Excecuting GPG from a system service running under the System account

anon65477001 · May 25, 2014, 12:19am

I’m new to GPG. I have to execute GPG from a shell which invoked from a program that runs as a Windows system service. This service (ColdFusion) currently runs under the system account.

I’ve noted that when I added a public key to my “keyring” this data is set up under the directory:

c:\documents and settings[UserAccountName]\Application data\gnupg\

I’m guessing that the Windows system account will fail when it attempts to encrypt files using this key because it won’t be able to find it.

Is there a work around? Perhaps a way to get gpg to find/use the key under another user account?

I know that I could conceivably run the service under a regular user account but I’m reluctant to do that at this point.

anon65477001 · May 25, 2014, 4:36am

Okay…I’m getting closer…I just discovered the command line option --homedir

anon90979041 · May 25, 2014, 3:49pm

There is also:

–keyring [path]
–secret-keyring [path]
–no-default-keyring

Regards,
Sean C.

anon65477001 · May 25, 2014, 4:20pm

Thank you Sean.

I actually got this worked out a bit earlier. The command line arguments that worked for me were

–homedir \directoryName
–trust-model=always
and
–batch

When you simply add --homedir you get a warning and an interactive prompt form gpg2.exe to confirm that you want to use some other users keyring. To avoid this prompt, I added the other two parameters.

I was instructed to use gpg for windows from gpg4win; so I downloaded it installed it and looked through the docs and then began experimenting. I could find little in the documentation about command line parameters. I’m accustomed to using -? or /? on the command line to get a list of command line arguments and explanations. So I tried this and sure enough…I got a long list of command line arguments…but this list is woefully incomplete!!! Very frustrating.

It was only through much experimentation, research and a lucky piece of info, provided w/o explanation in an example that I stumbled across the correct params and eventually their documentation here:

https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html

There are few references to this manual in the gpg 4 win docs. Only burried on pages 81 and 135 did I find a references to gnupg.org. Gahh!! Very frustrating.

anon90979041 · May 25, 2014, 4:54pm

Glad to hear you got it working!

-Sean

bernhard · May 26, 2014, 9:33am

Hi Leon,
sorry that it was too hard for your to find the full backend documentation.
For the writers of the documentation it is hard to predict how someone
that is new to GnuPG and Gpg4win things. We are happy for suggestions
to find the right spots to add more hints. For instance you could create an issue
in the tracker reminding us where you would like to have better pointers.

Note that on wiki.gnupg.org we are trying to get more people involved in writing
documentation.
Best,
Bernhard