[Gpg4win-users-en] GPG Encryption Fails When Called From Oracle Enterprise Manager

Kent Hurtig kent_hurtig at friends.edu
Fri Jul 24 16:35:03 CEST 2015


Hi Andre,

I use --default-recipient so that GnuPG does not prompt me for a user-id.  I tried your suggestion using a homedir and my original encryption command:

gpg -vv --debug-all --batch --trust-model always --homedir C:\gnupg --default-

recipient 21CBF00F --encrypt E:\Test\ECSI_Perkins_Loan_Test\TESTbldpromIG.csv

Here is the output from the encryption task ran from Oracle Enterprise Manager (our job scheduler that we call Grid):

gpg: NOTE: no default option file `C://gnupg/gpg.conf'
gpg: enabled debug flags: packet mpi cipher filter iobuf memory cache memstat trust hashing extprog cardio 

assuan
gpg: DBG: fd_cache_open (C://gnupg/pubring.gpg) not cached
gpg: DBG: iobuf-1.0: open `C://gnupg/pubring.gpg' fd=268
gpg: DBG: iobuf-1.0: underflow: req=8192
gpg: DBG: iobuf-1.0: underflow: got=1291 rc=0
gpg: DBG: parse_packet(iob=1): type=6 length=269 (search.../../gnupg2-2.0.27/g10/keyring.c.1038)
gpg: DBG: free_packet() type=6
gpg: DBG: parse_packet(iob=1): type=6 length=141 (search.../../gnupg2-2.0.27/g10/keyring.c.1038)
gpg: DBG: free_packet() type=6
gpg: DBG: fd_cache_open (C://gnupg/pubring.gpg) not cached
gpg: DBG: iobuf-2.0: open `C://gnupg/pubring.gpg' fd=280
gpg: DBG: iobuf-2.0: underflow: req=8192
gpg: DBG: iobuf-2.0: underflow: got=642 rc=0
gpg: DBG: parse_packet(iob=2): type=6 length=141 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: parse_packet(iob=2): type=13 length=49 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: parse_packet(iob=2): type=2 length=149 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: parse_packet(iob=2): type=12 length=2 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: free_packet() type=12
gpg: DBG: parse_packet(iob=2): type=2 length=284 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: parse_packet(iob=2): type=12 length=2 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: free_packet() type=12
gpg: DBG: iobuf-2.0: underflow: req=8192
gpg: DBG: iobuf-2.0: underflow: got=0 rc=-1
gpg: DBG: C://gnupg/pubring.gpg: close handle 00000118
gpg: DBG: fd_cache_close (C://gnupg/pubring.gpg) new slot created
gpg: DBG: iobuf-2.0: underflow: eof
gpg: DBG: iobuf-2.0: close `?'
gpg: Note: signatures using the MD5 algorithm are rejected
gpg: DBG: fd_cache_open (C://gnupg/pubring.gpg) using cached fp
gpg: DBG: iobuf-3.0: open `C://gnupg/pubring.gpg' fd=280
gpg: DBG: iobuf-3.0: underflow: req=8192
gpg: DBG: iobuf-3.0: underflow: got=1291 rc=0
gpg: DBG: parse_packet(iob=3): type=6 length=269 (search.../../gnupg2-2.0.27/g10/keyring.c.1038)
gpg: DBG: free_packet() type=6
gpg: DBG: fd_cache_open (C://gnupg/pubring.gpg) not cached
gpg: DBG: iobuf-4.0: open `C://gnupg/pubring.gpg' fd=284
gpg: DBG: iobuf-4.0: underflow: req=8192
gpg: DBG: iobuf-4.0: underflow: got=1291 rc=0
gpg: DBG: parse_packet(iob=4): type=6 length=269 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: parse_packet(iob=4): type=13 length=55 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: parse_packet(iob=4): type=2 length=313 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: parse_packet(iob=4): type=12 length=2 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: free_packet() type=12
gpg: DBG: parse_packet(iob=4): type=6 length=141 (parse.../../gnupg2-2.0.27/g10/keyring.c.402)
gpg: DBG: free_packet() type=6
gpg: DBG: iobuf-4.0: close `file_filter(fd)'
gpg: DBG: C://gnupg/pubring.gpg: close handle 0000011C
gpg: DBG: fd_cache_close (C://gnupg/pubring.gpg) used existing slot
gpg: DBG: iobuf-3.0: close `file_filter(fd)'
gpg: DBG: C://gnupg/pubring.gpg: close handle 00000118
gpg: DBG: fd_cache_close (C://gnupg/pubring.gpg) new slot created
gpg: DBG: free_packet() type=6
gpg: DBG: free_packet() type=13
gpg: DBG: free_packet() type=2
gpg: DBG: finish_lookup: checking key 21CBF00F (all)(req_usage=2)
gpg: DBG: 	no suitable subkeys found - trying primary
gpg: DBG: 	primary key not valid
gpg: DBG: 	no suitable key found -  giving up
gpg: DBG: free_packet() type=6
gpg: DBG: free_packet() type=13
gpg: DBG: free_packet() type=2
gpg: DBG: free_packet() type=2
gpg: DBG: iobuf-1.0: underflow: req=8192
gpg: DBG: iobuf-1.0: underflow: got=0 rc=-1
gpg: DBG: C://gnupg/pubring.gpg: close handle 0000010C
gpg: DBG: fd_cache_close (C://gnupg/pubring.gpg) new slot created
gpg: DBG: iobuf-1.0: underflow: eof
gpg: DBG: iobuf-1.0: close `?'
gpg: unknown default recipient "21CBF00F"
gpg: E:\\Test\\ECSI_Perkins_Loan_Test\\TESTbldpromIG.csv: encryption failed: Unusable public key
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 0/32768 bytes in 0 blocks

I thought that maybe it was an issue with my environment variables not set correctly.  I compared the environment variables on our old windows 2003 Media server  logged in as aunt_bee (admin user for the encryption job) against the environment variables on our new windows 2012 ict-transfer server logged in as fr_ecsi (admin user for the encryption job).  There was a user variable KLEOPATRA_LOGDIR that was defined on the Media server and not on the ict-transfer server.  I added the user variable under fr_ecsi on ict-transfer.  After verifying that the environment variable was saved, I reran the Grid job.  It produced the same output on the encryption task.  Here is the abbreviated output:

gpg: DBG: finish_lookup: checking key 21CBF00F (all)(req_usage=2)
gpg: DBG: 	no suitable subkeys found - trying primary
gpg: DBG: 	primary key not valid
gpg: DBG: 	no suitable key found -  giving up
gpg: DBG: free_packet() type=6
gpg: DBG: free_packet() type=13
gpg: DBG: free_packet() type=2
gpg: DBG: free_packet() type=2
gpg: DBG: iobuf-1.0: underflow: req=8192
gpg: DBG: iobuf-1.0: underflow: got=0 rc=-1
gpg: DBG: C://gnupg/pubring.gpg: close handle 00000114
gpg: DBG: fd_cache_close (C://gnupg/pubring.gpg) new slot created
gpg: DBG: iobuf-1.0: underflow: eof
gpg: DBG: iobuf-1.0: close `?'
gpg: unknown default recipient "21CBF00F"
gpg: E:\\Test\\ECSI_Perkins_Loan_Test\\TESTbldpromIG.csv: encryption failed: Unusable public key
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 0/32768 bytes in 0 blocks

I added the pubring.gpg file under C:\Windows\system32\config\systemprofile\AppData\Roaming on ict-transfer and reran the Grid job.  The encryption task created the same output as above with encryption failed: Unusable public key.  I searched the internet for unusable public key.  The searches suggested setting the trust level of the public key to 4 which is trust fully.  I ran the following command to view the public keys:

C:\gnupg>gpg --list-public-keys
C:/Users/fr_ecsi/AppData/Roaming/gnupg/pubring.gpg
--------------------------------------------------
pub   2048R/8E811817 2014-10-23
uid       [ultimate] Kent Hurtig <1st Certificate> <kent_hurtig at friends.edu>

gpg: Note: signatures using the MD5 algorithm are rejected
pub   1024R/21CBF00F 2002-12-05
uid       [  full  ] Educational Computer Systems Inc <admin at ecsi.net>

The key I am trying to encrypt with (21CBF00F) is already set to full trust and I was using the option --trust-model always.  I logged onto the windows 2012 ict-transfer server, opened a command prompt and entered the following commands with responses:

E:\Program Files\GnuPG>gpg -vv --debug-all --batch --default-recipient 21CBF00F --encrypt E:\Test

\ECSI_Perkins_Loan_Test\TESTbldpromIG.csv

Some of the output:
gpg: DBG: iobuf-1.0: open 'C:/Users/fr_ecsi/AppData/Roaming/gnupg/pubring.gpg' fd=280
gpg: using PGP trust model
gpg: DBG: finish_lookup: checking key 21CBF00F <all><req_usage=2>
gpg: DBG:       no suitable subkeys found - trying primary
gpg: DBG:       primary key may be used
gpg: DBG:       using key 21CBF00F
DBG: rsq_encrypt     => Success
gpg: RSA/3DES encrypted for: "21CBF00F Educational Computer Systems Inc <admin at csi.net>"

It successfully encrypted the file.

I edited the batch file that contains the encryption command and changed the encryption command to:

gpg -vv --debug-all --batch --default-recipient 21CBF00F --encrypt E:\Test\ECSI_Perkins_Loan_Test

\TESTbldpromIG.csv

I launched the batch file and it successfully created an encrypted file.  When I ran my encryption job in Grid, the encryption task displays the following:

E:\Test\ECSI_Perkins_Loan_Test\Scripts>gpg -vv --debug-all --batch --default-recipient 21CBF00F --encrypt 

E:\Test\ECSI_Perkins_Loan_Test\TESTbldpromIG.csv 
gpg: NOTE: no default option file `C:/Windows/system32/config/systemprofile/AppData/Roaming/gnupg/gpg.conf'
gpg: enabled debug flags: packet mpi cipher filter iobuf memory cache memstat trust hashing extprog cardio 

assuan
gpg: DBG: fd_cache_open (C:/Windows/system32/config/systemprofile/AppData/Roaming/gnupg/pubring.gpg) not 

cached
gpg: DBG: iobuf-1.0: open `C:/Windows/system32/config/systemprofile/AppData/Roaming/gnupg/pubring.gpg' 

fd=268
gpg: DBG: iobuf-1.0: underflow: req=8192
gpg: DBG: iobuf-1.0: underflow: got=0 rc=-1
gpg: DBG: C:/Windows/system32/config/systemprofile/AppData/Roaming/gnupg/pubring.gpg: close handle 0000010C
gpg: DBG: fd_cache_close (C:/Windows/system32/config/systemprofile/AppData/Roaming/gnupg/pubring.gpg) new 

slot created
gpg: DBG: iobuf-1.0: underflow: eof
gpg: DBG: iobuf-1.0: close `?'
gpg: unknown default recipient "21CBF00F"
gpg: E:\\Test\\ECSI_Perkins_Loan_Test\\TESTbldpromIG.csv: encryption failed: No public key
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 0/32768 bytes in 0 blocks

I went to ict-transfer and C:\Users\fr_ecsi\AppData\Roaming\gnupg and copied all of the key files to 

C:/Windows/system32/config/systemprofile/AppData/Roaming/gnupg.  I resubmitted the Grid job.  The encryption task displayed:

E:\Test\ECSI_Perkins_Loan_Test\Scripts>gpg -vv --debug-all --batch --default-recipient 21CBF00F --encrypt 

E:\Test\ECSI_Perkins_Loan_Test\TESTbldpromIG.csv 
gpg: NOTE: no default option file `C:/Windows/system32/config/systemprofile/AppData/Roaming/gnupg/gpg.conf'
gpg: enabled debug flags: packet mpi cipher filter iobuf memory cache memstat trust hashing extprog cardio 

assuan
gpg: DBG: fd_cache_open (C:/Windows/system32/config/systemprofile/AppData/Roaming/gnupg/pubring.gpg) not 

cached
gpg: DBG: iobuf-1.0: open `C:/Windows/system32/config/systemprofile/AppData/Roaming/gnupg/pubring.gpg' 

fd=268
gpg: DBG: iobuf-1.0: underflow: req=8192
gpg: DBG: iobuf-1.0: underflow: got=0 rc=-1
gpg: DBG: C:/Windows/system32/config/systemprofile/AppData/Roaming/gnupg/pubring.gpg: close handle 0000010C
gpg: DBG: fd_cache_close (C:/Windows/system32/config/systemprofile/AppData/Roaming/gnupg/pubring.gpg) new 

slot created
gpg: DBG: iobuf-1.0: underflow: eof
gpg: DBG: iobuf-1.0: close `?'
gpg: unknown default recipient "21CBF00F"
gpg: E:\\Test\\ECSI_Perkins_Loan_Test\\TESTbldpromIG.csv: encryption failed: No public key
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 0/32768 bytes in 0 blocks

I edited the encryption command and added the option --trust-model always and reran the Grid job.  Encryption failed: No public key.
I edited the encryption command and added the option --lsign 21CBF00F and reran the Grid job. Encryption failed: No public key.
I added the option --debug-level guru to see if I could view other errors, I used the homedir option to point to the public keys under my fr_ecsi user.  My encryption command:

gpg -vv --debug-level guru --debug-all --batch --trust-model always --homedir C:\Users\fr_ecsi\AppData

\Roaming\gnupg --lsign 21CBF00F --default-recipient 21CBF00F --encrypt E:\Test\ECSI_Perkins_Loan_Test

\TESTbldpromIG.csv

The command did not encrypt the file.  Encryption failed: No public key.  I checked the manual, Using the GNU Privacy Guard under helper tools, how to do certain things and how to solve problems.  Another suggestion was to use the trusted key option.  I changed my encryption command to:

gpg -vv --batch --trusted-key 5BC82D7121CBF00F --default-recipient 21CBF00F --encrypt E:\Test

\ECSI_Perkins_Loan_Test\TESTbldpromIG.csv

The output from the encryption task on the Grid job was:

gpg: unknown default recipient "21CBF00F"
gpg: E:\\Test\\ECSI_Perkins_Loan_Test\\TESTbldpromIG.csv: encryption failed: No public key

The bottom line is I can run the encryption command or the batch job that encrypts the file successfully on the windows 2012 ict-transfer server logged in as fr_ecsi (admin for the encryption job) via remote desktop.  When I try to run the encryption job through Oracle Enterprise Manager which connects to ict-transfer as fr_ecsi, the encryption fails.  I don't know if it is an issue with GnuPG or Oracle Enterprise Manager.  Any ideas or suggestions?  Your thoughts and help have been greatly appreciated. 

Best regards,


Kent Hurtig
Programmer/Analyst
Friend's University
316-295-5048
kent_hurtig at friends.edu 





-----Original Message-----
From: Andre Heinecke [mailto:aheinecke at intevation.de] 
Sent: Tuesday, July 14, 2015 2:49 AM
To: Kent Hurtig
Cc: gpg4win-users-en at wald.intevation.org; Roger Scales
Subject: Re: [Gpg4win-users-en] GPG Encryption Fails When Called From Oracle Enterprise Manager

Hi,

On Monday, July 13, 2015 06:19:22 PM Kent Hurtig wrote:
> Hi Andre,
> 
> I added the --trust-model always option to my encryption command:
> 
> gpg -vv --debug-all --batch --trust-model always --default-recipient 
> 21CBF00F --encrypt E:\Test\ECSI_Perkins_Loan_Test\TESTbldpromIG.csv

Btw why do you use --default-recipient and not --recipient?

> The output (abbreviated) from the task is below:
> 
> E:\Test\ECSI_Perkins_Loan_Test\Scripts>gpg -vv --debug-all --batch 
> --trust-model always --default-recipient
> 
> 21CBF00F --encrypt E:\Test\ECSI_Perkins_Loan_Test\TESTbldpromIG.csv
> gpg: NOTE: no default option file
> `C:/Windows/system32/config/systemprofile/AppData/Roaming/gnupg/gpg.conf'
> gpg: enabled debug flags: packet mpi cipher filter iobuf memory cache 
> memstat trust hashing extprog cardio
> 
> assuan
> gpg: DBG: fd_cache_open
> (C:/Windows/system32/config/systemprofile/AppData/Roaming/gnupg/pubrin
> g.gpg
> ) not
> 
> cached
> gpg: DBG: iobuf-1.0: open
> `C:/Windows/system32/config/systemprofile/AppData/Roaming/gnupg/pubrin
> g.gpg
> '
> 
> fd=268
> gpg: DBG: iobuf-1.0: underflow: req=8192
> gpg: DBG: iobuf-1.0: underflow: got=0 rc=-1
> gpg: DBG:
> C:/Windows/system32/config/systemprofile/AppData/Roaming/gnupg/pubring.gpg:
> close handle 0000010C gpg: DBG: fd_cache_close 
> (C:/Windows/system32/config/systemprofile/AppData/Roaming/gnupg/pubrin
> g.gpg
> ) new
> 
> slot created
> gpg: DBG: iobuf-1.0: underflow: eof
> gpg: DBG: iobuf-1.0: close `?'
> gpg: unknown default recipient "21CBF00F"
> gpg: E:\\Test\\ECSI_Perkins_Loan_Test\\TESTbldpromIG.csv: encryption failed:
> No public key random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
>               outmix=0 getlvl1=0/0 getlvl2=0/0 secmem usage: 0/32768 
> bytes in 0 blocks

Yes, again it looks for the key 21CBF00F in: 
C:/Windows/system32/config/systemprofile/AppData/Roaming/gnupg/pubring.gpg:

where It can't find it (which was your original problem I think).

> I checked and my secret key is located in my secring.gpg which is 
> under my C:\gnupg directory.  I ran the following encryption command:
> 
> gpg -vv --debug-all --batch --homedir C:\gnupg --default-recipient 
> 21CBF00F --lsign 21CBF00F --encrypt 
> E:\Test\ECSI_Perkins_Loan_Test\TESTbldpromIG.csv
> 
> The task did not encrypt the file.

--lsign is a command in its self. lsign marks a key as trusted. It is an alternative to trust-model always. lsign and encrypt are alternative commands so thats why this command does not encrypt.

> Any ideas?  I don't know why I cannot encrypt the file through our job 
> scheduler, but have no problem encrypting it on the actual server via 
> command line.

Use your first command with the correct homedir. 

You might also want to read some documentation for the arguments you are using to better understand what you are doing:

https://www.gnupg.org/documentation/manpage.html


Regards,
Andre


--
Andre Heinecke |  ++49-541-335083-262  |  http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner



More information about the Gpg4win-users-en mailing list