PHPBU can encrypt your backup using openssl
or mcrypt
.
If the choice is yours, I strongly recommend using openssl. Here is a good article explaining why.
Table 7.1. Available crypts:
Type | Description |
---|---|
mcrypt | Encrypts your backup with the mcrypt command line tool. |
openssl | Encrypts your backup with the openssl command line tool. |
Table 7.2. mcrypt options
Name | Value | Required | Default | Description |
---|---|---|---|---|
algorithm | string | yes | - | Algorithm to use to encrypt the backup. |
key | string | yes | - | Secret key to use for encryption. |
Example 7.1: mcrypt XML example
<!-- encryption --> <crypt type="mcrypt"> <option name="algorithm" value="blowfish"/> <option name="key" value="mySecretKey"/> </crypt>
Example 7.2: mcrypt JSON example
{ "type": "mcrypt", "options": { "algorithm": "blowfish", "key": "mySecretKey" } }
Please be sure to use only password
or certFile
.
Table 7.3. openssl options
Name | Value | Required | Default | Description |
---|---|---|---|---|
password | string | yes | - | Encrypt backup with 'openssl enc -pass...'. |
certFile | string | yes | - | Encrypt backup with 'openssl smime ... myCert.pem'. |
algorithm | string | yes | - |
Algorithm to use to encrypt the backup.
Attention you have to specify different algorithm names
for using password and using a cert file .
|
keepUncrypted | boolean | no | false | Don't remove the uncrypted backup. |
pathToOpenSSL | string | no | - | Used to specify a special path to the openssl command. |
Example 7.3: openssl XML example using password encryption
<!-- encryption --> <crypt type="openssl"> <option name="password" value="mySecretPassword"/> <option name="algorithm" value="aes-256-cbc"/> </crypt>
Example 7.4: openssl JSON example using password encryption
{ "type": "openssl", "options": { "password": "mySecretPassword", "algorithm": "aes-256-cbc" } }
Example 7.5: openssl XML example using SSL cert encryption
<!-- encryption --> <crypt type="openssl"> <option name="certFile" value="ssl/MyCert.pem"/> <option name="algorithm" value="aes256"/> </crypt>
Example 7.6: openssl JSON example using SSL cert encryption
{ "type": "openssl", "options": { "certFile": "ssl/MyCert.pem", "algorithm": "aes256" } }
To encrypt your backups with a cert file you have to create a private key and a certificate pem file.
$
openssl req -x509 -new -days 100000 -key private.pem -out certificate.pem
The created certificate.pem
is used to encrypt your backups
and should be referenced in your phpbu configuration as certFile
.
The private.pem
file is used to decrypt your backups.
Decrypt a cert file encoded backup
$
openssl smime -decrypt -aes256 -inform DER \ -in backup.tar.bz2.enc \ -out backup.tar.bz2 \ -inkey private.pem
Decrypt a password encoded backup
$
openssl enc -d -a -aes-256-cbc \ -in backup.tar.bz2.enc \ -out backup.tar.bz2 \ -pass pass:mySecretPassword