1
I have a vendor encrypting an xlsx file using McAfee E-Business server with PGP version 7.1.1 using the following command:
pgp --encrypt --sign --user ${vendorpgpkey} --passphrase InputFilename --force --overwrite --output OutputFilename
I am trying to decrypt the file using the following command.
gpg -d --output "${PGPDecryptedFileName}" "${PGPEncryptedFileName}"
This process works when the vendor is sending me .txt, .csv, or .pdf files. However, if they try to encrypt and send me a .xlsx file, the file is getting corrupted when decrypted.
The vendor is sending the file to me via SFTP using binary transfer.
I can encrypt the file on my local laptop and decrypt it without any issues so I'm assuming it's something related to how the vendor is handling encryption. I also checked Symantec help and couldn't find any leads.
Any help identifying the issue or pointing out additional debugging steps would be appreciated.
I've always had rather good success using the following syntax for PGP file-level encryption
pgp -e "<sourcedir>\<Filename>" -r <key> --output "<Outputdir>" --temp-dir "%temp%" --verbose --debug >> %tmplogfile% 2<&1
& then I can review the log file later if there are issues to see if there were any errors, etc. if someone screams; although, I'd likely get an email about a "known" error from the job before someone screamed with the way I setup these jobs. You might as them to send you their PGP log or turn on verbose and review. Can you add what error you get exactly when you have the issue? – Pimp Juice IT – 2016-08-25T20:36:15.550On the decryption side with PGP I use this syntax
pgp --decrypt "<sourcedir>\<filename>" -o "<outputdir>" --passphrase <passphrase> --temp-dir "%temp%" --verbose --debug >> %tmplogfile% 2<&1
... you might confirm that you don't need a passphrase with the GPG commands in case that's what is going on and when you encrypt and decrypt with your own keys there may be something implicit that makes that work versus an external entity encrypting with your public key. The SFTP using BINARY should be be a problem either change to ASCII mode to easily test otherwise though. – Pimp Juice IT – 2016-08-25T20:40:30.640Sorry for all the darn comments but I just though of something else... Ask them to send you an XLSX file via the SFTP connection and without the file-level encryption to see what results you get. Since the FTP is encrypted via SSH, the file contents will be well protected and you can be watching in the mailbox to move the file right away if data-at-rest security once on the FTP server is a concern for them... Just thinking of simple ways I'd troubleshoot this sort of issue. – Pimp Juice IT – 2016-08-25T20:43:15.627
This sounds like PGP's text mode might be in effect... Is there a --no-text option in
pgp
or such? – user1686 – 2016-08-25T20:59:22.610Thanks @PIMP_JUICE_IT. I'm asking for a copy of an unencrypted file now to see if I can notice the issue. Will try your verbose logging as well. – user1193339 – 2016-08-25T21:00:05.350