[Gpg4win-users-en] GPG Encryption Fails When Called From Oracle Enterprise Manager
Kent Hurtig
kent_hurtig at friends.edu
Thu Jul 9 22:49:56 CEST 2015
Hi Andre,
I created a C:\gnupg directory and copied my pubring.gpg and gpg.conf files into it. I added the homedir parameter to my encryption command, My encryption command is:
gpg -vv --debug-all --batch --homedir C:\gnupg --default-recipient 21CBF00F --encrypt E:\Test\ECSI_Perkins_Loan_Test\TESTbldpromIG.csv
Here is the output from the encryption task:
Microsoft Windows [Version 6.2.9200]
(c) 2012 Microsoft Corporation. All rights reserved.
C:\OracleHomes\agent11g\agent11g\sysman\emd>e:
E:\>cd Test\ECSI_Perkins_Loan_Test\Scripts
E:\Test\ECSI_Perkins_Loan_Test\Scripts>encrypt_rename_upload_backup_perkins_loan_award_file.bat
E:\Test\ECSI_Perkins_Loan_Test\Scripts>set ERR=0
E:\Test\ECSI_Perkins_Loan_Test\Scripts>rem *****************************************************************************************
E:\Test\ECSI_Perkins_Loan_Test\Scripts>rem ** Call GnuPG to encrypt the perkins loan award file.
E:\Test\ECSI_Perkins_Loan_Test\Scripts>rem ** Set default recipient with recipient key
E:\Test\ECSI_Perkins_Loan_Test\Scripts>rem ** (so there is no interactive question asking if I want to use key) and encrypt file.
E:\Test\ECSI_Perkins_Loan_Test\Scripts>rem ** When going live change filename to bldpromIG*.csv & remove -v & --debug-all.
E:\Test\ECSI_Perkins_Loan_Test\Scripts>rem *****************************************************************************************
E:\Test\ECSI_Perkins_Loan_Test\Scripts>rem The original encryption command on Media:
E:\Test\ECSI_Perkins_Loan_Test\Scripts>rem gpg -v --debug-all --batch --default-recipient 21CBF00F --encrypt E:\sftproot\perkins_loan\TESTbldpromIG.csv
E:\Test\ECSI_Perkins_Loan_Test\Scripts>rem The encryption command I ran from the command prompt on ict-transfer:
E:\Test\ECSI_Perkins_Loan_Test\Scripts>rem E:\Program Files\GnuPG>gpg --default-recipient 21CBF00F --encrypt E:\Test\ECSI_Perkins_Loan_Test\TESTbldpromIG.csv
E:\Test\ECSI_Perkins_Loan_Test\Scripts>rem The updated encryption command for ict-transfer:
E:\Test\ECSI_Perkins_Loan_Test\Scripts>gpg -vv --debug-all --batch --homedir C:\gnupg --default-recipient 21CBF00F --encrypt E:\Test\ECSI_Perkins_Loan_Test\TESTbldpromIG.csv
gpg: NOTE: no default option file `C://gnupg/gpg.conf'
gpg: enabled debug flags: packet mpi cipher filter iobuf memory cache memstat trust hashing extprog cardio assuan
gpg: DBG: fd_cache_open (C://gnupg/pubring.gpg) not cached
gpg: DBG: iobuf-1.0: open `C://gnupg/pubring.gpg' fd=268
gpg: DBG: iobuf-1.0: underflow: req=8192
gpg: DBG: iobuf-1.0: underflow: got=1291 rc=0
gpg: DBG: parse_packet(iob=1): type=6 length=269 (search.../../gnupg2-2.0.27/g10/keyring.c.1038)
gpg: DBG: free_packet() type=6
gpg: DBG: parse_packet(iob=1): type=6 length=141 (search.../../gnupg2-2.0.27/g10/keyring.c.1038)
gpg: DBG: free_packet() type=6
gpg: DBG: fd_cache_open (C://gnupg/pubring.gpg) not cached
gpg: DBG: iobuf-2.0: open `C://gnupg/pubring.gpg' fd=280
gpg: DBG: iobuf-2.0: underflow: req=8192
gpg: DBG: iobuf-2.0: underflow: got=642 rc=0
gpg: DBG: parse_packet(iob=2): type=6 length=141 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: parse_packet(iob=2): type=13 length=49 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: parse_packet(iob=2): type=2 length=149 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: parse_packet(iob=2): type=12 length=2 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: free_packet() type=12
gpg: DBG: parse_packet(iob=2): type=2 length=284 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: parse_packet(iob=2): type=12 length=2 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: free_packet() type=12
gpg: DBG: iobuf-2.0: underflow: req=8192
gpg: DBG: iobuf-2.0: underflow: got=0 rc=-1
gpg: DBG: C://gnupg/pubring.gpg: close handle 00000118
gpg: DBG: fd_cache_close (C://gnupg/pubring.gpg) new slot created
gpg: DBG: iobuf-2.0: underflow: eof
gpg: DBG: iobuf-2.0: close `?'
gpg: Note: signatures using the MD5 algorithm are rejected
gpg: DBG: fd_cache_open (C://gnupg/pubring.gpg) using cached fp
gpg: DBG: iobuf-3.0: open `C://gnupg/pubring.gpg' fd=280
gpg: DBG: iobuf-3.0: underflow: req=8192
gpg: DBG: iobuf-3.0: underflow: got=1291 rc=0
gpg: DBG: parse_packet(iob=3): type=6 length=269 (search.../../gnupg2-2.0.27/g10/keyring.c.1038)
gpg: DBG: free_packet() type=6
gpg: DBG: fd_cache_open (C://gnupg/pubring.gpg) not cached
gpg: DBG: iobuf-4.0: open `C://gnupg/pubring.gpg' fd=284
gpg: DBG: iobuf-4.0: underflow: req=8192
gpg: DBG: iobuf-4.0: underflow: got=1291 rc=0
gpg: DBG: parse_packet(iob=4): type=6 length=269 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: parse_packet(iob=4): type=13 length=55 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: parse_packet(iob=4): type=2 length=313 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: parse_packet(iob=4): type=12 length=2 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: free_packet() type=12
gpg: DBG: parse_packet(iob=4): type=6 length=141 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: free_packet() type=6
gpg: DBG: iobuf-4.0: close `file_filter(fd)'
gpg: DBG: C://gnupg/pubring.gpg: close handle 0000011C
gpg: DBG: fd_cache_close (C://gnupg/pubring.gpg) used existing slot
gpg: DBG: iobuf-3.0: close `file_filter(fd)'
gpg: DBG: C://gnupg/pubring.gpg: close handle 00000118
gpg: DBG: fd_cache_close (C://gnupg/pubring.gpg) new slot created
gpg: DBG: free_packet() type=6
gpg: DBG: free_packet() type=13
gpg: DBG: free_packet() type=2
gpg: using PGP trust model
gpg: DBG: finish_lookup: checking key 21CBF00F (all)(req_usage=2)
gpg: DBG: no suitable subkeys found - trying primary
gpg: DBG: primary key not valid
gpg: DBG: no suitable key found - giving up
gpg: DBG: free_packet() type=6
gpg: DBG: free_packet() type=13
gpg: DBG: free_packet() type=2
gpg: DBG: free_packet() type=2
gpg: DBG: iobuf-1.0: underflow: req=8192
gpg: DBG: iobuf-1.0: underflow: got=0 rc=-1
gpg: DBG: C://gnupg/pubring.gpg: close handle 0000010C
gpg: DBG: fd_cache_close (C://gnupg/pubring.gpg) new slot created
gpg: DBG: iobuf-1.0: underflow: eof
gpg: DBG: iobuf-1.0: close `?'
gpg: unknown default recipient "21CBF00F"
gpg: E:\\Test\\ECSI_Perkins_Loan_Test\\TESTbldpromIG.csv: encryption failed: Unusable public key
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 0/32768 bytes in 0 blocks
E:\Test\ECSI_Perkins_Loan_Test\Scripts>rem *****************************************************************************************
E:\Test\ECSI_Perkins_Loan_Test\Scripts>rem ** Rename filename to include current date per ECSI's filenaming convention.
E:\Test\ECSI_Perkins_Loan_Test\Scripts>rem *****************************************************************************************
E:\Test\ECSI_Perkins_Loan_Test\Scripts>REN E:\Test\ECSI_Perkins_Loan_Test\TESTbldpromIG.csv.gpg TESTbldpromIG.20150709.csv.gpg
The system cannot find the file specified.
E:\Test\ECSI_Perkins_Loan_Test\Scripts>rem *****************************************************************************************
E:\Test\ECSI_Perkins_Loan_Test\Scripts>rem ** Call WinSCP to upload the encrypted file to ECSI's server.
E:\Test\ECSI_Perkins_Loan_Test\Scripts>rem *****************************************************************************************
E:\Test\ECSI_Perkins_Loan_Test\Scripts>cd E:\Program Files\WinSCP
E:\Program Files\WinSCP>winscp /script=E:\Test\ECSI_Perkins_Loan_Test\Scripts\upload_perkins_loan_award_file_script.txt /log="E:\Test\ECSI_Perkins_Loan_Test\Logs\WinSCP_encryptaward.log"
batch on
reconnecttime 120
confirm off
Searching for host...
Connecting to host...
Authenticating...
Using username "acig".
Authenticating with pre-entered password.
Authenticated.
Starting the session...
Session started.
Active session: [1] acig at ftp.ecsi.net
transfer binary
No file matching 'TESTbldpromIG*.csv.gpg' found.
Session 'acig at ftp.ecsi.net' closed.
No session.
E:\Program Files\WinSCP>rem pause
E:\Program Files\WinSCP>rem *****************************************************************************************
E:\Program Files\WinSCP>rem ** Move award file to Backup folder.
E:\Program Files\WinSCP>rem *****************************************************************************************
E:\Program Files\WinSCP>move E:\Test\ECSI_Perkins_Loan_Test\TESTbldpromIG*.csv.gpg E:\Test\ECSI_Perkins_Loan_Test\BAK
A duplicate file name exists, or the file
cannot be found.
E:\Program Files\WinSCP>rem pause
E:\Program Files\WinSCP>exit /b
E:\Program Files\WinSCP>
Any ideas? It looks like the encryption command still does not recognize the public key or the key is unuseable.
Best regards,
Kent Hurtig
Programmer/Analyst
Friend's University
316-295-5048
kent_hurtig at friends.edu
-----Original Message-----
From: Andre Heinecke [mailto:aheinecke at intevation.de]
Sent: Tuesday, July 07, 2015 11:11 AM
To: gpg4win-users-en at wald.intevation.org
Cc: Kent Hurtig; Roger Scales
Subject: Re: [Gpg4win-users-en] GPG Encryption Fails When Called From Oracle Enterprise Manager
Hi,
On Tuesday, July 07, 2015 03:52:51 PM Kent Hurtig wrote:
> I have created a batch job that encrypts a file using GnuPG software.
> When I run the batch file from the server where the file resides, it
> runs successfully and encrypts the file. When I run the batch job
> through Oracle Enterprise Manager(the software that we schedule our
> batch jobs through), the task which encrypts the file using gpg
> encounters several issues. I have attached the output from this task.
Not serveral issues, Just one:
gpg: E:\\Test\\ECSI_Perkins_Loan_Test\\TESTbldpromIG.csv: encryption failed:
No public key
> I should mention that
> I previously had the same issue on our old "Media" windows server
> 2003. To correct the issue, I changed the gpg command to be more
> verbose and saw that the process was being ran as the default user and not as user
> aunt_bee. I copied the gpg.conf, pubring.gpg, secring.gpg, trustdb.gpg
> and trust.gpg.lock from C:\Documents and Settings\aunt_bee\Application
> Data\gunpg to C:\Documents and Settings\Default User\Application
> Data\gnupg on Media, reran the Oracle Enterprise Manager job and it
> finished successfully.
For encryption gnupg needs to find the public key of the recipient. This key is contained in pubring.gpg.
GnuPG looks for this file by default in %APPDATA%\gnupg
This apperantly expands in your environment to:
C:/Windows/system32/config/systemprofile/AppData/Roaming/gnupg
To change this you can add --homedir <path_to_gnupg_homedir> and gnupg will then look in that directory for the keyring.
For example:
-> Create a directory c:\gnupg
-> Copy the pubring.gpg (and gpg.conf if you have options in there) into
-> that
directory.
-> extend your command to include --homedir c:\gnupg in the arguments.
Now as long as that Batch user has read access to c:\gnupg this should work.
Regards,
Andre
--
Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
More information about the Gpg4win-users-en
mailing list