GPG encryption and decryption issue in migration to 10.15 server

,
1

We are migrating the 10.2 version to the 10.15 version.
There was integration with the partner systems on GnuPG encryption and decryption.

10.2 and Windows server having the GnuPG version and the integration creates the PGPEncrpt.bat file, and the Java Shell Command service executes the .bat file and does the encryption as below,

File contains gpg --recipient “recipientID” --armor --always-trust --output “encryptedFileName.dat” --encrypt “filenametoEncrypt”

This is working in the 10.2 version.

In the migration server 10.15 and Windows server env, I copied the pubring.gpg and secring.gpg to the home user directory.

pubring. gpg contains the client’s public. Asc and partner public.asc details & Secring. gpg contains the client’s security file details.

I can encrypt the file using the PowerShell in the migration Windows server. But from the webMethods server java shell command, it is showing an error like,

gpg: “Recipient ID”: skipped: No public key
gpg: “Filename”: encryption failed: No public key

I validated using the gpg --list-keys & gpg --list-secret-keys. It shows pub,uid, and sub for client and partner, and in the secret keys, it shows the sec, uid, ssb.

I also refreshed the keys; PowerShell encryption is working, and webMethods java service, the error is the same.

gpg: “Recipient ID”: skipped: No public key
gpg: “Filename”: encryption failed: No public key

I created newly generated keys; the error is the same.

Please help to resolve the issue with executing the .bat file in the 10.15 server.

Thanks,

2

Such problems typically arise when the server runs under a different user account.

The simplest solution is usually to specify absolute paths to the files that shall be used.

3

Thank You Jahn for the response,

I validated the users; the old environment used the SAG name user, and the new environment was created with the webMethods name user. I copied the files (pubring. gpg & subring.gpg) into the new user directory (C:\users\webMethods\appdata\romaing\gnupg). I restarted the system and refreshed the keys as well.

The same issue was raised.
I created new keys as well and imported the partner .asc file over pubring and the issue still the same.

I create the same (sag, webMethods) users in the webMethods server and assign permissions as administrator. still, it is showing the same error,

gpg: “Recipient ID”: skipped: No public key
gpg: “Filename”: encryption failed: No public key

Do I need to do any other checks?

Thanks,

4

Have you tried to access the files by specifying their absolute path?

It’s been ages that I last worked with GPG (or PGP for that matter). But I would assume that log files exist and I would recommend to look into those/

5

Hi Jahn,
Yes, I used PowerShell and validated using the --list-keys & --list-secret-keys, and list keys contain the client and partner pub and uids are there
sec keys contain the sec and uids are there.
Using the client keys, I could encrypt and decrypt the file. Also, with the partner key, encrypt the file.

Thanks,

6

Possible that an environment variable specifying the GPG home directory is not present in the new set up. gnupg - gpg --homedir change directory not working - Stack Overflow may provide info about which way want to specify the home dir for GPG. Using --homedir may be the way to go so you don’t need to rely on environment vars or default behavior.

7

Hi Reamon,
Thanks for the update !
I copied the windows 2012 path files (all files pubring.gpg,secring.gpg, .lock, .kbx) to the new environment directory in windows 2022 server.
I run the below commands,

E:>gpg --homedir E:\Client --list-keys
E:\Client\pubring.gpg

pub rsa2048 2019-05-07 [SC]
718CF1A9F32
uid [ultimate] Client Client@client.com
sub rsa2048 2019-05-07 [E]

pub dsa1024 2004-01-15 [SC]
5C23C7F723E
uid [ unknown] Partner (Integrations) partner@partner.com
sub elg2048 2004-01-15 [ER]

E:>gpg --homedir E:\Client --list-secret-keys
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from ‘E:\Client\secring.gpg’ to gpg-agent
gpg: key 718CF1A9F32: secret key imported
gpg: migration succeeded
E:\Client\pubring.gpg

sec rsa2048 2019-05-07 [SC]
718CF1A9F32
uid [ultimate] Client Client@client.com
ssb rsa2048 2019-05-07 [E]

From PGPEncrypt.bat, I run the below command, and it creates encrypted a file in the directory,

PGPEncrypt.bat files contains,
cd "e:"
cd gnupg
gpg --recipient 5C23C7F723E --keyring E:\Client\pubring.gpg --armor --always-trust --output E:\eai\partner\waiting\SAPNEW.DAT --encrypt e:\eai\partner\Waiting\SAP.DAT
exit

The same .bat file executes in the web methods java service, and it returns the error like,

gpg: 5C23C7F723E: skipped: No public key
gpg: E:\eai\partner\waiting\SAPNEW.DAT: encryption failed: No public key

webMethods java service is below,


package Default.Main;

import com.wm.data.;
import com.wm.util.Values;
import com.wm.app.b2b.server.Service;
import com.wm.app.b2b.server.ServiceException;
import java.io.;
import java.util.*;

public final class executeShellCommand_SVC

{

/** 
 * The primary method for the Java service
 *
 * @param pipeline
 *            The IData pipeline
 * @throws ServiceException
 */
public static final void executeShellCommand(IData pipeline) throws ServiceException {
	//Input Cursor 
	IDataHashCursor pipelineCursor = pipeline.getHashCursor();  
	
	//Declare Input and Output Variables 
	//String [] executionParams = null; 
	String executionParams = null; 
	String stdout = " ", exitValue = " ", stderr = " "; 
	Object executionException = new Object(); 
	
	if ( pipelineCursor.first ( "executionParams" ) ) 
	{ 
	// executionParams = (String[])pipelineCursor.getValue(); 
	executionParams = (String)pipelineCursor.getValue(); 
	} 
	
	//Try to execute the shell command 
	
	try 
	{ 
	Process p; 
	
	//Execute the command 
	p = Runtime.getRuntime().exec(executionParams); 
	
	//Get the stdout and error streams of the process object 
	//Note: The input stream obtains data piped from the standard output stream 
	//of the process it represents. 
	InputStream inputStream = p.getInputStream(); 
	InputStream errorStream = p.getErrorStream(); 
	
	//Get stderr 
	BufferedReader errbfr = new BufferedReader( new InputStreamReader ( errorStream ) ); 
	StringBuffer errstrbfr = new StringBuffer(); 
	int b; 
	
	while ( ( b = (int) errbfr.read()) != -1 ) 
	{ 
	char c = (char) b; 
	errstrbfr.append(c); 
	} 
	
	stderr = errstrbfr.toString(); 
	
	//Get stdout 
	BufferedReader outbfr = new BufferedReader ( new InputStreamReader (inputStream) ); 
	StringBuffer outstrbfr = new StringBuffer(); 
	int d; 
	
	while ( (d = (int) outbfr.read()) != -1) 
	{ 
	char e = (char) d; 
	outstrbfr.append(e); 
	} 
	
	stdout = outstrbfr.toString(); 
	
	p.waitFor(); 
	
	//Get exitValue 
	int exitvalue = p.exitValue(); 
	exitValue = Integer.toString(exitvalue); 
	
	p.destroy();
	} 
	catch (Exception e) 
	{ 
	exitValue = "-1"; 
	IDataHashCursor pipelineCursor_1 = pipeline.getHashCursor(); 
	pipelineCursor_1.last(); 
	pipelineCursor_1.insertAfter( "executionException", e); 
	pipelineCursor_1.destroy(); 
	} 
	
	IDataHashCursor pipelineCursor_1 = pipeline.getHashCursor(); 
	pipelineCursor_1.last(); 
	pipelineCursor_1.insertAfter ( "stdout", stdout ); 
	pipelineCursor_1.insertAfter ( "stderr", stderr ); 
	pipelineCursor_1.insertAfter ( "exitValue", exitValue ); 
	pipelineCursor_1.destroy(); 
		
}

// --- <<IS-BEGIN-SHARED-SOURCE-AREA>> ---



// --- <<IS-END-SHARED-SOURCE-AREA>> ---

/**
 * The service implementations given below are read-only and show only the
 * method definitions and not the complete implementation.
 */
public static final void testJavaService(IData pipeline) throws ServiceException {
}

final static executeShellCommand_SVC _instance = new executeShellCommand_SVC();

static executeShellCommand_SVC _newInstance() { return new executeShellCommand_SVC(); }

static executeShellCommand_SVC _cast(Object o) { return (executeShellCommand_SVC)o; }

}

8

In the command-line you shared it has the --homedir option specified. The batch file does not. Use the --homedir. option instead of the --keyring option in the batch file.

9

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.