Decrypt file using command line

Hi,
I have a project that decrypts a file using gpg4win and when I run as schedule task in the server it is not working and the error description is not much clear of what is the problem.

So I did the following test:

I run the command line in the server using a normal command prompt I get the following error:

But running command as administrator it runs fine.

The easymortph service account is administrator in the Easymorph server and has read/write permissions on the folders.

Am I missing any configuration?

thanks,
Renata

Hi,
gpg is not in PATH environment of easymorph user.
Test with full path of gpg exe.

Hi Florent, I added the fullpath and I was able to run in the command line in the server. But if I schedule my project in the server It is still not working. The error log doesn’t say much.

The project run fine in my local desktop and if I use the local scheduler.

EasyMorph server use credentials of user of service.
User must have enough right. GPO can limit somes right.

Look at event viewer. An error can be raised. In “security” an “audit failure” can be present if right if refused.
image

The EasyMorph server account is running under a service account which it part of the Administrator group. I’ve looked in the windows logs and I don’t see any error logged there. My project is set to capture output but it still doesn’t show anything. I’ve tried to call a bat that executes the file decryption. Again it works when it is executed in the server command line. But doesn’t work when I run in the task scheduler.
When you say enough rights, any specific right that I should look into? Since the service account is administrator in the server I can’t think of any pending right.

thanks,
Renata

What error does it return? You can also check the “Capture output” option in the “Run program” action, and export the output with the detailed error into a text file.

Also, I noticed that you use double backslashes in file paths. Try replacing them with single backslashes.

Thanks Dimitri, now I was able to identify the issue. It says that there is no key. (gpg: decryption failed: No secret key)

I tried to list the keys in the server, but when I run the task in the server it doesn’t return any key.

image

But running the command locally I can see the private key.
My user is admin in the server , same thing to Easymorth server service account. Any reason to the server account can’t see the key?

thanks,
Renata

Can’t think of any. EasyMorph Server runs as a Windows service. A Windows service process may have different policies enabled compared to a command-line process. Maybe, GPG requires special options or configuration when used under a Windows service. I’m not an expert in GPG, can’t say for sure.

I would suggest 2 options to try:

  1. Look up GPG docs/articles on working under a Windows service.

  2. My understanding is that you’re currently evaluating Enterprise Server. It allows spawning child processes (Morph.Agent.exe) that can be used to run tasks under Windows accounts other than the default service account used by EasyMorph Server.

    • You can configure a new Windows account in Server settings (tab Accounts).
    • Then create a new space and configure the space to use the newly configured account
    • Run the GPG task in that space. In this case, the task will be executed by a Morph.Agent process instead of the Morph.WebConsole process.

The “Admin Guide” that comes with the Server installer (and is also available here) describes in detail how to configure Server accounts/agents.

My project is working now the issue was how I was importing the private key. Thanks for helping me!