I have written a windows cmd file to loop through a directory of files and decrypt them containing the following command.
FOR %%f IN (…*.gpg) DO (gpg --batch --passphrase “mypassphrase” -o %%~nf -d %%f > gpglog.txt 2>&1)
When I run the batch file (obviously logged in) it works perfectly. When the server starts up and nobody logs in, and the task scheduler runs it, it fails with a “No secret key” error. The scheduled job is set up as : runs as me; whether user logged in or not; with highest privileges. What else can I do to make it find the secret key?
When you are logged in, the correct keyring will be loaded. The Keyring is always associated with a user. If no one is logged in, gnupg doesn’t know where to get the keyring from.
Use the “–keyring” option and specify the keyringfile. To find the keyring for the user, enter “%APPDATA%\GnuPG” in the Windows explorer Search bar and copy the full path (something like C:\Documents and Settings<user>\Application Data\GnuPG).
Windows changed behavoior regarding scheduled jobs and how dirs are loaded for Windows > 8 and Windows Server 2012
Section “Windows > 8 and Server 2012 Task Scheduler Problems”
Keyring wouldn’t be enough for decrypt as you also need the secret key etc.
You should specifiy the full homedir.
Hi, is there a way not to be notified with everyone’s issue
I feel like I registered to a mailing list
Thanks for the info Jochen. Yesterday I added the --homedir “C:\Temp\GnuPG” option to the batch command and also copied the GnuPG directory from my AppData directory to C:\Temp so it was accessible by all users, even though the scheduler (Windows Server 2012) was set to run as me.
The VM shuts down every night, so I have to wait until the next day to test (and not log in until the job runs and completes). Unfortunately today I had to login early, so the true test will be tomorrow.