Cryptography - Decrypt

Declaration

<AMCRYPTOGRAPHY ACTIVITY="decrypt" SUBFOLDERS="yes/no" KEEPFOLDERSTRUCT="yes/no" OVERWRITE="yes/no" ISNEWER="yes/no" ONLYIFEXIST="yes/no" OVERWRITEREADONLY="yes/no" OVERWRITEHIDDEN="yes/no" ARCHIVETURNOFF="yes/no" MATCHCASE="yes/no" EXCLUDE="text" RE="yes/no" INPUTFILE="text" OUTPUTFILE="text" RESULTDATASET="text" PASSPHRASE="text (encrypted)" USEOLDPACKETS="YES/NO" TAR="YES/NO" REMOVEEXTENSION="text" />

Overview

Decrypts one or more previously encrypted files. Supports decrypting any cipher file if the file is encrypted using one of the supported types and algorithms (not limited to files encrypted by Automate Desktop). Also, supports both symmetric (passphrase) and asymmetric (public/private key) modes. If PGP is installed, this activity can use the PGP engine for both passphrase and public/private key decryption as well as support for a wide variety of encryption algorithms.

NOTE: Automate Desktop includes the OpenPGP engine, which is based on PGP as originally developed. OpenPGP is installed on the system during Automate Desktop installation.

Practical usage

Typically used to decrypt files encrypted by the Cryptography - Encrypt activity.

Parameters

General

Property	Type	Required	Default	Markup	Description
Source	Text	Yes	(Empty)	INPUTFILE="c:\source\file.txt" INPUTFILE="c:\source\*.txt"	The path and file name of the files to decrypt. This can be a fully qualified path and file name (preferred) or a single file (requires use of the File System - Change folder activity). You can use wildcard characters (for example, * or ?) to specify all files matching a certain mask. You can specify multiple files and file masks by separating each entry with a pipe (\|). For example, c:\temp\.txt\|c:\backup\.bak. See File Masks & Wildcards for more information. NOTE: Files with invalid paths are ignored at runtime.
Destination	Text	Yes	User	OUTPUTFILE="c:\destfile.txt" OUTPUTFILE="c:\dest\	The destination folder and (optional) file name to place the newly decrypted files. Folders that do not exist are automatically created at runtime.
Create and populate decrypt dataset	Text	No	(Empty)	RESULTDATASET="theResult"	The name of the dataset to create and populate with results of this activity. See Datasets for more information.

Decrypt

Property	Type	Required	Default	Markup	Description
Encryption type	Text (options)	Yes	Passphrase	ENCRYPTTYPE="openpgppassphrase" ENCRYPTTYPE="openpgpkey" ENCRYPTTYPE="pgppassphrase" ENCRYPTTYPE="openpgpkey" ENCRYPTTYPE="passphrase" ENCRYPTTYPE="key"	Specifies the type of encryption to use to initially encrypt the files in which to decrypt. The available options are: OpenPGP passphrase (Default) - A valid OpenPGP passphrase must be entered to decrypt. OpenPGP public key - A valid OpenPGP private key must be entered to decrypt. PGP passphrase - A valid PGP passphrase must be entered to decrypt. PGP public key - A valid PGP private key pair must be used to decrypt. Passphrase - A valid passphrase must be entered to decrypt. Public key -A valid private key must be entered to decrypt.
Passphrase	Text	Yes, if Encryption type set to OpenPGP passphrase, PGP passphrase, PGP public key or Passphrase	(Empty)	PASSPHRASE="encrypted"	The passphrase required to validate and decrypt the selected files. A passphrase is similar to a password but typically longer for added security. This parameter is available only if the Encryption type parameter is set to OpenPGP passphrase, PGP passphrase, PGP public key, or Passphrase.
Keyring file(s) - Public	Text	Yes, if Encryption type set to OpenPGP public key or PGP public key	(Empty)	PUBKEYRINGPATH="c:\foldername\file.pkr"	The path and file name of the PGP or OpenPGP public keyring (.pkr) file. This parameter is available only if the Encryption type parameter is set to OpenPGP public key or PGP public key. NOTE: Automate Desktop comes equipped with the OpenPGP engine which is installed on the system during Automate Desktop installation.
Keyring file(s) - Secret	Text	Yes, if Encryption type set to OpenPGP public key or PGP public key	(Empty)	SECKEYRINGPATH="c:\foldername\file.skr"	The path and file name of the PGP or OpenPGP secret keyring (.skr) file. This parameter is available only if the Encryption type parameter is set to OpenPGP public key or PGP public key. NOTE: Automate Desktop comes equipped with the OpenPGP engine which is installed on the system during Automate Desktop installation.
Recipient(s) - Email or Name	Text	No	(Empty)	KEYID="John@netauto.com"	Specifies the OpenPGP key ID (normally an email address or name) used to decrypt the files. If more than one email/name is entered (along with the associated password), during runtime, this activity reads through the list and selects the appropriate one. Select Select recipients to open a standard explorer page and navigate to the desired recipients.
Recipient(s) - Password	Text	No	(Empty)	PASSWORD="password"	Specifies the password related to the Email or Name field. NOTE: The User section is populated with the user information associated with the Public Keyring File and Secret Keyring File is the Key Options tab. This allows you to select users during design time. The User section is only helpful during design if referencing an available keyring.
Key email	Text	Yes, if Encryption type set to PGP public key	(Empty)	EMAIL="john@netauto.com	The email address used to identify the PGP public key. This parameter is available only if the Encryption type parameter is set to PGP public key.
Symmetric algorithm	Text (options)	Yes, if Encryption type set to Passphrase	Rijndael	ENCRYPTALGO="rijndael" ENCRYPTALGO="des" ENCRYPTALGO="rc2" ENCRYPTALGO="tripledes"	The encryption algorithm used to initially encrypt the files. This parameter is available only if the Encryption type parameter is set to Passphrase. The available options are: Rijndael (Default) DES RC2 TripleDES
Decrypt using	Text (options)	Yes, if Encryption type set to Public key	Key Container	DECRYPTUSING="keycontainer" DECRYPTUSING="keyfile"	Indicates the procedure used to authenticate and decrypt the specified files. Parameters vary, depending on the selected option. Available only if the Encryption type parameter is set to Public key. The available options are: Key Container - Specifies that a key container is used to decrypt the files. Key File - Specifies that a private key file is used to decrypt the files. Click the Folder icon to navigate to the appropriate private key (.pri) file or enter the full path and file name of the private key file in the provided text box.
Key container name	Yes/No	Yes, if Decrypt using set to Key container	(Empty)	KEYCONTAINERNAME="Microsoft Enhanced Cryptographic Provider v1.0"	The name of the key container to use. Press the down arrow to display a drop-down list of cryptographic provider names to select from. This parameter is available only if the Encryption type parameter is set to Public key and the Decrypt using parameter is set to Key container name.
Key container level	Text Options	Yes, if Decrypt using set to Key container	User	KEYCONTAINERLEVEL="user" KEYCONTAINERLEVEL="machine"	Specifies if the new key container is set to User-Level or Machine-Level. Microsoft Windows creates Machine-Level key containers that are available to all users, whereas a User-Level key container is available only to the user that created (or imported) the key container. The available options are: User (Default) - User-level key container. Machine - Machine-level key container. This parameter is available only if the Encryption type parameter is set to Public key and the Decrypt using parameter is set to Key container name.
Private key file	Text	Yes	(Empty)	PRIKEYFILE="c:\privatefile.pri"	The path and file name of the private key used to decrypt files.

Advanced

Property	Type	Required	Default	Markup	Description
Use new features (PGP > 6.5.x)	Yes/No	No	Yes	USENEWFEATURES="NO"	If selected (default), newer PGP features introduced in 6.5.x are supported.
Use old packets (PGP 2.3.x, 6.5.x)	Yes/No	No	Yes	USEOLDPACKETS="YES"	If selected, older PGP encryption algorithm is supported. Disabled by default.
Extract TAR archive	Yes/No	No	Yes	TAR="YES"	If selected, TAR archives are extracted. Disabled by default.
Remove extension (for example, enc)	Text	No	(Empty)	REMOVEEXTENSION=".enc"	The extension to remove (if any).

File Options

Property	Type	Required	Default	Markup	Description
Exclude mask	Text	No	(Empty)	EXCLUDE="*.txt"	Omits decrypting files matching the specified masks. You can use filenames or wildcard masks. You can specify multiple entries by separating them with a pipe (\|). For example, .txt\|.bak.
Regular expression	Yes/No	No	No	RE="YES"	If selected, specifies that a regular expression is used in the Exclude Mask field.
Only if newer than	Date	No	(Empty)	ISNEWERTHAN="%DateSerial(2007,10,12) + TimeSerial(00,00,00)%"	Only decrypts files if the source is newer than the specified date/time. If this parameter is left blank or not included, the date of the files is ignored (excluding Only if newer parameter).
Only if older than	Date	No	(Empty)	ISOLDERTHAN="%DateSerial(2007,10,12) + TimeSerial(00,00,00)%"	Only decrypts files if the source is older than the specified date/time. If this parameter is left blank or not included, the date of the files is ignored (excluding the Only if newer parameter).
Overwrite if exists	Yes/No	No	No	OVERWRITE="YES"	If selected, specifies that, if destination files already exist, they are overwritten. The default value is disabled.
Only if newer	Yes/No	No	No	ISNEWERTHAN="YES"	If selected, indicates that only files that are newer than those in the destination folder overwrite existing files. Valid only if the Overwrite if Exists parameter is selected.
Only if exists in destination	Yes/No	No	No	ONLYIFEXIST="YES"	If selected, specifies that only files that already exist in the destination are decrypted from the source. All other files, regardless of whether they match the mask or other parameter settings, are bypassed. Valid only if the Overwrite if Exists parameter is selected.
Overwrite read-only files	Yes/No	No	No	OVERWRITEREADONLY="YES"	If selected, indicates that already existing files are overwritten even if the file in the destination is marked with the read-only attribute. By default, read-only files are not overwritten. Valid only if the Overwrite if Exists parameter is selected.
Overwrite hidden files	Yes/No	No	No	OVERWRITEHIDDEN="YES"	If selected, specifies that already existing files are overwritten even if the file in the destination is marked with the hidden attribute. By default, hidden files are not overwritten. Valid only if the Overwrite if Exists parameter is selected.
Include subfolders	Yes/No	No	No	SUBFOLDERS="YES"	If selected, specifies that, if present, subfolders are searched for files matching the mask specified in the Source parameter. The default value is disabled.
Preserve folder structure	Yes/No	No	Yes	KEEPFOLDERSTRUCT="NO"	If selected, specifies that subfolders found in the source folder are created in the destination folder, and source files are decrypted into their respective folders rather than directly into the root of the folder specified in the Destination parameter. Valid only if the Include subfolders parameter is selected.
Turn archive attribute off	Yes/No	No	No	ARCHIVETURNOFF="YES"	If selected, the archive attribute of the source file is OFF. The Windows archive attribute is generally used to track whether a file is backed up. By disabling the source file archive attribute, this indicates to many backup programs that the file is already backed up. This parameter is disabled by default.
Match case	Yes/No	No	No	MATCHCASE="YES"	If selected, the properties set within this activity are case sensitive in relation to the file. This parameter is disabled by deafult.

File Attributes

Property	Type	Required	Default	Markup	Description
Attributes	Text Options	No	(Empty)	ATTRFILTER="+R+A-H" (decrypt read-only & archive files but not hidden files)	This group of settings causes the action to filter the files that are decrypted based on the attribute settings of the source files. In visual mode, a group of controls are provided to assist in the selection of this parameter. In markup mode, a single text item must be specified that contains the attributes of the files you want to decrypt. Available options are: R—Read-only - Specifying +R causes files with this attribute turned on to be included, -R causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored. A—Archive - Specifying +A causes files with this attribute turned on to be included, -A causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored. S—System - Specifying +S causes files with this attribute turned on to be included, -S causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored. H—Hidden - Specifying +H causes files with this attribute turned on to be included, -H causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored. C—Compression - Specifying +C causes files with this attribute turned on to be included, -C causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.

Description

Error Causes

On Error

Additional notes

Comparing machine-level and user-level RSA key containers

User-level RSA key containers are stored with the Windows user profile and can be used to encrypt and decrypt information for applications that run under that specific user identity. User-level RSA key containers can be useful if you want to ensure that the RSA key information is removed when the Windows user profile is removed. However, because you must be logged in with the specific user account that uses the user-level RSA key container to encrypt or decrypt protected configuration sections, they are inconvenient to use.

Machine-level RSA key containers are available to all users that can log in to a computer, by default, and are the most useful as you can use them to encrypt or decrypt protected configuration sections while logged in with an administrator account. A machine-level RSA key container can be used to protect information for a single application, all the applications on a server, or a group of applications on a server that run under the same user identity. Although machine-level RSA key containers are available to all users, they can be secured with NTFS Access Control Lists (ACLs) so that only required users can access them.

Datasets

A dataset is a multiple column, multiple row container object where every column represents a particular variable, and each row corresponds to a given member of the dataset in question. This activity creates and populates a dataset containing specific fields (rows) in addition to the standard dataset fields. The table below describes these fields (assuming the dataset name assigned is theDataset).

Name	Type	Return value
theDataset.Cached	True/False	Returns TRUE if files are cached; otherwise, returns FALSE.
theDataset.ColumnNames	Text	A comma-delimited list of the column names in the dataset.
theDataset.CurrentRow	Number	The current row that is accessed in the dataset by an expression that does not contain a specific row index.
theDataset.Datasource	Text	The datasource used for the SQL Query, if applicable.
theDataset.Destination	Text	The path and file name of the destination file.
theDataset.Error	Text	A textual description of the error that occurred (if any). If no errors occurred during the decryption step, this dataset remains empty.
theDataset.ExecutionDate	Date	The date and time the dataset is created and populated
theDataset.Recipient	Text	The name or email address of the recipient.
theDataset.Result	True/False	Returns TRUE if result of activity is a success; otherwise, returns FALSE.
theDataset.RowsAffected	Number	The number of rows affected by an update.
theDataset.Signature	Text	Contains the signature user information. The returned dataset signature may contain the following values: The name associated with the key. No Name - The dataset returns No Name if there are empty identifiers for the key (for example, name, email) in the specified keyring. Unknown Key -The dataset returns Unknown Key if the key has no identifier in the available keyring.
theDataset.Source	Text	The path and file name of the source folder and file.
theDataset.SQLQuery	Text	The SQL Query used to generate this dataset. If a SQL Query is not used, this value is empty.
theDataset.TotalColumns	Number	The total number of rows in the dataset.
theDataset.TotalRows	Number	The total number of rows in the dataset.
theDataset.Validity	Text	Contains the verification results of the signature. Returned verification results can contain the following values: Valid - Specifies that the key is valid. Invalid - Specifies that the key is invalid. Corrupted - Specifies that the key is corrupt. KeyNotFound - Specifies that no valid keys are found. This result can occur when a Key/Passphrase combination set does not match the one contained in the keyring. UnknownAlgorithm - Specifies an unknown or unsupported algorithm type.

Examples

NOTE:

Copy and paste the sample AML code below directly into the Task Builder Steps Panel.
To successfully run the sample code, update parameters containing user credentials, files, file paths, or other information specific to the task to match your environment.

Example 1

The following sample task decrypts a file using passphrase decryption:

Copy

1
<AMCRYPTOGRAPHY ACTIVITY="decrypt" SUBFOLDERS="YES" KEEPFOLDERSTRUCT="YES" OVERWRITE="YES" EXCLUDE="*pri" ISNEWERTHAN="%DateSerial(2019,12,05)+TimeSerial(13,24,14)%" INPUTFILE="C:\Test\encr*.doc" OUTPUTFILE="C:\Test\decr*.doc" ENCRYPTTYPE="passphrase" SYMMETRICALGO="des" PASSPHRASE="AM57P/Dw4XEdfdstIhZVXkiCY9mFpve9KFLZMwaKZU4ILs=aME" />

Example 2

The following sample task decrypts a file using public/private key decryption: