Page 1 of 1

Batch file with gpg4win is not executing from TI process

Posted: Thu Oct 01, 2020 7:22 pm
by dharav9
Hi, All

I have a command line code in batch file which decrypts encrypted file.
We have many batch files which are being executed monthly from TI process. No issues at all.

"Test.Bat" => I am able to execute it by double clicking and it works fine.
When i run this process from TI process through following code then it ran successfully but it doesn't do anything. I do not see decrypted output.
TI Process Command:

EXECUTECOMMAND('F:\Scripts\Test.bat', 1);

Code inside the batch file:

echo abcd|gpg -o E:\myfolder\PL_Decrypt.txt --batch --yes --passphrase-fd 0 --force-mdc --decrypt E:\myfolder\Encrypt_PL.txt

I also tried:

echo abcd|gpg -o E:\myfolder\PL_Decrypt.txt --batch --yes --passphrase-fd 0 --decrypt E:\myfolder\Encrypt_PL.txt

It seems some security disable TM1 to utilize private key for the decryption.

Please Advise.

Thank You
Dharav

Re: Batch file with gpg4win is not executing from TI process

Posted: Thu Oct 01, 2020 8:30 pm
by tomok
When batch files run when you initiate them and they don't run under TM1 it is due to permission issues about 99% of the time.

Re: Batch file with gpg4win is not executing from TI process

Posted: Fri Oct 02, 2020 7:02 pm
by dharav9
Hi, Tomok

Thanks for prompt reply.
All other batch files are working fine from TI. As GPG4WIN is third party exe program in command line in the batch file, something is related to it.

I ran same batch file from Task Scheduler and it woks.

Can you assist me what or where i should start looking for permission?

Thank You
Dharav

Re: Batch file with gpg4win is not executing from TI process

Posted: Fri Oct 02, 2020 7:34 pm
by gtonkin
Could be that gpg is not in your path for the TM1 service account. Try putting the full path to it in your batch file.

Re: Batch file with gpg4win is not executing from TI process

Posted: Fri Oct 02, 2020 7:39 pm
by tomok
dharav9 wrote:
Fri Oct 02, 2020 7:02 pm
Can you assist me what or where i should start looking for permission?
How about all the folders where the programs called from your batch file are stored. Does the TM1 service account have access to these? What about any files that are written. Does the service account have permissions to create files in these folders? Also, if you're going to ask for help, don't just tell us about the batch file. That's almost meaningless. What matters are the commands that get called from the batch.

Re: Batch file with gpg4win is not executing from TI process

Posted: Wed Oct 07, 2020 7:37 pm
by dharav9
Hello All,

@tomok & @gtonkin
gtonkin wrote:
Fri Oct 02, 2020 7:34 pm
Could be that gpg is not in your path for the TM1 service account. Try putting the full path to it in your batch file.
I have added the path in system environment variable. Moreover, following is the code inside the batch file.



E:
cd "E:\Software\PGPWin\GnuPG\bin\"
gpg --pinentry-mode=loopback --passphrase "abcd" -d -o "E:\Test\ERP_Export.txt" "E:\Test\Encrypt_ERP.txt"



When i double click on this batch file, it works like charm with expected output.
Moreover, I tried following code as well and it works like charm when i double click on batch file

set path=%path%;"E:\Software\PGPWin\GnuPG\bin\"
gpg --logger-file "E:\Test\gpglog.log" --pinentry-mode loopback --batch --no --force-mdc --passphrase-file "E:\Test\PassCode.txt" -d -o "E:\Test\ERP_Export.txt" "E:\Test\Encrypt_ERP.txt"


**** E drive and Test folder full access is already given to System account(we run instance services through system account). I have other batch files are being executed from same folder and there is no issue.

It seems something related to permission but couldn't able to figure out what could it be.

I also open ticket with IBM. I will keep you posted if i hear solution from them.

Thank You
Dharav

Re: Batch file with gpg4win is not executing from TI process

Posted: Thu Oct 08, 2020 2:38 am
by dharav9
Guys,

I figured it out. GPG4win installs private key in to their personal app data folder.[ C:/Users/Name/AppData/Roaming/gnupg/]
If you copy this folder and assign in the different folder outside users folder and mentioned that path in to your batch then it works.

Alternative is that you should installed kelopatra with service account and run TM1 services on service account. it will resolve the issue.

I was pointing path to gpg.exe instead of private keys path.

Thank You Guys for your time.

Thank You
Dharav