Reputation: 11
I have a backup vault in Azure that store long term backups of my Azure Database for PostgreSQL - Flexible Servers.
Problem is that I can't restore the backups. When I restore the backups in the portal, the .sql files are restored to the selected blob storage as they should. I can download the file 'database.sql' but the content is encrypted. The database and the backup vault use different customer managed keys (CMK). I have access to both RSA keys, but decryption won't work
% openssl pkeyutl -decrypt -inkey rsa.pem -in database.sql -out decrypted_database.sql
Public Key operation error 000C82FE01000000:error:0200006C:rsa routines:rsa_ossl_private_decrypt:data greater than mod len:crypto/rsa/rsa_ossl.c:561:
Upvotes: 0
Views: 50
Reputation: 5317
Public Key operation error 000C82FE01000000:error:0200006C:rsa routines:rsa_ossl_private_decrypt:data greater than mod len:crypto/rsa/rsa_ossl.c:561:
According to the MS document
The CMK to be used for encrypting the DEK can be only asymmetric, RSA, or RSA-HSM. Key sizes of 2,048, 3,072, and 4,096 are supported.
Asymmetric RSA keys can encrypt/decrypt only data of limited length i.e. RSAES-PKCS1-v1_5 encryption scheme defined in RFC3447 can operate on messages of length up to k - 11 octets (k is the octet length of the RSA modulus) so if you are using 2048-bit RSA key then maximum length of the plain data to be encrypted is 245 bytes. If not, you may get above error. In Azure database for Postgres SQL server you can use pg_dump or pg_restore tools to restore restore your databases to the server.
For more information you can refer to the below documents:
Upvotes: 0