want to decrypt it, use decrypt.py.

python decrypt.py password base64-iv file

But first you will need to use an S3 client (or the Amazon S3 website) to look at the metadata for the file. You need to find the value of the cb-encryptioninfo header. It will have a semi-colon seperated string like: 1;190728;AES;256;kgAAAAAAwlXSWZGeLJlaWg==;;; The 5th item is the base64 encoded "IV" value which is kgAAAAAAwlXSWZGeLJlaWg== in this case. You will need this to decrypt the file (it is different for each file):

python decrypt.py "My-very-awesome-and-long-encryption-password" "kgAAAAAAwlXSWZGeLJlaWg==" "An Example.pdf"

TODO

  • Decrypt large files
  • Support compression

Creator

Carlos da Costa

Copyright and license

Refer LICENSE.txt

About

Decrypt files encrypted by Cloudberry Backup and uploaded to Amazon S3

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages