Re: [Burp-users] EVP_CipherInit_ex failed

[Christian M. <ma...@un...>]

Am 24.01.26 um 02:13 schrieb Graham Keeling:
> In older versions of burp, the encryption flag wasn't encoded into the
> attributes. In that case, you can look at the file type row in the manifest:
> y0023/home/graham/burp/test/build/CA.cnf
> The leading 'y' means it's encrypted, and the blowfish encryption is implied.
> 
> 
> Given the information above, it would be possible to manually edit the current
> manifest to identify and delete the lines that represent blowfish encrypted
> files. Burp would then back them up again on the next backup. If doing this, I
> would also keep a copy of the original manifest and replace the edited manifest
> again when done.
> 
> Obviously, having the feature to do it automatically a little at a time would
> be much easier!
> I will have a look to see if I can do this.
Hi Graham,

I made a quick and dirty patch that adds a server side config option 
"migrate_from_blowfish" (working title) that makes it so blowfish 
encrypted files are treated as "new" to force re-encryption. See attachment.

Tested on a small dataset with some old files and it seems to have 
worked (got a bunch of files in the "new" column and "^r" lines in the 
manifest went from "r... A A J B ..." in previous backups to "r... A A J 
C ..." in the new test backup; restore works fine as well).

Not sure if it's enough to only look at CMD_ENC_FILE in the check in 
src/server/backup_phase2.c or if the other CMD_ENC_* types need to be 
considered as well.

Does this seem like a sane approach?


Regards,
Christian Manal