-
|
So I choose to encrypt database and now all sensitive information is encrypted, awesome. I know at any point I can copy the sqlite database file and APP_KEY to spin up new docker instance and everything will be back to working. However. I wanted to know if you can decrypt the sqlite content manually (of-course with APP_KEY). This is just a backup measure in the event for some weird reason I fail to spin up 2FAuth instance and would like to just get hand on one of the TOTP secret thats in the database. In simple words, want to know what encrypting methodology is used so I decrypt the file myself. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hi, Encryption is done with the Laravel encrypter, basically it is an openssl encrypt/decrypt process with a public function decrypt($payload, $unserialize = true)
{
$payload = $this->getJsonPayload($payload);
$iv = base64_decode($payload['iv']);
$this->ensureTagIsValid(
$tag = empty($payload['tag']) ? null : base64_decode($payload['tag'])
);
// Here we will decrypt the value. If we are able to successfully decrypt it
// we will then unserialize it and return it out to the caller. If we are
// unable to decrypt this value we will throw out an exception message.
$decrypted = \openssl_decrypt(
$payload['value'], strtolower($this->cipher), $this->key, 0, $iv, $tag ?? ''
);
if ($decrypted === false) {
throw new DecryptException('Could not decrypt the data.');
}
return $unserialize ? unserialize($decrypted) : $decrypted;
}AFAIK Laravel does not provide an offline way to use its decrypter but I was able to find easily some resources to address this need, e.g:
If you are confortable with php or js it will do the trick. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you so much for the details! |
Beta Was this translation helpful? Give feedback.
Hi,
Encryption is done with the Laravel encrypter, basically it is an openssl encrypt/decrypt process with a
AES-256-CBCcipher: