zoptop
zoptop

Reputation: 11

Decrypt file encrypted with Azure Backup Vault

I have a backup vault in Azure that store long term backups of my Azure Database for PostgreSQL - Flexible Servers.

Problem is that I can't restore the backups. When I restore the backups in the portal, the .sql files are restored to the selected blob storage as they should. I can download the file 'database.sql' but the content is encrypted. The database and the backup vault use different customer managed keys (CMK). I have access to both RSA keys, but decryption won't work

% openssl pkeyutl -decrypt -inkey rsa.pem -in database.sql -out decrypted_database.sql

Public Key operation error 000C82FE01000000:error:0200006C:rsa routines:rsa_ossl_private_decrypt:data greater than mod len:crypto/rsa/rsa_ossl.c:561:

Upvotes: 0

Views: 50

Answers (1)

Bhavani
Bhavani

Reputation: 5317

Public Key operation error 000C82FE01000000:error:0200006C:rsa routines:rsa_ossl_private_decrypt:data greater than mod len:crypto/rsa/rsa_ossl.c:561:

According to the MS document

The CMK to be used for encrypting the DEK can be only asymmetric, RSA, or RSA-HSM. Key sizes of 2,048, 3,072, and 4,096 are supported.

Asymmetric RSA keys can encrypt/decrypt only data of limited length i.e. RSAES-PKCS1-v1_5 encryption scheme defined in RFC3447 can operate on messages of length up to k - 11 octets (k is the octet length of the RSA modulus) so if you are using 2048-bit RSA key then maximum length of the plain data to be encrypted is 245 bytes. If not, you may get above error. In Azure database for Postgres SQL server you can use pg_dump or pg_restore tools to restore restore your databases to the server.

enter image description here

For more information you can refer to the below documents:

Upvotes: 0

Related Questions