gpg.exe quits causing batch file to exit

I am running gpg.exe in a batch file to decrypt files sent by a client. It works well, but occasionally the decryption step will finish and just exit the batch file.
There is more work after the decryption - move files, update log etc. which does not complete.
I have an error trap after the decryption, but it never executes. My code looks like this:

echo Decrypting IWOs @ %time% >> c:\Data\OCSE\Logs\%LocalLog%
echo: >> c:\Data\OCSE\Logs\%LocalLog%
gpg --batch --passphrase "xxxxxxxxxx" --decrypt-files c:\data\scratch\IN\*.gpg
  if errorlevel 1 goto ERRDeCrypt

:MoveNewIWOs
MD c:\Data\Holding\A.PDF.gpg%now%
echo Moving new AO.PDFs to S: Source Drive @ %time% (see IWOMOV2ORD.Log) >> c:\Data\OCSE\Logs%LocalLog%
robocopy c:\data\ocse\scratch\IN \svr-fileserver\iwoORD file *.PDF /MOV /MT:50 /R:5 /W:10 /LOG+:c:\Data\Logs\IWOMOV2ORD.Log /TEE

The :MoveNewIWOs routine doesn’t execute and the last entry in the log file is the note “Decrypting IWOs…”. Again, this doesn’t happen every time, only intermittently.
The trap “if errorlevel 1 goto ERRDeCrypt” never executes

Any suggestions?

thanks! - a -

New info:
I found that out of 125 encrypted files, the batch file produced 120 decrypted files, so gpg stopped decrypting for some reason.
I expect that is why the batch stopped as well

Can someone tell me why the entire batch file would terminate if gpg had an error? Also, where - if any - does that error get logged?

Thanks!

  • a -

My suggestion is that you try to decrypt the files that haven’t worked manually so see
if there are problem. Maybe add an -v to the gpg call.

Thanks, Bernhard. I assume the “-v” is for verbose logging; where is the log written?

Also, I moved the 5 original .gpg files, which did not get decrypted, back into the source directory and the process completed without issue.
Info was logged and files were moved properly

Hi Ajax,

if a second run completes it may be some form of race or timing issue.

I’m not familiar with your scripting environment, so I don’t know where stdout and stderr of your process is written to. It is probably a good idea to log it somewhere.

Best,
Bernhard

Hi Bernhard,
I apologize for my ignorance on some of this, I know little about Unix/Linux and encryption. Been learning on the fly with this project.

My scripting environment is a batch file running on Windows 2012 R2. Nothing special

The second run has completed each time I have had to re-launch it.

I have been reading about stdout/stderr and can’t get my brain around how to work with it. This runs unattended, so I tried a redirect for the screen output:

c:\Data\Logs\DecryptIncoming.log

The result was a blank, zero-byte file.

I’m not sure how to log what gpg.exe is doing, and after more than hour of searching the Internet and reading articles/documents, I am no closer.

Over the weekend, the batch was launched and decrypted two of 88 files presented by our client, then the batch file just quit - no more logging or processing.

Per your instructions, I added -v to the command line and am going to re-trigger the weekend’s data.

Update will follow.

I very much appreciate your help!

  • a -

I re-triggered the auto-execution of the batch file which ran the following commands:

:DeCrypt
echo: >> c:\Data\Logs%LocalLog%
echo: >> c:\Data\Logs%LocalLog%
if exist c:\data\scratch\IN*.pdf echo Files Already Decrypted %time% >> c:\data\Logs%LocalLog% && goto MovePDFs
echo -------- Processing IWO encrypted files %today% ----- >> c:\Data\Logs%LocalLog%
echo Decrypting IWOs @ %time% >> c:\Data\Logs%LocalLog%
echo: >> c:\Data\Logs%LocalLog%
gpg --batch --passphrase “xxxxxxxxx” --decrypt-files c:\data\scratch\IN*.gpg -v >> c:\Data\Logs\DecryptIncoming.log
if errorlevel 1 goto ERRDeCrypt

The file c:\Data\Logs\DecryptIncoming.log is zero bytes and blank. GPG completed decrypting sixty of the 140 encrypted files in the directory. The error trap - if errorlevel 1 goto ERRDeCrypt - did not execute.

Thoughts?

THX!!!

Hi Ajax,

right now I don’t have my Windows machine at hand.
Please try to redirect gpg’s output interactively first.

According to “KB 110930” (https://support.microsoft.com/en-us/help/110930/redirecting-error-messages-from-command-prompt-stderr-stdout) you will have to use 2> to redirect
stderror.

Best Regards,
Bernhard

Hi Bernhard,
I used the double “greater-than” to redirect the screen output to a file. I’ve used it with other applications, but this is the first time I’ve seen an app not actually write to the file.

Here’s the redirection I used:

c:\Data\Logs\DecryptIncoming.log

In my past experience, the “>” character will redirect screen output to the specified file name overwriting an existing file, while “>>” will append to the file.

The KB you referenced is new knowledge for me. I have never used literally “2>” as opposed to “>>” so i’ll give that a shot and let you know the results.

I will try “2>&1” to send output and errors to the same file.

thanks for the reference and I am grateful for your time and effort to help me out with this!

Hi Bernhard,
I used the following at the command line:

gpg --batch --passphrase “xxxxxxx” --decrypt-files c:\data\scratch\IN*.gpg -v 2>&1 c:\Data\Logs\DecryptIncoming.log

And got the following:

All files decrypted
no DecryptIncoming.log file - was not even created
gpg: -v: Unknown suffix
gpg: c:\data\Logs\DecryptIncoming.log: Unknown suffix

Considering your point that there may be a race condition, I added a delay to my script before and after the gpg command. Update will follow.

So, I believe i have identified the issue and corrected it.

Problem of the batch file terminating execution while decryption Is running was not fault of gpg.exe.

I am using DirectoryMonitor (which is a VERY useful tool) to watch the directory where my client uploads the encrypted files and then invoke my batch file to process them.
The “Monitor” I configured for the source directory has a default timeout of 20 seconds which I overlooked disabling. So, DirectoryMonitor was terminating the entire process after 20 seconds; decryption, batch file and all.

I disabled the timeout setting then re-triggered the batch file processing and got through 183 encrypted files without issue.

That said, the screen output of gpg.exe still does not go anywhere, but I can live with that at this point.

I will update this thread if I am proven wrong about my diagnosis and solution - we get these files daily.

Otherwise, consider this resolved.

Thanks!!!

Hi Ajax,
good to know that the issue is solved for you, thanks for using Gpg4win and your feedback.

Just a hint about the command line you have used:

gpg --batch --passphrase “xxxxxxx” --decrypt-files c:\data\scratch\IN*.gpg -v 2>&1 c:\Data\Logs\DecryptIncoming.log

a) The options like -v have to be close to gpg, before the first file arguments.
b) If you want to redirect stderr in the same file as stdout by using ‘2>&1’ you will also have to redirect stdout before.
c) If the passphrase is in the script and in the process parameters, it may be the more transparent solution to just use a key without passphrase.

So my expectation would have been a command line like
gpg --batch -v --decrypt-files c:\data\scratch\IN*.gpg >c:\Data\Logs\DecryptIncoming.log 2>&1
(after you have changed the passphrase to be empty on the key you are using.)

Best Regards,
Bernhard