Skip navigation
Currently Being Moderated


Apr 19, 2006 6:44 AM

I'm building an application in CFMX 6.1 (on Windows 2000 Server) that needs to take a file or files encrypted with our GPG public key and decrypt them to produce XML files. I'm using GnuPG, and have worked out all the encrypt/decrypt stuff on the command line of the server. I then was using the cfGnuPG CFC with the gpg.jar Java wrapper to encrypt and decrypt data streams, which worked great, but the gpgDecrypt function in that CFC doesn't seem to handle full files, and if I read the file contents into a variable and then try to decrypt it, it fails.

So what I'm now back to trying is to use CFEXECUTE to call the decryption function. This command works from the command prompt on the server:

> C:\Progra~1\GNU\GnuPG\gpg.exe --passphrase-fd 0 < c:\gnupg\pp.txt -o E:\devroot\iqvc\input\\neworders.xml -d e:\devroot\iqvc\input\\128391924.neworders

I put my passphrase in a text file and pass it into the passphrase-fd parameter as suggested, and the file designated is decrypted and saved as the new filename.

However, executing this command from CFEXECUTE just hangs--I see a new gpg.exe process spawn on the server, but no output is returned (see attached code). The outputfile is created, but remains empty, and the CF page times out after the 120 seconds. I can do a simple CFEXECUTE of gpg.exe with the "--list-keys" argument, and it returns the correct output. So what's different about this decrypt command? If the command were producing a response prompt, shouldn't that write to the outputfile?

I gather that the CFEXEXCUTE process runs GPG under the "Default User" profile, since when I used it to create keys, that's where they went. Is that correct?

If anybody has any ideas, or a better way to do this, please let me know.
  • Currently Being Moderated
    Apr 19, 2006 10:24 AM   in reply to jarviswabi
    Most likely this is a account/user profile issue. If I remember correctly, the current profile is the profile of currently logged-in interactive user, which may or may not be "default profile". Also, to access other user profile the account must have a permission, which is not the case for the SYSTEM account. Therefore, even a necessary profile is loaded, the CF might not be able to access it.

    If you set CF service to run under the same interactive account under which the command line works, and after that CFEXECUTE works - this is it. You also can try to enable "Allow service to interact with desktop" for debugging purposes. So, you would actually see that DOS window that might contain error message and/or prompt for something.

    You also may try this tag that allows some of the above, if you cannot change settings on the server.
    Mark as:
  • Currently Being Moderated
    Jun 1, 2006 12:06 AM   in reply to jarviswabi
    I would love to get the revised code this is exactly what i am working on for a client.

    Mark as:
  • Currently Being Moderated
    Nov 11, 2007 6:28 AM   in reply to jarviswabi

    I am having the same gnupg hang problem when decrypting. Can I get the revised code from you?


    Mark as:
  • Currently Being Moderated
    Feb 8, 2010 9:52 AM   in reply to jarviswabi

    I could use the modified gpg.jar file, too, if anyone has it.  If not, some insight as to how to modify the existing one would be very helpful.



    Thank you,


    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points