Help with the --batch option...

Dieter Karaluz DKaraluz at TC3HEALTH.com
Tue Oct 26 22:30:57 CEST 2010 

Hi,
 
This inquiry has two questions. Please include dkaraluz at tc3health.com in
your replies. Thanks.
 
We are running GPG 1.2.0 in production. We use it to decrypt all the
files we get from our clients through a batch script executed from a
Windows service. The command execute is:
 
c:\gnupg\gpg.1.2.0.exe -r tc3health --batch --yes -o
D:\PaidClaims\Data\Incoming\NGS\HST_Header_201010_1.zip -d
D:\PaidClaims\Data\Incoming\NGS\HST_Header_101025.txt.zip.pgp
gpg: encrypted with 2048-bit ELG-E key, ID 5FC0F85B, created 2002-08-27
      "TC3Health <faxsend at tc3health.com>"
 
And the decrypt generates a zip file. No manual intervention. But I am
having an issue with the zip file generated: WinZip reports "Error:
Invalid compressed data to expand file". And that prompted me to install
GNUPG 1.4.11 to see if that version corrects the problem. Now I am
getting:

c:\gnupg\gpg.1.4.11.exe -r tc3health --batch --yes -o
D:\PaidClaims\Data\Incoming\NGS\HST_Header_201010_2.zip -d
D:\PaidClaims\Data\Incoming\NGS\HST_Header_101025.txt.zip.pgp
gpg: can't query passphrase in batch mode
gpg: encrypted with 2048-bit ELG-E key, ID 5FC0F85B, created 2002-08-27
      "TC3Health <faxsend at tc3health.com>"
gpg: public key decryption failed: bad passphrase
gpg: decryption failed: secret key not available

I ran a test where I removed the --batch, and entered the passphrase
manually. The file decrypted fine, and WinZip had no problems opening
the content of the zip file. So 1.4.11 fixes whatever issue I am having
with 1.2.0. I did verify that the two zip files do not match when
compared in binary mode, so there is a change in the way the file gets
decrypted.

So here are the two questions:

1 - What do I need to do with gpg 1.4.11 so that it will decrypt pgp
files in batch mode. With hundreds of files coming in daily it is just
not practical to have someone entering the passphrase for each file.
GNUPG 1.2.0 does it fine. I did not do the original 1.2.0 installation
so I don't know what was done with 1.2.0 to make it work fine with the
--batch option.

2 - What fix was applied to 1.4.11 that solved the issue I am having in
1.2.0, and is there an option I could pass to GNUPG 1.2.0 that would
correct or work around the issue? 

Thanks,

Dieter Karaluz

More information about the Gnupg-users mailing list