Decrypt Action

Decrypt

Decrypts one or more previously encrypted files. This action supports decrypting any cipherfile provided the file was encrypted using one of the supported types and algorithms (not limited to files encrypted by AWE). Also, supports both symmetric (passphrase) and asymmetric (public/private key) modes. If PGP is installed, this action can optionally use the PGP engine for both passphrase and public/private key decryption and support for a wide variety of encryption algorithms. Can be used to decrypt files encrypted by the Encrypt action or by an external encryption tool.

Declaration

Example 1 - Passphrase Decryption

Example 2 - Public/Private Key Decryption

AWE comes bundled with the OpenPGP engine which is based on PGP as originally developed. OpenPGP is installed on the system during installation.

General Tab

Property	Type	Required	Default	Markup	Description
Source	Text	Yes	(Empty)	a)INPUTFILE="c:\source\file.txt" b)INPUTFILE="c:\source\*.txt"	Indicates the path and filename of the file(s) to decrypt. Wildcard characters (i.e. * or ?) can be used to decrypt files matching a certain mask.
Destination	Text Options	Yes	User	a)OUTPUTFILE="c:\destfile.txt" b)OUTPUTFILE="c:\dest\	Specifies whether the new key container should be set to User-Level or Machine-Level. Microsoft Windows makes Machine-Level key containers available to all users, whereas a User-Level key container is available only to the user that created (or imported) the key container. The available options are: User (Default) Machine More details regarding Machine-Level and User-Level key containers can be found below under Comparing Machine-Level and User-Level RSA Key Containers.
Type	Text Options	Yes	Passphrase	ENCRYPTTYPE="key"	Specifies the type of encryption used to initially encrypt the file(s) to decrypt. Parameters vary depending on which decryption type is selected. The available options are: Passphrase (Default): A proper passphrase must be entered to decrypt. Public/Private key: A private key must be used to decrypt. PGP Passphrase: A proper PGP passphrase must be entered to decrypt. This option is available only if PGP is installed on the system. PGP Public/Private key: A PGP private key must be used to decrypt. This option is available only if PGP is installed on the system. OpenPGP Passphrase: A proper OpenPGP passphrase must be entered to decrypt. OpenPGP Public/Private Key: An OpenPGP private key must be used to decrypt.
Algorithm	Text	No	Rijndael	ENCRYPTALGO="DES"	Indicates the encryption algorithm that was used to initially encrypt the file(s) to decrypt. This parameter is active only if the Type parameter is set to Passphrase. The available Passphrase algorithms are: Rijndael (Default) DES RC2 TripleDES NOTE: If the Type parameter is set to PGP Passphrase or OpenPGP Passphrase, there is no need to manually select the encryption algorithm used. The built-in OpenPGP engine will automatically select the correct algorithm during runtime.
Passphrase /Confirm Passphrase	Text	Yes if decryption requires a passphrase	(Empty)	PASSWORD="g9tc745yuig3j9t"	Specifies the passphrase needed to decrypt the selected file(s). This parameter is available only if the Type parameter is set to Passphrase, PGP Passphrase or OpenPGP Passphrase.
Key E-mail Address	Text	Yes if PGP Public/Private Key decryption is selected	(Empty)	EMAIL="john@netauto.com	Specifies the e-mail address used to identify the PGP public/private keys. This parameter is available only if the Type parameter is set to PGP Public/Private Key.
Secret Key Pass Phrase /Verify Pass Phrase	Text	Yes if PGP Public/Private Key decryption is selected	(Empty)	PASSWORD="g9tc745yuig3j9t"	Specifies the PGP secret key pass phrase needed to validate and decrypt the selected file(s). This parameter is available only if the Type parameter is set to PGP Public/Private Key.

Options Tab

Property	Type	Required	Default	Markup	Description
Include Subfolders	Yes/No	No	No	SUBFOLDERS="YES"	If set to YES, specifies that, if present, subfolders should be searched for files matching the mask specified in the Source parameter. The default value is set to NO.
Preserve Folder Structure	Yes/No	No	Yes	KEEPFOLDERSTRUCT="NO"	If set to YES, specifies that subfolders found in the source folder should be created in the destination folder, and source files should be decrypted into their respective folders rather than directly into the root of the folder specified in the Destination parameter. Valid only if the Include subfolder parameter is set to YES.
Overwrite if Exists	Yes/No	No	No	OVERWRITE="YES"	If set to YES, specifies that, if destination files already exist, they should be overwritten. The default value is set to NO.
Only if Newer	Yes/No	No	No	ISNEWERTHAN="YES"	If set to YES, indicates that only files that are newer than those in the destination folder will overwrite existing files. Valid only if the Overwrite if Exists parameter is set to YES.
Only if Exists in Destination	Yes/No	No	No	ONLYIFEXIST="YES"	If set to YES, specifies that only files that already exist in the destination will be decrypted from the source. All other files, regardless of whether they match the mask or other parameter settings will be bypassed. Valid only if the Overwrite if Exists parameter is set to YES.
Overwrite Read-Only Files	Yes/No	No	No	OVERWRITEREADONLY="YES"	If set to YES, indicates that already existing files should be overwritten even if the file in the destination is marked with the "read-only" attribute. By default, read only files are not overwritten. Valid only if the Overwrite if Exists parameter is set to YES.
Overwrite Hidden Files	Yes/No	No	No	OVERWRITEHIDDEN="YES"	If set to YES, specifies that already existing files should be overwritten even if the file in the destination is marked with the "hidden" attribute. By default, hidden files are not overwritten. Valid only if the Overwrite if Exists parameter is set to YES.
Turn Archive Attribute Off	Yes/No	No	No	ARCHIVETURNOFF="YES"	If set to YES, denotes that the "archive" attribute of the source file should be switched OFF. The Windows "archive" attribute is generally used to track whether a file has been backed-up. By turning the source file's archive attribute off— this indicates to many backup programs that the file has already been backed-up.
Exclude Mask	Text	No	(Empty)	EXCLUDE="*.txt"	Causes this action to omit decrypting files matching the mask(s) specified. Filenames or wildcard masks may be used.
Regular Expression	Yes/No	No	No	RE="YES"	If set to YES, specifies that a regular expression is used in the Exclude Mask field.
Only if Newer Than	Date	No	(Empty)	ISNEWERTHAN= "%DateSerial(2007,10,12) + TimeSerial(00,00,00)%"	Causes this action to only decrypt files if the source is newer than the date/time specified. If this parameter is left blank or not included, the date of the file(s) will be ignored (excluding Only if newer parameter).
Only if Older Than	Date	No	(Empty)	ISOLDERTHAN= "%DateSerial(2007,10,12) + TimeSerial(00,00,00)%"	Causes this action to only decrypt files if the source is older than the date/time specified. If this parameter is left blank or not included, the date of the file(s) will be ignored (excluding Only if newer parameter).

Attributes Tab

Property

Type

Required

Default

Markup

Description

Attributes

Text Options

(Empty)

ATTRFILTER="+R+A-H" (decrypt read-only & archive files but not hidden files)

This group of settings causes the action to filter which files are decrypted based on the attribute settings of the source file(s). In visual mode, a group of controls are provided to assist in the selection of this parameter. In markup mode, a single text item must be specified that contains the attributes of the files you want to decrypt.

Available Options:

R— Read-only: Specifying "+R" causes files with this attribute turned on to be included, "-R" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.
A— Archive: Specifying "+A" causes files with this attribute turned on to be included, "-A" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.
S— System: Specifying "+S" causes files with this attribute turned on to be included, "-S" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.
H— Hidden: Specifying "+R" causes files with this attribute turned on to be included, "-H" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.
C— Compression: Specifying "+C" causes files with this attribute turned on to be included, "-C" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.

Key Options Tab

Property	Type	Required	Default	Markup	Description
Public Keyring File	Text	Yes	(Empty)	PUBKEYRINGPATH="c:\foldername\file.pkr"	Specifies the path and filename of the PGP, OpenPGP or GnuPG Public Keyring file. Entering a valid Public Keyring file along with a matching Secret Keyring file will populate the PGP tab with the appropriate signature information. This parameter is active only if the Type parameter located in the General tab is set to PGP Public/Private Key or OpenPGP Public/Private Key.
Secret Keyring File	Text	Yes	(Empty)	SECKEYRINGPATH="c:\foldername\file.skr"	Specifies the path and filename of the PGP, OpenPGP or GnuPG secret keyring file. Entering a valid Public Keyring file along with a matching Secret Keyring file will populate the PGP tab with the appropriate signature information. This parameter is active only if the Type parameter located in the General tab is set to OpenPGP Public/Private Key.
Decrypt using	Text Options	No	Key Container	DECRYPTUSING="KEYCONTAINER"	Indicates the procedure to be used to authenticate and decrypt the specified file(s). Parameters vary depending on the option selected. The available options are: Key Container: Specifies that a key container will be used to decrypt the file(s). Key File: Specifies that a private key file will be used to decrypt the file(s). Click the Folder icon to navigate to the appropriate private key (.pri) file or enter the full path and filename of the private key file in the provided text-box.
Key container name	Yes/No	No	(Empty)	KEYCONTAINERNAME= "Microsoft Enhanced Cryptographic Provider v1.0"	Specifies the name of the key container to be used. Clicking Select Key Container will open a Key Container browser allowing selection from a list of cryptographic provider names. This parameter is active only if the Decrypt using parameter is set to Key Container.
Key container level	Text Options	No	User	KEYCONTAINERLEVEL="USER"	Specifies whether the new key container should be set to User-Level or Machine-Level. Microsoft Windows makes Machine-Level key containers available to all users, whereas a User-Level key container is available only to the user that created (or imported) the key container. The available options are: User (Default) Machine More details regarding Machine-Level and User-Level key containers can be found below under Comparing Machine-Level and User-Level RSA Key Containers.

PGP Tab

These parameters relate to the recipient's OpenPGP key ID (normally an e-mail address or name) and the password that associates with that ID. These parameters are available only when OpenPGP Public/Private Key is selected under the Type parameter located in the General tab.

NOTE: The parameters of the PGP tab have no relation to PGP Encrypt/Decrypt type, only OpenPGP.

Property

Type

Required

Default

Markup

Description

Email or Name

Text

(Empty)

KEYID=John@netauto.com

Specifies the OpenPGP key ID (normally an email address or name) used to decrypt the file(s). If more than one Email/Name is entered (along with the associated password), during runtime, this action will read through the list and select the appropriate one.

NOTE: The User section becomes populated with the user information associated with the Public Keyring File and Secret Keyring File entered under the Key Options tab. This will allow for choosing users during design time. The User portion is only helpful during design if referencing a keyring that is available.

Passphrase

Text

(Empty)

PASSWORD=password

Specifies the passphrase related to the information entered under the Email or Name field.

Comparing Machine-Level and User-Level RSA Key Containers

User-level RSA key containers are stored with the Windows user profile for a particular user and can be used to encrypt and decrypt information for applications that run under that specific user identity. User-level RSA key containers can be useful if you want to ensure that the RSA key information is removed when the Windows user profile is removed. However, because you must be logged in with the specific user account that makes use of the user-level RSA key container in order to encrypt or decrypt protected configuration sections, they are inconvenient to use.

Machine-level RSA key containers are available to all users that can log in to a computer, by default, and are the most useful as you can use them to encrypt or decrypt protected configuration sections while logged in with an administrator account. A machine-level RSA key container can be used to protect information for a single application, all the applications on a server, or a group of applications on a server that run under the same user identity. Although machine-level RSA key containers are available to all users, they can be secured with NTFS Access Control Lists (ACLs) so that only required users can access them.