HBS3 Client-Side Encryption Algorithm

Backup, Restore, Netbak Replicator, Cloud Storage Services
Post Reply
tuofs
New here
Posts: 2
Joined: Sun Sep 15, 2019 3:12 am

HBS3 Client-Side Encryption Algorithm

Post by tuofs » Sun Sep 15, 2019 3:19 am

Hey,

in the past QNAP has used different encryptions depending on which backup option was used, this seems to be unified now with "Client Side Encryption".
As I'm running multiple backups with this option and would like to have a small script to check whether the decryption is still working or it's bit-garbage in my server.

Also in case of disaster recovery I would rather not rely on HBS3 to bring my files back, but to be able to do it by hand if things go downhill.

Does anyone know how the encryption is working and if yes what opensource tool to use to decrypt?

User avatar
Moogle Stiltzkin
Ask me anything
Posts: 9079
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: HBS3 Client-Side Encryption Algorithm

Post by Moogle Stiltzkin » Sun Sep 15, 2019 9:23 am

this is why i tested first whether client side encryption worked before i consider using it for my backup.

but i too wonder about this. how to run a check every now and then to see that the encrypt hasn't gone corrupt at some point.

in winrar i would click run test, then i would know extract the file will work. so i'm wondering if there is something similar for this?
NAS
[Main Server] QNAP TS-877 w. 4tb [ 3x HGST Deskstar NAS (HDN724040ALE640) & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A w. 5x 2TB Samsung F3 (HD203WI) EXT4 Raid5
[Backup] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) single disks.
[^] QNAP TS-659 Pro II
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-228
[^] QNAP TS-128
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Asus AC68U Router|100dl/50ul MBPS FTTH Internet | Win10, WC PC-Intel i7 920 Ivy bridge desktop (1x 512gb Samsung 850 Pro SSD + 1x 4tb HGST Ultrastar 7K4000)


Guides & articles
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin

tuofs
New here
Posts: 2
Joined: Sun Sep 15, 2019 3:12 am

Re: HBS3 Client-Side Encryption Algorithm

Post by tuofs » Mon Sep 16, 2019 12:53 am

Yeah it doesn't even need to be implemented by QNAP, just knowing if I run openssl with these parameters and my password would let me decrypt my files would help me a lot and let me sleep better :)

Jon2288
First post
Posts: 1
Joined: Thu Sep 26, 2019 11:13 pm

Re: HBS3 Client-Side Encryption Algorithm

Post by Jon2288 » Thu Sep 26, 2019 11:16 pm

I found this on the client side encryption. It is old but does state AES 256:

https://www.qnap.com/en-us/how-to/tutor ... tion-note/


"client-side AES-256 encryption"

Then further states it uses openssl:

"(4) Client site encryption: when enabled, your files will be encrypted before being transferred to the cloud storage, and your data will remain encrypted in the cloud storage. The encryption key is derived from the password you enter for this job. Without your password to decrypt the file, your original data cannot be decrypted. This prevents unauthorized access to your confidential data even if your credentials of the cloud storage are compromised or if your cloud storage provider tries to access your data. As standard openssl is used for encrypting the files, you can use it to decrypt your files after you download the files using other utilities without using a Turbo NAS. Please note that you cannot change this setting after a job is created."



What I would expect is that the software today adds something to the passphrase you provide to make it locked to the app to decrypt. Maybe not, haven't tried to decrypt with openssl yet. Will report back here when I do.

kiravae
First post
Posts: 1
Joined: Mon Apr 02, 2018 2:25 pm

Re: HBS3 Client-Side Encryption Algorithm

Post by kiravae » Sun Nov 24, 2019 11:41 am

Has anyone tried this yet? I prefer to use client-side encryption, but don't quite like the idea that I would require a QNAP to access my remote data (seeing as I would probably only need to do a complete restore if something happened to my current QNAP).

bigcookie
Getting the hang of things
Posts: 60
Joined: Fri Jan 30, 2009 6:00 pm

Re: HBS3 Client-Side Encryption Algorithm

Post by bigcookie » Mon Feb 10, 2020 10:53 pm

try this: https://github.com/Mikiya83/hbs_decipher
Developed by a forum member - dont find the thread yet quickly...

Worked for me in backup mode at least (didnt try sync mode)

adricu
First post
Posts: 1
Joined: Tue Aug 30, 2016 2:41 am

Re: HBS3 Client-Side Encryption Algorithm

Post by adricu » Sun Apr 19, 2020 8:24 pm

You can decrypt files with openssl this way:

Code: Select all

openssl enc -md md5 -aes-256-cbc -d -in INPUT_FILE -out OUTPUT_FILE

User avatar
sentinelvdx
Know my way around
Posts: 103
Joined: Sat Dec 19, 2015 5:28 am
Location: Buenos Aires - Argentina

Re: HBS3 Client-Side Encryption Algorithm

Post by sentinelvdx » Thu Jul 23, 2020 9:01 am

adricu wrote:You can decrypt files with openssl this way:

Code: Select all

openssl enc -md md5 -aes-256-cbc -d -in INPUT_FILE -out OUTPUT_FILE
Hi,

How am I suppose to use this command? Let's say I download one .pdf from the whole backup job
Don't see in that line the path of the file or where should I put the passphrase

Using S.G.S9+ Duos w/ Tapatalk

NAS: TS-251+ 16GB DDR3L 1600mhz CAS11
Firm: QTS 4.4.3.xxxx
HDD's: 2x 4TB HGST Deskstar NAS 7.2k RPM - RAID0
Port Trunk: 802.3ad w/ Systimax CAT6a
PC's OS: Windows 10 Pro x64

Post Reply

Return to “Backup & Restore”