Help Running GPG Under System Account via WinFSP.Launcher For Rclone Mount

anona · May 28, 2024, 5:38am

context

i have a working WinFSP.Launcher CommandLine registry value to mount rclone mount. This is running as SYSTEM account in Windows.

But then, i tried to secure things by using symmetric gpg --decrypt, but it failed. The gpg (pinentry?) never prompting for password.

Here is my CommandLine registry value (redacted)

mount %\/b:1 %2 --config="***\***.conf" --password-command "gpg -q -d ***\***\sym.gpg" *** (the rest rclone flags)

I test several things to understand why gpg symmetric “won’t” run like usual under SYSTEM account, so i use psexec like below:

psexec -nobanner -s -i cmd /c gpg -q -d ***\sym.gpg 2>nul → this is working. gpg prompting for password
psexec \\127.0.0.1 -nobanner -s -i cmd /c gpg -q -d ***\sym.gpg
1. psexec \\127.0.0.1 -nobanner -s -i gpg -q -d ***\sym.gpg

test number 2 and 3 are not working. gpg won’t prompt for password. I mean, maybe something like this happened in WinFSP.Launcher i don’t know. Both output:

gpg: AES256.CFB encrypted data
gpg: problem with the agent: Timeout
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key
cmd exited on 127.0.0.1 with error code 2

my question

How to successfully run symmetric gpg decrypt in WinFSP.Launcher running under SYSTEM account in Windows?

Please help
Regards

anona · May 28, 2024, 10:18am

progress report, some workaround

first, prepare gpg-agent.exe running as SYSTEM account. i use this command:

psexec -nobanner -s -i gpg-connect-agent /bye

*) another way maybe is using Task Scheduler or Windows Services

now, this command worked:

psexec \\127.0.0.1 -nobanner -s -i gpg -q -d ***\***\sym.gpg

i also tested it with WinFSP.Launhcer. now there is passphrase prompt.
so glad it worked

cklassen · May 29, 2024, 5:43pm

Thank you for your report! When it comes to GnuPG it can be helpful to visit the mailing list for it: Gnupg-users Info Page