WatchDirectory home page
WatchDirectory Startseite (Deutsche Version)
Site WatchDirectory (Français)
  Welcome, Guest. Please Login or Register
YaBB - Yet another Bulletin Board
   
  HomeHelpSearchLoginRegister  
 
Page Index Toggle Pages: 1
gpg and odd behavior in .bat file (Read 8248 times)
m.feldspar
YaBB Newbies
*
Offline



Posts: 9
gpg and odd behavior in .bat file
May 22nd, 2014 at 8:08pm
 
I need to watch a directory and decrypt any arriving files using Gnu gpg. I want to use the "Automatically run .bat files" plugin to accomplish that.

The gpg decryption requires a passphrase. When running from a command line the user is prompted for it. That obviously won't do in an unattended environment. A suggested solution for doing this unattended is to ECHO the passphrase to the gpg command like so:

     echo My Passphrase|gpg2.exe --batch --passphrase-fd 0 -o "C:\temp\ssp3.txt" --decrypt  \\prodfs01\IMAGES01\TUSTAN\Lookup_Table\download\Customer.dat.pgp"

As a test I've run that from the command line and it works as expected. When I place the command in my bat file like so:

     echo My Passphrase|gpg2.exe --batch --passphrase-fd 0 -o "%TARGETFILE%" --decrypt "%WD_FILE%"

The command fails with message "gpg: decryption failed: No secret key"

When I examine the log the command is shown like this:

     echo My Passphrase  | gpg2 --batch --passphrase-fd 0 -o "C:\temp\ssp3.txt" --decrypt "\\prodfs01\IMAGES01\TUSTAN\Lookup_Table\download\Customer.dat.pgp"
     
Notice the added space between the passphrase and the pipe. I suspect that is the cause of the failure.      Is that space placed there as part of the windows .bat processor or might watchdirectory be doing that, maybe when doing the substitution of values for variables?

Any help, including alternate methods for doing decryption, would be greatly appreciated.
Back to top
 
 
IP Logged
 
Gert
YaBB Administrator
*****
Offline



Posts: 2233
The Netherlands
Re: gpg and odd behavior in .bat file
Reply #1 - May 23rd, 2014 at 12:58pm
 
Hi,

WD does not alter your script in any way, it only sets environment variables you can use (%WD_....%").

There are 2 things I can think of that may cause the problem....

1. multiple gpg2.exe programs on your system
I see you do not use the full path to gpg2.exe, so maybe you are running a different exe than you think you are. Change it to something like
echo My Passphrase|"C:\Bin\gpg\gpg2.exe" .....

2. "Strange" characters
I assume "My Passphrase" is not the real passphrase. If your real passphrase contains characters other than a-z they may need to be escaped (with a ^) to work as expected.
Back to top
 

Gert Rijs - gert (at) gdpsoftware (dot) com
Blog: http://blog-en.gdpsoftware.com/
End Alzheimer's: http://www.alz.org&&...
WWW WWW GdPSoftware  
IP Logged
 
m.feldspar
YaBB Newbies
*
Offline



Posts: 9
Re: gpg and odd behavior in .bat file
Reply #2 - May 28th, 2014 at 3:29pm
 
1. no multiple gpg2.exe
2. no special characters in passphrase

to simplify testing of this i created a .bat file testde.bat with two statements and the file names hardcoded:

CD C:\Program Files (x86)\GNU\GnuPG\
echo MY PASSPHRASE|gpg2.exe --batch --passphrase-fd 0 -o "c:\temp\ss7.txt" --decrypt "\\prodfs01\IMAGES01\TUSTAN\Lookup_Table\download\customer.dat.pgp" 


I ran that from windows explorer and it worked. ss7.txt was written to c:\temp.

I then changed my WD task to execute this testde.bat file, still with the hardcoded file names. I started the task and it did not work. Below is the log for that execution. Not that there is now a space between MY PASSPHRASE and the pipe.

C:\Windows\system32>GOTO :StartOfBat
C:\Windows\system32>"C:\Program Files (x86)\watchDirectory\wdAnnotate.exe" info "Starting C:\ProgramData\watchDirectory\Scripts\TUSTAN\testde.bat for event"

C:\Windows\system32>Call "C:\ProgramData\watchDirectory\Scripts\TUSTAN\testde.bat" FILENEW
C:\Windows\system32>CD C:\Program Files (x86)\GNU\GnuPG\
C:\Program Files (x86)\GNU\GnuPG>
echo MY PASSPHRASE  | gpg2.exe
--batch --passphrase-fd 0 -o "c:\temp\ss7.txt" --decrypt "\\prodfs01\IMAGES01\TUSTAN\Lookup_Table\download\customer.dat.pgp"   
gpg: encrypted with RSA key, ID 7F6098EE
gpg: decryption failed: No secret key
C:\Program Files (x86)\GNU\GnuPG>"C:\Program Files (x86)\watchDirectory\wdAnnotate.exe" info "Done"


It appears that somewhere along the way the bat file is being changed or interpreted in a slightly different way.
Back to top
 
 
IP Logged
 
Gert
YaBB Administrator
*****
Offline



Posts: 2233
The Netherlands
Re: gpg and odd behavior in .bat file
Reply #3 - May 29th, 2014 at 6:57am
 
Well, it is not WD who alters the script....

Perhaps we are being misled by the extra spaces and the problem is somewhere else.

Are you running this task as a Windows Service (see "how to run")? Can you set it to "run manually" and try again?

When you run as a Service, the script is started by the user "Local System". When you run "manually" the script is started by the logged in user (you).

If it now suddenly works and you need to run it as a service, see http://blog-en.gdpsoftware.com/2010/04/watchdirectory-tasks-as-windows-service.h... how you can let the service use another user-account.
Back to top
 

Gert Rijs - gert (at) gdpsoftware (dot) com
Blog: http://blog-en.gdpsoftware.com/
End Alzheimer's: http://www.alz.org&&...
WWW WWW GdPSoftware  
IP Logged
 
m.feldspar
YaBB Newbies
*
Offline



Posts: 9
Re: gpg and odd behavior in .bat file
Reply #4 - Jun 10th, 2014 at 5:10pm
 
Yes! it was an issue with the user under which the service ran. Odd symptoms though.

Thanks for your help.
Back to top
 
 
IP Logged
 
Page Index Toggle Pages: 1