A simple script to decrypt secrets encrypted with SFTPGo's secretbox encryption.
Since this script uses SFTPGo's internal packages, it needs to be run from within the SFTPGo source tree.
-
Clone the SFTPGo repository:
git clone https://github.com/drakkan/sftpgo.git cd sftpgo -
Copy the decrypt script into the SFTPGo directory:
cp /path/to/this/repo/local_run.go ./decrypt.go
-
Build and run the script:
go run decrypt.go <password_file> <contents_file> <additional_data>
The script takes three arguments:
password_file: Path to a file containing the decryption passwordcontents_file: Path to a file containing the encrypted secretbox dataadditional_data: Additional data string used during encryption
Example:
go run decrypt.go password.txt encrypted_data.txt "some_folder_name"The script:
- Reads the password from the specified file
- Reads the encrypted data from the specified file
- Uses SFTPGo's internal KMS functionality to decrypt the secretbox
- Outputs the decrypted content
The additional_data parameter must match the value used when the secret was originally encrypted.