I have a Flint running with firmware 4.1.
I noticed that when we backup the router with the Luci interface, the zip file produced is unprotected.
Inside it, the OpenVPN certs are also stored unprotected.
I work in IT, and I suggest add a password feature when creating the router’s backup.
I hope that you like my suggestion.
Tar does not include any flags/features for a password or encryption.
BusyBox v1.33.2 (2022-10-13 19:16:38 UTC) multi-call binary.
Usage: tar c|x|t [-zahvokO] [-f TARFILE] [-C DIR] [-T FILE] [-X FILE] [FILE]...
Create, extract, or list files from a tar file
-f FILE Name of TARFILE ('-' for stdin/out)
-C DIR Change to DIR before operation
-O Extract to stdout
-o Don't restore user:group
-k Don't replace existing files
-z (De)compress using gzip
-a (De)compress based on extension
-h Follow symlinks
-T FILE File with names to include
-X FILE File with glob patterns to exclude
Usage: gzip [-cfkdt] [FILE]...
Compress FILEs (or stdin)
-t Test file integrity
-c Write to stdout
-k Keep input files
I think the onus is on the user to secure/encrypt their own backups (for example using 7zips password feature or other encryption techniques) after they create them and develop their own process for security, with OpenWRT providing a simple method to export the backups.
Hi, I agree that everyone should secure/encrypt their backups, and I thought OpenWRT included some encrypt way.
Anyway, I still think that it could be a good feature. I just checked, and everything in the backup is text-based, also the Client username and passwords!
Maybe could be an idea also for OpenWRT include zip or encrypt packages ;-)!!!
Its linux. Its usually best not to tell geeks what to do when there are dozens of ways to accomplish the same goal.
You could probably write a simple script to unpack the tar.gz into a folder and to repack it on the fly using 7zip with a prompt to input a password. Its a 60 second fix regardless of how the goal is achieved.
To make it “more user friendly”, I agree. Adding a password prompt would make it easier when generating backups. It would probably be a weak form of encryption anyways, so your guess is as good as mine.
A similar request has been submitted several times. We have no plans to add this feature yet. Because users can backup/restore via LuCI and encrypt themselves directly.
Thanks for your answer!