• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

GPG, CFEXECUTE and cfGnuPG

Explorer ,
Apr 19, 2006 Apr 19, 2006

Copy link to clipboard

Copied

I'm building an application in CFMX 6.1 (on Windows 2000 Server) that needs to take a file or files encrypted with our GPG public key and decrypt them to produce XML files. I'm using GnuPG, and have worked out all the encrypt/decrypt stuff on the command line of the server. I then was using the cfGnuPG CFC with the gpg.jar Java wrapper to encrypt and decrypt data streams, which worked great, but the gpgDecrypt function in that CFC doesn't seem to handle full files, and if I read the file contents into a variable and then try to decrypt it, it fails.

So what I'm now back to trying is to use CFEXECUTE to call the decryption function. This command works from the command prompt on the server:

> C:\Progra~1\GNU\GnuPG\gpg.exe --passphrase-fd 0 < c:\gnupg\pp.txt -o E:\devroot\iqvc\input\\neworders.xml -d e:\devroot\iqvc\input\\128391924.neworders

I put my passphrase in a text file and pass it into the passphrase-fd parameter as suggested, and the file designated is decrypted and saved as the new filename.

However, executing this command from CFEXECUTE just hangs--I see a new gpg.exe process spawn on the server, but no output is returned (see attached code). The outputfile is created, but remains empty, and the CF page times out after the 120 seconds. I can do a simple CFEXECUTE of gpg.exe with the "--list-keys" argument, and it returns the correct output. So what's different about this decrypt command? If the command were producing a response prompt, shouldn't that write to the outputfile?

I gather that the CFEXEXCUTE process runs GPG under the "Default User" profile, since when I used it to create keys, that's where they went. Is that correct?

If anybody has any ideas, or a better way to do this, please let me know.

Views

1.7K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Explorer , Apr 20, 2006 Apr 20, 2006
I found my own solution. I think Mr Black is probably right about the user profile deal with CFEXECUTE, but it just seemed like a kludgey solution anyway. What the cfGnuPG CFC/wrapper was missing was a way to invoke GPG to decrypt a FILE, rather than a data stream. So I added a new method to the gnuPG.class file originally provided by Wayne Graham in his CFDJ article to do "decryptFile"--basically, you just pass it a filename instead of a data stream and it works the same way. I also added an op...

Votes

Translate

Translate
Participant ,
Apr 19, 2006 Apr 19, 2006

Copy link to clipboard

Copied

Most likely this is a account/user profile issue. If I remember correctly, the current profile is the profile of currently logged-in interactive user, which may or may not be "default profile". Also, to access other user profile the account must have a permission, which is not the case for the SYSTEM account. Therefore, even a necessary profile is loaded, the CF might not be able to access it.

If you set CF service to run under the same interactive account under which the command line works, and after that CFEXECUTE works - this is it. You also can try to enable "Allow service to interact with desktop" for debugging purposes. So, you would actually see that DOS window that might contain error message and/or prompt for something.

You also may try this tag that allows some of the above, if you cannot change settings on the server.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Apr 20, 2006 Apr 20, 2006

Copy link to clipboard

Copied

I found my own solution. I think Mr Black is probably right about the user profile deal with CFEXECUTE, but it just seemed like a kludgey solution anyway. What the cfGnuPG CFC/wrapper was missing was a way to invoke GPG to decrypt a FILE, rather than a data stream. So I added a new method to the gnuPG.class file originally provided by Wayne Graham in his CFDJ article to do "decryptFile"--basically, you just pass it a filename instead of a data stream and it works the same way. I also added an optional parameter to it for the output file (GPG option -o), since I found that decrypting the file to output the results was inconsistent (sometimes it would work, other times it would hang). By telling GPG to write the decrypted content to a file, it worked perfect everytime.

If anyone would like the revised gpg.jar file with the additional method, feel free to email me.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jun 01, 2006 Jun 01, 2006

Copy link to clipboard

Copied

I would love to get the revised code this is exactly what i am working on for a client.

Thanks

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Nov 11, 2007 Nov 11, 2007

Copy link to clipboard

Copied

Michael,

I am having the same gnupg hang problem when decrypting. Can I get the revised code from you?

Thanks,

John

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Nov 12, 2007 Nov 12, 2007

Copy link to clipboard

Copied

John, I'd be happy to send you the code, but I need your email.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 08, 2010 Feb 08, 2010

Copy link to clipboard

Copied

LATEST

I could use the modified gpg.jar file, too, if anyone has it.  If not, some insight as to how to modify the existing one would be very helpful.

kyleworld@gmail.com

Thank you,

Kyle

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation