Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Scripting

Reply
 
Thread Tools Rate Thread Display Modes
  #1  
Old 05-15-2020, 01:09 PM
ben.moore ben.moore is offline
Registered User
 
Join Date: May 2020
Posts: 3
Post PGP - question and suggestion

I'm currently evaluating SecureFX 8.7.2 to see if it meets my needs and I have a question regarding the PGP feature.

When 'Use PGP for all transfers' is activated, can you symmetrically encrypt files, i.e. using a password (not a public key)?

I tried using the "--passphrase 1234" switch in the 'Pre-upload command' field but it didn't work. I also tried suppressing the interactive PIN prompt by using the "--pinentry-mode loopback" switches but that didn't work either.

The method of encrypting files with a public key does work so I know there's not a problem with my GPG installation.

Quote:
gpg.exe --recipient "Name of Recipient's Certificate" --output "%OUTPUT_PATH" --encrypt "%INPUT_PATH"

In terms of feedback it'd be good if you could include in your documentation that GPG needs to be installed as an administrator (for all users) to work with SecureFX.

Initially it took me an hour to work out why even the public key method wasn't working. After installing GPG for 'All Users' in Windows, it worked.
Reply With Quote
  #2  
Old 05-15-2020, 05:17 PM
berdmann berdmann is offline
VanDyke Technical Support
 
Join Date: Aug 2017
Posts: 352
Hi ben.moore,

Thank you for the feedback and question! When you configure a pre/post-upload gpg command, SecureFX simply calls your GPG/PGP tool using the command that you specify.

If you are able to get the --passphrase and --pinentry-mode options to work successfully on the command line, then I can't see why you wouldn't be able to incorporate those elements into the command line that SecureFX is using to launch the same app.

Does the passphrase that you are trying to add contain any special characters that would then need to be escaped (as per the GPG/PGP command line documentation)?
__________________
Thanks,
--Brittney

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #3  
Old 05-18-2020, 07:29 AM
ben.moore ben.moore is offline
Registered User
 
Join Date: May 2020
Posts: 3
Quote:
Originally Posted by berdmann View Post
Does the passphrase that you are trying to add contain any special characters that would then need to be escaped (as per the GPG/PGP command line documentation)?
Thanks for the reply.

No the passphrase is standard alphanumeric - I've tried with/without special symbols, numbers only and letters only.

Could you perhaps try the following switch?

Code:
gpg --output test.gpg --symmetric test.txt
or
Code:
gpg -o test.gpg -c test.txt
When using SecureFX you would type:

Code:
gpg --output "%OUTPUT_PATH" --symmetric "%INPUT_PATH"
Reply With Quote
  #4  
Old 05-19-2020, 09:52 AM
berdmann berdmann is offline
VanDyke Technical Support
 
Join Date: Aug 2017
Posts: 352
Here's what works for me:

Pre-upload command for symmetric encryption:
With GPG debug logging (per file):
Code:
gpg.exe --verbose --log-file "%OUTPUT_PATH__LOG".txt --batch --yes --pinentry-mode loopback --passphrase p4$$phr$s3 --output "%OUTPUT_PATH" --symmetric "%INPUT_PATH"
No GPG debug logging:
Code:
gpg.exe --batch --yes --pinentry-mode loopback --passphrase p4$$phr$s3 --output "%OUTPUT_PATH" --symmetric "%INPUT_PATH"
Post-download command for symmetric decryption:
With GPG debug logging (per file):
Code:
gpg --verbose --log-file "%OUTPUT_PATH__LOG".txt --batch --yes --pinentry-mode loopback --passphrase p4$$phr$s3 --output "%OUTPUT_PATH" -d "%INPUT_PATH"
No GPG debug logging:
Code:
gpg --batch --yes --pinentry-mode loopback --passphrase p4$$phr$s3 --output "%OUTPUT_PATH" -d "%INPUT_PATH"

Notes:
  • The --batch ensures that the GPG process won't hang waiting for input should something go "wrong"
  • The --yes answers "Yes" to any questions requiring using input
  • The --pinentry-mode seems to prevent PGP from popping-up a dialog to prompt for the encryption/decryption password
  • The --passphrase specifies the symmetric key/password/passphrase to use for encrypting/decrypting the file.
  • The --output determines the name of the file resulting from the PGP/GPG operation.
  • In the case of the Post-download command, I think the -d is optional (because apparently decrypting is the default action); the "%INPUT_PATH" is not optional, however.
NOTE: Since GPG isn't our product, we cannot guarantee that this will work for every PGP/GPG application.
__________________
Thanks,
--Brittney

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730

Last edited by jdev; 05-19-2020 at 11:33 AM.
Reply With Quote
  #5  
Old 05-19-2020, 02:57 PM
ben.moore ben.moore is offline
Registered User
 
Join Date: May 2020
Posts: 3
Smile

Quote:
Originally Posted by berdmann View Post
Here's what works for me:
[/LIST]NOTE: Since GPG isn't our product, we cannot guarantee that this will work for every PGP/GPG application.
Perfect!

Your solution worked for me - I'm using gpg (GnuPG) 2.2.19.

The arcane syntax of GPG made it difficult to work out where I was going wrong.

I've saved the strings you've given, they work excellently.

Thank you
Reply With Quote
  #6  
Old 05-19-2020, 03:46 PM
berdmann berdmann is offline
VanDyke Technical Support
 
Join Date: Aug 2017
Posts: 352
Hi ben.moore,

I am glad to hear that the commands worked for you with GnuPG 2.2.19! Thanks for letting us know!
__________________
Thanks,
--Brittney

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 06:29 AM.