Decrypting your backup

High-level overview:

  • Download your encrypted backup

  • Download the AES encryption passphrase

  • Decrypt the encryption passphrase using your RSA private key

  • Decrypt your backup using the decrypted passphrase

Step 1. Decrypt your encryption passphrase first using the following command:

cat encryption-passphrase.pass | base64 -d | openssl rsautl -decrypt -inkey private-key.pem -out decryption-passphrase.txt

Where private-key.pem is your private key (you never share it with anyone), encryption-passphrase.pass is the encrypted passphrase used to encrypt your backup via AES-256.

Step 2. Finally, to decrypt your backup, you could use the following command:

openssl enc -d -aes-256-cbc -md sha512 -in encrypted-file-from-simplebackups.sql.gz -out decrypted-file.sql.gz -pass file:/home/path/decryption-passphrase.txt

Where encrypted-file-from-simplebackups.sql.gz is your encrypted SimpleBackups backup archive, decryption-passphrase.txt is the decrypted passphrase which will decrypt your backup.


  • The encryption-passphrase.pass can only be decrypted using your RSA private key

  • Your backup can only be decrypted using the decrypted encryption-passphrase.pass

  • We store your encryption-passphrase.pass on our side, it is unique per backup run

  • You are responsible for securing, and keep your private-key.pem, private

  • No one can read or decrypt your encrypted backups, except you

Did this answer your question?