How to decrypt a file in Palantir either while pulling the file thru SFTP sync or after receiving the file at Foundry end.
File is encrypted [symmetric (passphrase)] in a linux system using gpg utility.
Command used to decrypt the file in a linux system:
gpg --batch --passphrase <<passphrase>> --output decrypted_file.csv --decrypt encrypted_file.csv
I've decrypted a file successfully using:
gpg --encrypt --recipient user#company.com myfile.txt
If I run the command below, I'm prompted for a passphrase, and decryption works:
gpg --output decrypted_myfile.txt -decrypt myfile.txt.gpg
I can't seem to get any form of non-interactive decryption working. The closest I've come is:
gpg --decrypt --batch --passphrase MYPASSPHRASE myfile.txt.gpg
This gives me:
gpg: encrypted with 2048-bit RSA key, ID F6CF3C25, created 2016-03-17
"Company_20210316 (Incoming Files) <user#company.com>"
gpg: public key decryption failed: Bad passphrase
gpg: decryption failed: No secret key
Is there a different way to do it?
Having error like:
gpg: decryption failed: No secret key
simply means that you don't have a private or secret key in your gpg keyring. You may want to check first if:
gpg --list-secret-keys if it has a private key there and if not,
Import it and then trust it.
To trust, use:
gpg --key-edit <yourKey> then "trust" then "5" then "quit"
To get your keyID run:
gpg --edit-key <yourKey> then
On the first line you'll see: "Private key available"
Then two sub-keys on the left of the fist, you'll see similar to:
sec rsa2048/E7E43C5C844E2917
and the part on a right after slash - will be your
E7E43C5C844E2917
So to explicitly export from where it was generated, the key to a file, you need to use that like this:
gpg --export-secret-keys --armor E7E43C5C844E2917>yourSecretKey.asc
This will create a secret key in a file ONLY, unlike if you use keyname in the export call. Then it will contain more than that.
Then to import use:
gpg --import yourSecretKey.asc
Then check your key in the list updated. Add a trust if needed.
Then line to decrypt copied from terminal of my MAC and tested works, w/ no prompt:
gpg --batch --passphrase MyPassphrase -o test.tt7 -d CE.txt.gpg
NOTE that: -d is the same as --decrypt and
-o the same as --output
And the value of the passphrase is the actual value I used in my test to decrypt the above and not the variable. The same created during the time key generated, and actual recommendation is to use a longer set of characters but actually any number is accepted.
Having error like: gpg: decryption failed: No secret key simply means that you don't have a private or secret key in your gpg keyring. You may want to check first if gpg -k (same as gpg --list-keys) has a private key there and import it and then trust it,
To add trust, use "1 to 5":
gpg --key-edit <yourKey>
then trust then 5 then `quit
To get your keyID run:
gpg --edit-key <yourKey>
then first line you'll see: Private key available
then two sub-keys on the left of the fist you'll see
sec rsa2048/E7E43C5C844E2917
and the part on a right after slash - will be your <keyID> E7E43C5C844E2917
so, to explicitly export from where it was generated, the key to a file you need to use that like:
gpg --export-secret-keys --armor E7E43C5C844E2917>yourSecretKey.asc
this will create secret key in a file ONLY, unlike if you use keyname in the export call then it will contain more than that.
Then to import use:
gpg --import E7E43C5C844E2917
then check your key in the list updated. Add trust if needed.
Then line to decrypt copied from terminal of my MAC and tested works, w/ no prompt:
gpg --batch --passphrase MyPassphrase -o test.tt7 -d CE.txt.gpg
NOTE that: -d is the same as --decrypt just like -o is the same as --output
You can try this command:
gpg --output File.txt --batch--passphrase-fd YourPassword --decrypt file.pgp
I want to encrypt an xml file and I am using gpg4win (kleopatra).
Using the kleopatra interface I set an option to produce files with extension pgp instead of gpg which is the default extension.
I am trying to create a pgp file from command line using the command
gpg -r test#test.gr -se C:\temp\myfile.xml
because I need to submit it in a web app that accepts pgp only.
I have tried to put some other options in the command but I always get a gpg file. How can I produce a pgp file from command line?
This may not be the same process as others, but this worked for me:
gpg --batch --yes --recipient "user" --output "fulldirectory\filename.txt.pgp" --encrypt "fulldirectory\filename.txt"
GnuPG syntax for encryption is stated here. You can simply use the --output [filename].[suffix] parameter.
So go with gpg --encrypt C:\temp\myfile.xml --recipient test#test.gr --output C:\temp\myfile.pgp.
Please note that .pgp is actually the suffix for a key not an encrypted file. See here.
The following command is run from the Windows command line and it works sometimes, but it does not in other occasions.
GPG --recipient "my.puclic.key#recipient.com" --output "MyEncryptedFileName.txt.PGP" --encrypt "MyTestDocument.txt Working Directory: \\myServer\myfolderName\
The directory and file name exist, but it seems like GPG can't find them. I have also tried the command as..
GPG --recipient "my.puclic.key#recipient.com" --output "MyEncryptedFileName.txt.PGP" --encrypt "MyTestDocument.txt Working Directory: \\myServer\myfolderName\"
and
GPG --recipient "my.puclic.key#recipient.com" --output "MyEncryptedFileName.txt.PGP" --encrypt "MyTestDocument.txt Working Directory: \\myServer\myfolderName"
but keep getting an error:
"can't open 'MyTestDocument.txt Working Directory:\\myServer\myfolderName\': No such file or directory
gpg MyTestDocument.txt Working Directory: \\myServer\myfolderName\: encryption failed: No such file or directory
In prior occasions this same command worked fine.
I am using an Encryption method as mentioned below:
--homedir "C:\GnuPG" --batch --yes --encrypt --recipient a#a.com --default-key a#a.com --passphrase-fd 0 --no-verbose
It generates a.gpg file.
But when i decrypt this file on the stdin as mentioned below command:
gpg --output my.csv --decrypt a.gpg
Error:
gpg: no valid OpenPGP data found.
gpg: decrypt_message failed: eof
Whats wrong with the Encryption command?