Decyrption via scheduled task fails

Dorroh, Brian BrianDorroh at srcp.com
Thu Mar 20 22:22:23 CET 2008


Ok, now I'm getting somewhere. I logged in as the local service account
that was running the batch file. When I ran the bath file manually it
failed.
So I logged back in as my domain account, changed the scheduled job to
run as my domain admin account, and then ran the job. This time it
worked!

So basically the local system account isn't finding the key to decrypt.
I sort of remember something about this. Doesn't the GnuPG installer
dump the keys in the profile of the account that installed it? I
installed GnuPG with my domain admin account, rather than the service
account.

Is there a simple way to fix this? I guess I could copy my user profile
over if nothing else.

-----Original Message-----
From: Neal Dudley [mailto:neal.dudley at utoledo.edu] 
Sent: Thursday, March 20, 2008 3:29 PM
To: Dorroh, Brian; GnuPG Users Mailing List
Subject: Re: Decyrption via scheduled task fails

Whoops, I missed something - order of arguments may matter, as it
apparently is
taking the "--logger-file logfile" as more files to decrypt.

Try:
echo SECRETKEY | gpg --logger-file gpg_logfile.txt --passphrase-fd 0
--decrypt-files c:\mcdown\*.pgp > gpg_output.txt


Dorroh, Brian wrote:
> When I type the command manually, it still doesn't log. The output is
> below.
> I'm executing from the directory that contains the BAT files,
> C:\loadscripts
> 
> C:\LoadScripts>echo SECRETKEY|gpg --passphrase-fd 0 --decrypt-files
> c:\mcdown\*.pgp --logger-file gpg_logfile.txt > gpg_output.txt
> Reading passphrase from file descriptor 0
> 
> You need a passphrase to unlock the secret key for
> user: "System Admin (no comment) <inf.ops at srcp.com>"
> 2048-bit ELG-E key, ID 3211****, created 2008-02-24 (main key ID
> 100B****)
> 
> gpg: encrypted with 2048-bit ELG-E key, ID 3211****, created
2008-02-24
>       "System Admin (no comment) <inf.ops at srcp.com>"
> gpg: Signature made 03/20/08 02:14:53 using DSA key ID 0175****
> gpg: Can't check signature: public key not found
> gpg: --logger-file: unknown suffix
> gpg: gpg_logfile.txt: unknown suffix
> 
> C:\LoadScripts>
> 
> To answer your questions:
> 1) I changed the Start In location for the scheduled task to point to
> the location of the encrypted file. Made no difference.
> 2) Also tried using full paths to the executable, but the job still
> fails.
> 
> -----Original Message-----
> From: Neal Dudley [mailto:neal.dudley at utoledo.edu]
> Sent: Thursday, March 20, 2008 12:57 PM
> To: Dorroh, Brian; GnuPG Users Mailing List
> Subject: Re: Decyrption via scheduled task fails
> 
> I would think we should keep this in the list, such that other people
> with a similar issue can search the list archives and find this
answer.
>  And so others know whether or not it *is* resolved in the end.  Hope
> you don't mind me posting it back to the list.
> 
> If you try your commands directly from the command line, what happens?
> Does it complain about syntax? Does it work and produce a log file?
> 
> Try this:
> 1. Check the working directory of the scheduled task. Make sure it is
> set to the folder where the encrypted files are located.  Perhaps it
is
> working and just writing everything out to the working directory?
> 
> 2. Change the job to use full paths for the executables, and redirect
> the output to a file:
> echo SECRETPASSPHRASE | C:\path-to-WinPT\gpg --passphrase-fd 0
> --decrypt-files C:\path-to-files\*.pgp --logger-file gpg_logfile.txt >
> gpg_output.txt
> 
> Personally, I would leave the --logger-file directive in there even
> after everything is working properly.  That way if there is ever a
> question in the future, you'll at least have the log to verify what
> occurred.  Once it is working, add a line to be beginning of the
script
> to remove the previous day's log file.
> 
> 
> Dorroh, Brian wrote:
>> Sorry to reply directly to you, but I didn't think anyone else would
>> be interested in this part. I tried adding the --logger-file tag to
>> the command, but it doesn't seem to work. This is what my pgp.bat
>> file looks like:
>>
>> "echo SECRETPASSPHRASE|gpg --passphrase-fd 0 --decrypt-files
>> c:\path-to-files\*.pgp --logger-file pgp.txt"
>>
>> We've specified "*.pgp" instead of "filename".pgp because each day a
>> new file is placed in that directory with a different, long name.
>> This was the only way I found to automate the process. But
>> regardless, nothing gets logged.
>>
>>
>> -----Original Message----- From: Neal Dudley
>> [mailto:neal.dudley at utoledo.edu] Sent: Thursday, March 20, 2008 7:55
>> AM To: Dorroh, Brian Subject: Re: Decyrption via scheduled task fails
>>
>>
>> Try adding "--logger-file logfilename" to the command.  This should
>> produce a log file named "logfilename", which should give us some
>> clues as to what is going on here.
>>
>> I would guess that GnuPG is expecting a passphrase for the private
>> key for decryption.  Are you using gpg-agent?  Another thing to check
>> is environment variables, as gpg-agent sets three of them.  (At least
>> in a *nix environment it does.)
>>
>> Can you rerun the job with the --logger-file, and post the log file?
>>
>>
>> bdorroh wrote:
>>>
>>> I'm using v1.4.8 for Windows. I've have a batch file setup to
>>> decrypt
>> a file
>>> and then to move the decrypted file to another location for further
>>>  processing. I can successfully decrypt the file by double-clicking
>>> my
>> batch
>>> file. But when I setup a scheduled task to run it, the decryption
>> fails. I
>>> can confirm that the scheduled task is executing, but I can't
>>> figure
>> out why
>>> the decryption fails as a task. Obviously, I can't see the output.
>>>
>>> I've tried outputting the results to a file, but it only shows the
>> command
>>> executed and not what actually appears on the screen when run
>> manually.
>>> Also, i do have the path to GNU set in the windows path statement.
>>>
>>> Any ideas here? I'm really stuck. -- View this message in context:
>>>
>>
>
http://www.nabble.com/Decyrption-via-scheduled-task-fails-tp16144724p161
>>  44724.html
>>> Sent from the GnuPG - User mailing list archive at Nabble.com.
>>>
>>>
>>> _______________________________________________ Gnupg-users mailing
>>> list Gnupg-users at gnupg.org
>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>>
>>
>> This message (including any attachments) may contain confidential or
>> otherwise privileged information and is intended only for the
>> individual(s) to which it is addressed. If you are not the named
>> addressee you should not disseminate, distribute or copy this e-mail.
>>  Please notify the sender immediately by e-mail if you have received
>> this e-mail by mistake and delete this e-mail from your system.
>> E-mail transmission cannot be guaranteed to be secured or error-free
>> as information could be intercepted, corrupted, lost, destroyed,
>> arrive late or incomplete, or contain viruses. The sender therefore
>> does not accept liability for any errors or omissions in the contents
>> of this message or that arise as a result of e-mail transmission.  If
>>  verification is required please request a hard-copy version from the
>> sender.
>>
>> SOURCECORP, Incorporated www.srcp.com
>>
> 



More information about the Gnupg-users mailing list