WatchDirectory Forum
watchDirectory forums >> Plugins >> gpg and odd behavior in .bat file

Message started by m.feldspar on May 22nd, 2014 at 8:08pm

Title: gpg and odd behavior in .bat file
Post by m.feldspar on May 22nd, 2014 at 8:08pm
I need to watch a directory and decrypt any arriving files using Gnu gpg. I want to use the "Automatically run .bat files" plugin to accomplish that.

The gpg decryption requires a passphrase. When running from a command line the user is prompted for it. That obviously won't do in an unattended environment. A suggested solution for doing this unattended is to ECHO the passphrase to the gpg command like so:

     echo My Passphrase|gpg2.exe --batch --passphrase-fd 0 -o "C:\temp\ssp3.txt" --decrypt  \\prodfs01\IMAGES01\TUSTAN\Lookup_Table\download\Customer.dat.pgp"

As a test I've run that from the command line and it works as expected. When I place the command in my bat file like so:

     echo My Passphrase|gpg2.exe --batch --passphrase-fd 0 -o "%TARGETFILE%" --decrypt "%WD_FILE%"

The command fails with message "gpg: decryption failed: No secret key"

When I examine the log the command is shown like this:

     echo My Passphrase  | gpg2 --batch --passphrase-fd 0 -o "C:\temp\ssp3.txt" --decrypt "\\prodfs01\IMAGES01\TUSTAN\Lookup_Table\download\Customer.dat.pgp"
Notice the added space between the passphrase and the pipe. I suspect that is the cause of the failure.      Is that space placed there as part of the windows .bat processor or might watchdirectory be doing that, maybe when doing the substitution of values for variables?

Any help, including alternate methods for doing decryption, would be greatly appreciated.

Title: Re: gpg and odd behavior in .bat file
Post by Gert on May 23rd, 2014 at 12:58pm

WD does not alter your script in any way, it only sets environment variables you can use (%WD_....%").

There are 2 things I can think of that may cause the problem....

1. multiple gpg2.exe programs on your system
I see you do not use the full path to gpg2.exe, so maybe you are running a different exe than you think you are. Change it to something like
echo My Passphrase|"C:\Bin\gpg\gpg2.exe" .....

2. "Strange" characters
I assume "My Passphrase" is not the real passphrase. If your real passphrase contains characters other than a-z they may need to be escaped (with a ^) to work as expected.

Title: Re: gpg and odd behavior in .bat file
Post by m.feldspar on May 28th, 2014 at 3:29pm
1. no multiple gpg2.exe
2. no special characters in passphrase

to simplify testing of this i created a .bat file testde.bat with two statements and the file names hardcoded:

CD C:\Program Files (x86)\GNU\GnuPG\
echo MY PASSPHRASE|gpg2.exe --batch --passphrase-fd 0 -o "c:\temp\ss7.txt" --decrypt "\\prodfs01\IMAGES01\TUSTAN\Lookup_Table\download\customer.dat.pgp" 

I ran that from windows explorer and it worked. ss7.txt was written to c:\temp.

I then changed my WD task to execute this testde.bat file, still with the hardcoded file names. I started the task and it did not work. Below is the log for that execution. Not that there is now a space between MY PASSPHRASE and the pipe.

C:\Windows\system32>GOTO :StartOfBat
C:\Windows\system32>"C:\Program Files (x86)\watchDirectory\wdAnnotate.exe" info "Starting C:\ProgramData\watchDirectory\Scripts\TUSTAN\testde.bat for event"

C:\Windows\system32>Call "C:\ProgramData\watchDirectory\Scripts\TUSTAN\testde.bat" FILENEW
C:\Windows\system32>CD C:\Program Files (x86)\GNU\GnuPG\
C:\Program Files (x86)\GNU\GnuPG>echo MY PASSPHRASE  | gpg2.exe --batch --passphrase-fd 0 -o "c:\temp\ss7.txt" --decrypt "\\prodfs01\IMAGES01\TUSTAN\Lookup_Table\download\customer.dat.pgp"   
gpg: encrypted with RSA key, ID 7F6098EE
gpg: decryption failed: No secret key
C:\Program Files (x86)\GNU\GnuPG>"C:\Program Files (x86)\watchDirectory\wdAnnotate.exe" info "Done"

It appears that somewhere along the way the bat file is being changed or interpreted in a slightly different way.

Title: Re: gpg and odd behavior in .bat file
Post by Gert on May 29th, 2014 at 6:57am
Well, it is not WD who alters the script....

Perhaps we are being misled by the extra spaces and the problem is somewhere else.

Are you running this task as a Windows Service (see "how to run")? Can you set it to "run manually" and try again?

When you run as a Service, the script is started by the user "Local System". When you run "manually" the script is started by the logged in user (you).

If it now suddenly works and you need to run it as a service, see how you can let the service use another user-account.

Title: Re: gpg and odd behavior in .bat file
Post by m.feldspar on Jun 10th, 2014 at 5:10pm
Yes! it was an issue with the user under which the service ran. Odd symptoms though.

Thanks for your help.

WatchDirectory Forum » Powered by YaBB 2.5.2!
YaBB Forum Software © 2000-2017. All Rights Reserved.