PGPDECRYPT        Decrypt a PGP encrypted file

Top  Previous  Next

Syntax:

PGPDECRYPT

[ source file ] [ target file ] [  options ]

Arguments:

[ source file ]

A variable or string defining the file name of the PGP encrypted file to decrypt; this file may or may not be ASCII armored. Wildcards are not permitted in [ source file ] or [ target file ]

 

[ target file ]

A variable or string defining the file name of the decrypted file; if the file exists, it will be overwritten. If an empty string is provided (i.e., “”) then the decrypted file is written to the original file name saved when the file was encrypted. The target file may not be the same as the source file.

Options:

/pw=xx

String or variable defining the passphrase associated with the PGP private key used for decryption. You may omit this option if you saved the passphrase in the Configurator.

 

/signature=x

required - a valid digital signature must exist

optional - if there is a signature it must be valid (default)

ignore - signatures are ignored

 

 

This script command decrypts a file that was previously encrypted using PGP encryption and populates the %pgpdecryptfile variable with the name of the output file name. To decrypt a file you must have already imported the private key that matches the public key that was used to encrypt the file. Keys are imported with the PGPIMPORT script command or by using the Import Key functionality in the Robo-FTP Configurator. This command may by used to decrypt a file encrypted using the PGPENCRYPT script command or any external PGP or GPG encryption application.

 

The /pw option specifying the passphrase is required unless you saved the passphrase for the key in the Configurator.

 

Important

When you use the Configurator to create new PGP keys you may optionally choose to save the passphrase. If you choose this option, the password is saved in an encrypted format in the Windows registry along with Robo-FTP's other settings. Later, when you use these keys for encryption or decryption, the passphrase will not appear in the console window nor will it be written to any log file. If you choose not to save the passphrase (or if you use externally generated PGP keys) then you will probably need to specify the passphrase in clear-text in a script file. Therefore, saving the passphrase when you create the key is the most secure option.

 

In the following example, the private key for decryption is the only private key in Robo-FTP and the passphrase was saved when the key was generated or imported.

 

PGPDECRYPT "encrypted.txt.pgp" "decrypted.txt"

 

You can also write the decrypted file to a different folder as shown below.

 

PGPDECRYPT "encrypted.txt.pgp" "c:\new\decrypted.txt"

 

If you did not save the passphrase when generating or importing the key then you will need to provide it using the /pw option as shown below.

 

PGPDECRYPT "encrypted.txt.pgp" "decrypted.txt" /pw="my passphrase is very nice"

 

The original file name is often embedded within a PGP encrypted file. Robo-FTP allows an encrypted file to be decrypted and saved using its original name in the current working folder by using the following syntax (Note: the empty quotes are used to pass no name to the [ target file ] argument).

 

PGPDECRYPT "encrypted.txt.pgp" ""

 

When no name is specified in the [ target file ] argument, use the %pgpdecryptfile variable to perform subsequent operations on the resulting decrypted file. In the following example we decrypt the file using its original name and then rename it by adding the current timestamp to the original name. The encrypted source file is then deleted:

 

PGPDECRYPT "unknown.pgp" "" /pw="secret!!!"

SET new_name = %datetime + "_" + %pgpdecryptfile

RENAME %pgpdecryptfile new_name

DELETE "unknown.pgp"

 

Hint: If Robo-FTP is unable to find the correct private key for decryption, ask the person who encrypted the file for the Key ID of the public key that they used for encryption. The Key ID must match the value shown on the PGP Keys menu in the Configurator. Some PGP software only displays an 8 character Key ID so in those cases you'll compare with the last 8 digits of the value shown in the Configurator. For a more precise comparison you can right-click the grid row and choose "Show Key Fingerprint" from the pop-up context menu.

 

Note: When the TMPFILE command is active, the output [ target file ] created by this command will have a different name until the decryption process is successfully completed.

 

Validating a digital signature requires access to the public key that matches the private key that was used to create the signature. Robo-FTP can only validate signatures when a copy of the PGP public key has been imported on the PGP menu in the Configurator. The /signature=required option may be used to force the PGPDECRYPT command to fail if the digital signature cannot be validated.  

 

PGPDECRYPT "encrypted.txt.pgp" "decrypted.txt" /signature=required

 

 

Return Values

These are the possible result codes returned by the PGPDECRYPT command:

$ERROR Constant Name

Code

Description

$ERROR_SUCCESS

0

No error occurred

$ERROR_FILE_OPEN_ERROR

1003

Unable to create the output specified by the [ target file ] argument

$ERROR_VAR_NOT_FOUND

1009

Script variable not set

$FILE_NOT_FOUND

1055

Unable to access the source specified by the [ source file ] argument

$ERROR_INVALID_ARGUMENT

1100

Invalid argument

$ERROR_PGP_DECRYPTION_FAILED

1278

PGP decryption operation failed or canceled

$ERROR_PGP_KEY_DOES_NOT_EXIST

1280

Private decryption key not imported or unavailable to current user

$ERROR_PGP_PASSPHRASE_BLANK

1281

Private decryption key passphrase not specified or is invalid

$ERROR_PGP_SIGNATURE_INVALID

1284

Signature not validated; the file contents have changed since it was signed or the signer's public key was not imported or is unavailable to the current user

 

 

Related command(s): PGPENCRYPT, PGPIMPORT, PGPSIGN, UNZIP, TMPNAME

See also: Robo-FTP and PGP Cryptography, Configure PGP Menu