[

Cryptography - Decrypt

Declaration

<AMCRYPTOGRAPHY ACTIVITY="decrypt" SUBFOLDERS="yes/no" KEEPFOLDERSTRUCT="yes/no" OVERWRITE="yes/no" ISNEWER="yes/no" ONLYIFEXIST="yes/no" OVERWRITEREADONLY="yes/no" OVERWRITEHIDDEN="yes/no" ARCHIVETURNOFF="yes/no" MATCHCASE="yes/no" EXCLUDE="text" RE="yes/no" INPUTFILE="text" OUTPUTFILE="text" RESULTDATASET="text" PASSPHRASE="text (encrypted)" USEOLDPACKETS="YES/NO" TAR="YES/NO" REMOVEEXTENSION="text" />

Related Topics    

Description

Decrypts one or more previously encrypted files. Supports decrypting any cipher file provided the file was encrypted using one of the supported types and algorithms (not limited to files encrypted by Automate). Also, supports both symmetric (passphrase) and asymmetric (public/private key) modes. If PGP is installed, this activity can optionally use the PGP engine for both passphrase and public/private key decryption as well as support for a wide variety of encryption algorithms.

NOTE: Automate comes bundled with the OpenPGP engine which is based on PGP as originally developed. OpenPGP is installed on the system during Automate installation.

Practical Usage

Typically used to decrypt files encrypted by the Encrypt activity.

Parameters

General

Property

Type

Required

Default

Markup

Description

Source

Text

Yes

(Empty)

  1. INPUTFILE="c:\source\file.txt"

  2. INPUTFILE="c:\source\*.txt"

 The path and file name of the files to decrypt. This can be a fully qualified path and file name (preferred) or a single file (requires use of the File System - Change folder activity). Wildcard characters (for example, * or ?) may be used to specify all files matching a certain mask. Multiple files and/or file masks can be specified by separating each entry with a pipe character (|) (for example, c:\temp\*.txt|c:\backup\*.bak). See File Masks & Wildcards for more details.
NOTE: Files with invalid paths are ignored at runtime.

Destination

Text

Yes

User

  1. OUTPUTFILE="c:\destfile.txt"

  2. OUTPUTFILE="c:\dest\

The destination folder and (optional) file name to place the newly decrypted files. Folders that do not exist will be automatically created at runtime.

Create and populate decrypt dataset

Text

No

(Empty)

RESULTDATASET="theResult"

The name of the dataset to create and populate with results of this activity. More details regarding individual dataset names and return values can be found below under Datasets.

Decrypt

Property

Type

Required

Default

Markup

Description

Encryption type

Text (options)

Yes

Passphrase

  1. ENCRYPTTYPE="openpgppassphrase"

  2. ENCRYPTTYPE="openpgpkey"

  3. ENCRYPTTYPE="pgppassphrase"

  4. ENCRYPTTYPE="openpgpkey"

  5. ENCRYPTTYPE="passphrase"

  6. ENCRYPTTYPE="key"

The type of encryption used to initially encrypt the files in which to decrypt. Subsequent parameters vary depending on which decryption type is selected. The available options are:

  • OpenPGP passphrase (default) - A valid OpenPGP passphrase must be entered to decrypt.

  • OpenPGP public key - A valid OpenPGP public key must be entered to decrypt.

  • PGP passphrase - A valid PGP passphrase must be entered to decrypt.

  • PGP public key - A valid PGP public/private key pair must be used to decrypt.

  • Passphrase - A valid passphrase must be entered to decrypt.

  • Public key -A valid public key must be entered to decrypt.

Symmetric algorithm

Text (options)

Yes if Encryption type set to Passphrase

Rijndael

  1. ENCRYPTALGO="rijndael"

  2. ENCRYPTALGO="des"

  3. ENCRYPTALGO="rc2"

  4. ENCRYPTALGO="tripledes"

The encryption algorithm that was used to initially encrypt the files. This parameter is available only if the Encryption type parameter is set to Passphrase. The available options are:

  • Rijndael (Default)

  • DES

  • RC2

  • TripleDES

Public

Text

Yes if Encryption type set to OpenPGP public key or PGP public key

(Empty)

PUBKEYRINGPATH=

"c:\foldername\file.pkr"

The path and file name of the PGP or OpenPGP public keyring (.pkr) file. This parameter is available only if the Encryptiontype parameter is set to OpenPGP public key or PGP public key.

Secret

Text

Yes if Encryption type set to OpenPGP public key or PGP public key

(Empty)

SECKEYRINGPATH=

"c:\foldername\file.skr"

The path and file name of the PGP or OpenPGP secret keyring (.skr) file. This parameter is available only if the Encryptiontype parameter is set to OpenPGP public key or PGP public key.

Key email

Text

Yes if Encryption type set to PGP public key

(Empty)

EMAIL="john@netauto.com

The email address used to identify the PGP public key. This parameter is available only if the Encryption type parameter is set to PGP public key.

Decrypt using

Text (options)

Yes if Encryption type set to Public key

Key Container

  1. DECRYPTUSING="keycontainer"

  2. DECRYPTUSING="keyfile"

Indicates the procedure to be used to authenticate and decrypt the specified files. Parameters vary depending on the option selected. Available only if the Encryption type parameter is set to Public key. The available options are:

  • Key Container -  Specifies that a key container will be used to decrypt the files.

  • Key File -  Specifies that a private key file will be used to decrypt the files. Click the Folder icon to navigate to the appropriate private key (.pri) file or simply enter the full path and file name of the private key file in the provided text-box.

Key container name

Yes/No

Yes if Decrypt using set to Key container

(Empty)

KEYCONTAINERNAME=

"Microsoft Enhanced Cryptographic Provider v1.0"

The name of the key container to be used. Press the down arrow to display a drop-down list of cryptographic provider names to select from. This parameter is available only if the Encryption type parameter is set to Public key and the Decrypt using parameter is set to Key container name.

Key container level

Text Options

Yes if Decrypt using set to Key container

User

  1. KEYCONTAINERLEVEL="user"

  2. KEYCONTAINERLEVEL="machine"

Specifies whether the new key container should be set to User-Level or Machine-Level. Microsoft Windows makes Machine-Level key containers available to all users, whereas a User-Level key container is available only to the user that created (or imported) the key container. The available options are:

  • User (Default) - User-level key container

  • Machine - Machine-level key container

This parameter is available only if the Encryption type parameter is set to Public key and the Decrypt using parameter is set to Key container name.

Passphrase

Text

Yes if Encryption type set to OpenPGP passphrase, PGP passphrase, PGP public key or Passphrase

(Empty)

PASSWORD="encrypted"

The passphrase required to validate and decrypt the selected files. A passphrase is similar to a password but typically longer for added security. This parameter is available only if the Encryption type parameter is set to OpenPGP passphrase, PGP passphrase, PGP public key or Passphrase.

Destination

Text (Options)

Yes

User

  1. OUTPUTFILE="c:\destfile.txt"

  2. OUTPUTFILE="c:\dest\

Specifies whether the new key container should be set to User-Level or Machine-Level. Microsoft Windows makes Machine-Level key containers available to all users, whereas a User-Level key container is available only to the user that created (or imported) the key container. The available options are:

  • User (Default)

  • Machine

More details regarding Machine-Level and User-Level key containers can be found below under Comparing Machine-Level and User-Level RSA Key Containers.

Public keyring files

Text

Yes

(Empty)

PUBKEYRINGPATH=

"c:\foldername\file.pkr"

Specifies the path and file name of the PGP, OpenPGP or GnuPG Public Keyring file. Entering a valid Public Keyring file along with a matching Secret Keyring file will populate the PGP tab with the appropriate signature information. This parameter is active only if the Type parameter located in the General tab is set to PGP Public/Private Key or OpenPGP Public/Private Key.

NOTE: Automate comes equipped with the OpenPGP engine which is installed on the system during Automate installation.    

Secret keyring files

Text

Yes

(Empty)

SECKEYRINGPATH=

"c:\foldername\file.skr"

Specifies the path and file name of the PGP, OpenPGP or GnuPG secret keyring file. Entering a valid Public Keyring file along with a matching Secret Keyring file will populate the PGP tab with the appropriate signature information. This parameter is active only if the Type parameter located in the General tab is set to OpenPGP Public/Private Key.

NOTE: Automate comes equipped with the OpenPGP engine which is installed on the system during Automate installation.    

Key Email Address

Text

Yes if PGP public/private key decryption is selected

(Empty)

EMAIL="john@netauto.com

Specifies the email address used to identify the PGP public/private keys. This parameter is available only if the Type parameter is set to PGP Public/Private Key.

Secret Key Pass Phrase/Verify Pass Phrase

Text

Yes if PGP public/private key decryption is selected

(Empty)

PASSWORD="g9tc745yuig3j9t"

Specifies the PGP secret key pass phrase needed to validate and decrypt the selected files. This parameter is available only if the Type parameter is set to PGP Public/Private Key.

Advanced

Property

Type

Required

Default

Markup

Description

Use new features (PGP > 6.5.x)

Yes/No

No

Yes

USENEWFEATURES="NO"

If selected (default), newer PGP features introduced in 6.5.x will be supported.

Use old packets (PGP 2.3.x, 6.5.x)

Yes/No

No

Yes

USEOLDPACKETS="YES"

If selected, older PGP encryption algorithm will be supported. Disabled by default.

Extract TAR archive

Yes/No

No

Yes

TAR="YES"

If selected, TAR archives will be extracted. Disabled by default.

Remove extension (i.e. .enc)

Text

No

(Empty)

REMOVEEXTENSION=".enc"

The extension to remove (if any).

File Options

Property

Type

Required

Default

Markup

Description

Include subfolders

Yes/No

No

No

SUBFOLDERS="YES"

If selected, specifies that, if present, subfolders should be searched for files matching the mask specified in the Source parameter. The default value is disabled.

Preserve folder structure

Yes/No

No

Yes

KEEPFOLDERSTRUCT="NO"

If selected, specifies that subfolders found in the source folder should be created in the destination folder, and source files should be decrypted into their respective folders rather than directly into the root of the folder specified in the Destination parameter. Valid only if the Include subfolders parameter is selected.

Overwrite if exists

Yes/No

No

No

OVERWRITE="YES"

If selected, specifies that, if destination files already exist, they should be overwritten. The default value is disabled.

Only if newer

Yes/No

No

No

ISNEWERTHAN="YES"

If selected, indicates that only files that are newer than those in the destination folder will overwrite existing files. Valid only if the Overwrite if Exists parameter is selected.

Only if exists in destination

Yes/No

No

No

ONLYIFEXIST="YES"

If selected, specifies that only files that already exist in the destination will be decrypted from the source. All other files, regardless of whether they match the mask or other parameter settings will be bypassed. Valid only if the Overwrite if Exists parameter is selected.

Overwrite read-only files

Yes/No

No

No

OVERWRITEREADONLY="YES"

If selected, indicates that already existing files should be overwritten even if the file in the destination is marked with the "read-only" attribute. By default, read only files are not overwritten. Valid only if the Overwrite if Exists parameter is selected.

Overwrite hidden files

Yes/No

No

No

OVERWRITEHIDDEN="YES"

If selected, specifies that already existing files should be overwritten even if the file in the destination is marked with the "hidden" attribute. By default, hidden files are not overwritten. Valid only if the Overwrite if Exists parameter is selected.

Turn archive attribute off

Yes/No

No

No

ARCHIVETURNOFF="YES"

If selected, the archive attribute of the source file is switched OFF. The Windows archive attribute is generally used to track whether a file has been backed up. By turning the source file's archive attribute off, this indicates to many backup programs that the file has already been backed up. This parameter is disabled by default.

Exclude mask

Text

No

(Empty)

EXCLUDE="*.txt"

Causes this action to omit decrypting files matching the masks specified. Filenames or wildcard masks may be used. Multiple entries may be specified by separating them with a pipe symbol (|). For example: *.txt|*.bak.

Regular expression

Yes/No

No

No

RE="YES"

If selected, specifies that a regular expression is used in the Exclude Mask field.

Only if newer than

Date

No

(Empty)

ISNEWERTHAN=

"%DateSerial(2007,10,12) + TimeSerial(00,00,00)%"

Causes this action to only decrypt files if the source is newer than the date/time specified. If this parameter is left blank or not included, the date of the files will be ignored (excluding Only if newer parameter).

Only if older than

Date

No

(Empty)

ISOLDERTHAN=

"%DateSerial(2007,10,12) + TimeSerial(00,00,00)%"

Causes this action to only decrypt files if the source is older than the date/time specified. If this parameter is left blank or not included, the date of the files will be ignored (excluding Only if newer parameter).

File Attributes

Property

Type

Required

Default

Markup

Description

Attributes

Text Options

No

(Empty)

ATTRFILTER="+R+A-H" (decrypt read-only & archive files but not hidden files)

This group of settings causes the action to filter which files are decrypted based on the attribute settings of the source files. In visual mode, a group of controls are provided to assist in the selection of this parameter. In markup mode, a single text item must be specified that contains the attributes of the files you wish to decrypt. Available options are:

  • R—Read-only: Specifying "+R" causes files with this attribute turned on to be included, "-R" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.

  • A—Archive: Specifying "+A" causes files with this attribute turned on to be included, "-A" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.

  • S—System: Specifying "+S" causes files with this attribute turned on to be included, "-S" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.

  • H—Hidden: Specifying "+R" causes files with this attribute turned on to be included, "-H" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.

  • C—Compression: Specifying "+C" causes files with this attribute turned on to be included, "-C" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.

Description

Error Causes

On Error

Additional Notes

Comparing Machine-Level and User-Level RSA Key Containers

User-level RSA key containers are stored with the Windows user profile for a particular user and can be used to encrypt and decrypt information for applications that run under that specific user identity. User-level RSA key containers can be useful if you want to ensure that the RSA key information is removed when the Windows user profile is removed. However, because you must be logged in with the specific user account that makes use of the user-level RSA key container in order to encrypt or decrypt protected configuration sections, they are inconvenient to use.

Machine-level RSA key containers are available to all users that can log in to a computer, by default, and are the most useful as you can use them to encrypt or decrypt protected configuration sections while logged in with an administrator account. A machine-level RSA key container can be used to protect information for a single application, all the applications on a server, or a group of applications on a server that run under the same user identity. Although machine-level RSA key containers are available to all users, they can be secured with NTFS Access Control Lists (ACLs) so that only required users can access them.

Examples

NOTE:
  • The sample AML code below can be copied and pasted directly into the Steps Panel of the Task Builder.
  • Parameters containing user credentials, files, file paths, and/or other information specific to the task must be customized before the sample code can run successfully.

Example 1

Passphrase Decryption.

Copy 
<AMCRYPTOGRAPHY ACTIVITY="decrypt" SUBFOLDERS="YES" KEEPFOLDERSTRUCT="YES" OVERWRITE="YES" EXCLUDE="*pri" ISNEWERTHAN="%DateSerial(2019,12,05)+TimeSerial(13,24,14)%" INPUTFILE="C:\Test\encr*.doc" OUTPUTFILE="C:\Test\decr*.doc" ENCRYPTTYPE="passphrase" SYMMETRICALGO="des" PASSPHRASE="AM57P/Dw4XEdfdstIhZVXkiCY9mFpve9KFLZMwaKZU4ILs=aME" />

Example 2

Public/Private Key Decryption.

Copy 
<AMCRYPTOGRAPHY ACTIVITY="decrypt" SUBFOLDERS="YES" KEEPFOLDERSTRUCT="YES" OVERWRITE="YES" EXCLUDE="*pri" ISNEWERTHAN="%DateSerial(2019,12,05)+TimeSerial(13,24,14)%" INPUTFILE="C:\Test\encr*.doc" OUTPUTFILE="C:\Test\decr*.doc" ENCRYPTTYPE="key" KEYCONTAINERNAME="Microsoft Enhanced Cryptographic Provider v1.0" />