I’ve written about NAS4Free before – it’s a super NAS solution that packs a tonne of great features and offer good performance even on older hardware, ideal for a home file/media server. During a recent ugprade (9.3 to 10.2) I found myself wanting to decrypt the encrypted backup that you (should) normally take prior to any upgrade attempt. There doesn’t seem to be much documentation on this elsewhere, so I’ve recorded a procedure here in case anyone else wants to do this.
I’m doing this under Windows 7 Enterprise 64-bit, but there are straight forward equivalents for most (all?) of this on other platforms.
The key element to all of this is that NAS4Free uses a plain and sane way to create the encrypted configuration file: the configuration is first encrypted with the admin password (and “salt”) using the AES-256-CBC cipher, the result is then base64 encoded, and finally compressed with GZIP.
Decrypt NAS4Free Config
You can download an unencrypted config from NAS4Free, but it’s generally not a good idea to store these as they contain the passwords for your admin and user accounts in plain text. Also, if you are recovering from a broken NAS4Free installation then you may not be able to download a config at all, in which case being able to see the settings from a previous installation may help you figure out what broke it.
- You should start out with an encrypted backup file from NAS4Free (System | Backup/Restore), the default filename will be something like
- Begin by decompressing this file. I use 7-zip, so I can just right-click the file and choose Extract here.
- Now you can decrypt this file using OpenSSL. A Windows binary is available from Shining Light Productions. I installed the 64-bit Windows OpenSSL binaries to the default location (
C:\OpenSSL-Win64) so hold shift and right-click that folder and choose
Open command window here.
- OpenSSL can remove the base64 encoding and decrypt using the command
openssl enc -aes-256-cbc -d -a -in C:\Temp\config-nas4free.local-20160213090000 -out C:\Temp\config-nas4free.local-20160213090000.xml. Unless you’ve done some previous work with OpenSSL then you’ll get a warning that can safely be ignored, and a prompt for the decryption password. With NAS4Free 9.3 and earlier this will be your admin account password, for later versions it is the encryption password you entered when you downloaded the configuration.
- This will drop your NAS4Free config into an XML file ready for you to browse. Note that NAS4Free does not allow you upload an unencrypted configuration.
Encrypt NAS4Free Config
Used in conjunction with the decryption routine above, this would enable you to download an encrypted configuration file (or take a previous one), make modifications to it, and upload / restore the result. This is not for the faint-hearted or inexperienced user as it could seriously break your NAS4Free setup and potentially damage the data you have store in it – you should be confident that you know what you’re doing before heading down this route.
- Start with your unencrypted XML configuration, I’ll assume that’s in
- Use OpenSSL to encrypt and base64 encode this, same as step 4 above, but with a slightly different command:
openssl enc -aes-256-cbc -a -in C:\Temp\config-nas4free.local-20160213090000-new.xml -out C:\Temp\config-nas4free.local-20160213090000-new
- Right-click the output file and use 7-Zip to create a new archive.
- Set the archive type to GZIP and click OK.
- Your compressed, encrypted config will now be ready to upload.