Decrypt backup file
https://medium.com/@gmanual/sophos-xg-decrypt-backup-file-2c5bc8d6347f
I recently had the prospect of trying to restore a failed Sophos XG hardware device and needed to determine configuration information from the encrypted backup file.
Because of various issues finding compatible hardware to restore, I attempted to read the contents of the encrypted backup file.
Uploading the file to my linux server and using the ‘file’ command it revealed the file type as an ‘openssl enc’d data with salted password’.
Looking into OpenSSL file encryption/decryption, and trialing a few commands, I found the following command to work: (You will need to know the encryption password).
openssl enc -aes-256-cbc -md md5 -d -in SophosXG_Backup_SerialNumber_Date_Time -out unencyptedfile
Checking the outputted unencrypted file with the ‘file’ command it revealed the file type as an ‘gzip compressed data’, (pretty much a zip). Uncompressing and checking this file revealed a tar archive. Inside being the contents of the Sophos XG backup.
