I am running gpg.exe in a batch file to decrypt files sent by a client. It works well, but occasionally the decryption step will finish and just exit the batch file.
There is more work after the decryption - move files, update log etc. which does not complete.
I have an error trap after the decryption, but it never executes. My code looks like this:
:MoveNewIWOs
MD c:\Data\Holding\A.PDF.gpg%now%
echo Moving new AO.PDFs to S: Source Drive @ %time% (see IWOMOV2ORD.Log) >> c:\Data\OCSE\Logs%LocalLog%
robocopy c:\data\ocse\scratch\IN \svr-fileserver\iwoORD file *.PDF /MOV /MT:50 /R:5 /W:10 /LOG+:c:\Data\Logs\IWOMOV2ORD.Log /TEE
The :MoveNewIWOs routine doesn’t execute and the last entry in the log file is the note “Decrypting IWOs…”. Again, this doesn’t happen every time, only intermittently.
The trap “if errorlevel 1 goto ERRDeCrypt” never executes
New info:
I found that out of 125 encrypted files, the batch file produced 120 decrypted files, so gpg stopped decrypting for some reason.
I expect that is why the batch stopped as well
Can someone tell me why the entire batch file would terminate if gpg had an error? Also, where - if any - does that error get logged?
Thanks, Bernhard. I assume the “-v” is for verbose logging; where is the log written?
Also, I moved the 5 original .gpg files, which did not get decrypted, back into the source directory and the process completed without issue.
Info was logged and files were moved properly
if a second run completes it may be some form of race or timing issue.
I’m not familiar with your scripting environment, so I don’t know where stdout and stderr of your process is written to. It is probably a good idea to log it somewhere.
Hi Bernhard,
I apologize for my ignorance on some of this, I know little about Unix/Linux and encryption. Been learning on the fly with this project.
My scripting environment is a batch file running on Windows 2012 R2. Nothing special
The second run has completed each time I have had to re-launch it.
I have been reading about stdout/stderr and can’t get my brain around how to work with it. This runs unattended, so I tried a redirect for the screen output:
c:\Data\Logs\DecryptIncoming.log
The result was a blank, zero-byte file.
I’m not sure how to log what gpg.exe is doing, and after more than hour of searching the Internet and reading articles/documents, I am no closer.
Over the weekend, the batch was launched and decrypted two of 88 files presented by our client, then the batch file just quit - no more logging or processing.
Per your instructions, I added -v to the command line and am going to re-trigger the weekend’s data.
The file c:\Data\Logs\DecryptIncoming.log is zero bytes and blank. GPG completed decrypting sixty of the 140 encrypted files in the directory. The error trap - if errorlevel 1 goto ERRDeCrypt - did not execute.
Hi Bernhard,
I used the double “greater-than” to redirect the screen output to a file. I’ve used it with other applications, but this is the first time I’ve seen an app not actually write to the file.
Here’s the redirection I used:
c:\Data\Logs\DecryptIncoming.log
In my past experience, the “>” character will redirect screen output to the specified file name overwriting an existing file, while “>>” will append to the file.
The KB you referenced is new knowledge for me. I have never used literally “2>” as opposed to “>>” so i’ll give that a shot and let you know the results.
I will try “2>&1” to send output and errors to the same file.
thanks for the reference and I am grateful for your time and effort to help me out with this!
So, I believe i have identified the issue and corrected it.
Problem of the batch file terminating execution while decryption Is running was not fault of gpg.exe.
I am using DirectoryMonitor (which is a VERY useful tool) to watch the directory where my client uploads the encrypted files and then invoke my batch file to process them.
The “Monitor” I configured for the source directory has a default timeout of 20 seconds which I overlooked disabling. So, DirectoryMonitor was terminating the entire process after 20 seconds; decryption, batch file and all.
I disabled the timeout setting then re-triggered the batch file processing and got through 183 encrypted files without issue.
That said, the screen output of gpg.exe still does not go anywhere, but I can live with that at this point.
I will update this thread if I am proven wrong about my diagnosis and solution - we get these files daily.
a) The options like -v have to be close to gpg, before the first file arguments.
b) If you want to redirect stderr in the same file as stdout by using ‘2>&1’ you will also have to redirect stdout before.
c) If the passphrase is in the script and in the process parameters, it may be the more transparent solution to just use a key without passphrase.
So my expectation would have been a command line like
gpg --batch -v --decrypt-files c:\data\scratch\IN*.gpg >c:\Data\Logs\DecryptIncoming.log 2>&1
(after you have changed the passphrase to be empty on the key you are using.)