Decryption Not Working When Not Logged In (Batch Job)

I have written a windows cmd file to loop through a directory of files and decrypt them containing the following command.

FOR %%f IN (…*.gpg) DO (gpg --batch --passphrase “mypassphrase” -o %%~nf -d %%f > gpglog.txt 2>&1)

When I run the batch file (obviously logged in) it works perfectly. When the server starts up and nobody logs in, and the task scheduler runs it, it fails with a “No secret key” error. The scheduled job is set up as : runs as me; whether user logged in or not; with highest privileges. What else can I do to make it find the secret key?

Hi Jeff,

When you are logged in, the correct keyring will be loaded. The Keyring is always associated with a user. If no one is logged in, gnupg doesn’t know where to get the keyring from.

Use the “–keyring” option and specify the keyringfile. To find the keyring for the user, enter “%APPDATA%\GnuPG” in the Windows explorer Search bar and copy the full path (something like C:\Documents and Settings<user>\Application Data\GnuPG).


Windows changed behavoior regarding scheduled jobs and how dirs are loaded for Windows > 8 and Windows Server 2012

Section “Windows > 8 and Server 2012 Task Scheduler Problems”

Keyring wouldn’t be enough for decrypt as you also need the secret key etc.

You should specifiy the full homedir.

Hi, is there a way not to be notified with everyone’s issue
I feel like I registered to a mailing list


Thanks for the info Jochen. Yesterday I added the --homedir “C:\Temp\GnuPG” option to the batch command and also copied the GnuPG directory from my AppData directory to C:\Temp so it was accessible by all users, even though the scheduler (Windows Server 2012) was set to run as me.

The VM shuts down every night, so I have to wait until the next day to test (and not log in until the job runs and completes). Unfortunately today I had to login early, so the true test will be tomorrow.