How to decrypt RDS SQL Server backup done with msdb.dbo.rds_backup_database

Hello,

we have an RDS with SQL Server and we do backups to S3 with procedure msdb.dbo.rds_backup_database provided by AWS as explained at https://docs.aws.amazon.com/es_es/AmazonRDS/latest/UserGuide/SQLServer.Procedural.Importing.html#SQLServer.Procedural.Importing.Native.Using.Backup.

We are encrypting theses backups with KMS through msdb.dbo.rds_backup_database parameter. Then we download the backup file and we try to decrypt with aws-encryption-cli --decrypt but we get the error "Error: 51 is not a valid SerializationVersion" .This is the error with verbose output:

2022-09-21 15:19:11,156 - MainThread - aws_encryption_sdk.internal.formatting.deserialize - DEBUG - Starting header deserialization
2022-09-21 15:19:11,156 - MainThread - aws_encryption_sdk.streaming_client - DEBUG - Closing stream
--- Logging error ---
Traceback (most recent call last):
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk\internal\formatting\deserialize.py", line 97, in _verified_version_from_id
    return SerializationVersion(version_id)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\enum.py", line 385, in __call__
    return cls.__new__(cls, value)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\enum.py", line 710, in __new__
    raise ve_exc
ValueError: 51 is not a valid SerializationVersion
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk_cli\internal\io_handling.py", line 240, in _single_io_write
    header=json_ready_header(handler.header),
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk\streaming_client.py", line 218, in header
    self._prep_message()
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk\streaming_client.py", line 792, in _prep_message
    self._header, self.header_auth = self._read_header()
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk\streaming_client.py", line 807, in _read_header
    header, raw_header = deserialize_header(self.source_stream, self.config.max_encrypted_data_keys)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk\internal\formatting\deserialize.py", line 346, in deserialize_header
    version = _verified_version_from_id(version_id)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk\internal\formatting\deserialize.py", line 99, in _verified_version_from_id
    raise NotSupportedError("Unsupported version {}".format(version_id), error)
aws_encryption_sdk.exceptions.NotSupportedError: ('Unsupported version 51', ValueError('51 is not a valid SerializationVersion'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk\streaming_client.py", line 228, in __exit__
    self.close()
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk\streaming_client.py", line 995, in close
    raise SerializationError("Footer not read")
aws_encryption_sdk.exceptions.SerializationError: Footer not read
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\logging\__init__.py", line 1100, in emit
    msg = self.format(record)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\logging\__init__.py", line 943, in format
    return fmt.format(record)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk_cli\internal\logging_utils.py", line 137, in format
    _record = self.__redact_record(record)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk_cli\internal\logging_utils.py", line 123, in __redact_record
    _record = copy.deepcopy(record)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\copy.py", line 172, in deepcopy
    y = _reconstruct(x, memo, *rv)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\copy.py", line 271, in _reconstruct
    state = deepcopy(state, memo)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\copy.py", line 146, in deepcopy
    y = copier(x, memo)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\copy.py", line 231, in _deepcopy_dict
    y[deepcopy(key, memo)] = deepcopy(value, memo)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\copy.py", line 146, in deepcopy
    y = copier(x, memo)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\copy.py", line 211, in _deepcopy_tuple
    y = [deepcopy(a, memo) for a in x]
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\copy.py", line 211, in <listcomp>
    y = [deepcopy(a, memo) for a in x]
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\copy.py", line 161, in deepcopy
    rv = reductor(4)
TypeError: cannot pickle 'traceback' object
Call stack:
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\runpy.py", line 196, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\runpy.py", line 86, in _run_code
    exec(code, run_globals)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\Scripts\aws-encryption-cli.exe\__main__.py", line 7, in <module>
    sys.exit(cli())
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk_cli\__init__.py", line 288, in cli
    process_cli_request(stream_args, args)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk_cli\__init__.py", line 225, in process_cli_request
    handler.process_single_file(stream_args=stream_args, source=_source, destination=_destination)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk_cli\internal\io_handling.py", line 370, in process_single_file
    operation_result = self.process_single_operation(
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk_cli\internal\io_handling.py", line 302, in process_single_operation
    return self._single_io_write(
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk_cli\internal\io_handling.py", line 235, in _single_io_write
    with self.client.stream(source=_source, **stream_args) as handler, self.metadata_writer as metadata:
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk\streaming_client.py", line 232, in __exit__
    _LOGGER.exception("Error on closing")
Message: 'Error on closing'
Arguments: ()
2022-09-21 15:19:11,172 - MainThread - aws_encryption_sdk_cli - WARNING - Operation failed: deleting output file: oauth2_pc_backup_2022_09_16_010000_decrypt.bak
2022-09-21 15:19:11,172 - MainThread - aws_encryption_sdk_cli - DEBUG - Encountered unexpected error: increase verbosity to see details.
NotSupportedError("Unsupported version 51", "51 is not a valid SerializationVersion")
2022-09-21 15:19:11,172 - MainThread - aws_encryption_sdk_cli - DEBUG - Traceback (most recent call last):
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk\internal\formatting\deserialize.py", line 97, in _verified_version_from_id
    return SerializationVersion(version_id)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\enum.py", line 385, in __call__
    return cls.__new__(cls, value)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\enum.py", line 710, in __new__
    raise ve_exc
ValueError: 51 is not a valid SerializationVersion
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk_cli\__init__.py", line 288, in cli
    process_cli_request(stream_args, args)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk_cli\__init__.py", line 225, in process_cli_request
    handler.process_single_file(stream_args=stream_args, source=_source, destination=_destination)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk_cli\internal\io_handling.py", line 370, in process_single_file
    operation_result = self.process_single_operation(
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk_cli\internal\io_handling.py", line 302, in process_single_operation
    return self._single_io_write(
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk_cli\internal\io_handling.py", line 240, in _single_io_write
    header=json_ready_header(handler.header),
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk\streaming_client.py", line 218, in header
    self._prep_message()
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk\streaming_client.py", line 792, in _prep_message
    self._header, self.header_auth = self._read_header()
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk\streaming_client.py", line 807, in _read_header
    header, raw_header = deserialize_header(self.source_stream, self.config.max_encrypted_data_keys)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk\internal\formatting\deserialize.py", line 346, in deserialize_header
    version = _verified_version_from_id(version_id)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\aws_encryption_sdk\internal\formatting\deserialize.py", line 99, in _verified_version_from_id
    raise NotSupportedError("Unsupported version {}".format(version_id), error)
aws_encryption_sdk.exceptions.NotSupportedError: ('Unsupported version 51', ValueError('51 is not a valid SerializationVersion'))
2022-09-21 15:19:11,203 - MainThread - aws_encryption_sdk.streaming_client - DEBUG - Closing stream
Encountered unexpected error: increase verbosity to see details.
NotSupportedError("Unsupported version 51", "51 is not a valid SerializationVersion")

We are using aws-encryption-cli --decrypt with the last version for other files and it's working fine.

How can we decrypt the backups done with msdb.dbo.rds_backup_database?

Best regards.

Themen

Datenbank

Relevanter Inhalt

Wie stelle ich eine verschlüsselte Sicherungsdatei oder ein verschlüsseltes Microsoft-Azure-Backup in RDS for SQL Server aus einer lokalen Umgebung wieder her?
AWS OFFICIALAktualisiert vor 2 Jahren
Wie führe ich native Backups einer Amazon RDS DB Instance durch, auf der SQL Server ausgeführt wird?
AWS OFFICIALAktualisiert vor 2 Jahren
Wie führe ich ein Upgrade oder Downgrade der Edition der SQL-Server-Engine in RDS for SQL Server durch?
AWS OFFICIALAktualisiert vor 2 Jahren
Wie stelle ich ein KMS-verschlüsseltes Backup aus einer On-Premises-Umgebung in RDS für SQL Server wieder her?
AWS OFFICIALAktualisiert vor 6 Monaten