Endpoint Encryption

i am getting this error "ice1dev_pub:encrypt (3013:no keys found)" when i try to run my batch script through a scheduler "IBM TWS workload scheduler"

i have few other keys they all seem to work fine via the scheduler but it doesnt work when i use the key (ice1dev_pub)

but saying all that when i ran the script locally it works fine.

example script:

"C:\Program Files\PGP Corporation\PGP Command Line\pgp" --encrypt --recipient "ice1dev_pub" D:\FTPRoot\HSBC\FPSOut\Outbound\FPSOUT_30092011_22S.PBS

also tried this

"C:\Program Files\PGP Corporation\PGP Command Line\pgp" --encrypt D:\FTPRoot\HSBC\FPSOut\Outbound\FPSOUT_%strdate%*.PBS --recipient "0x522F3C6E"

and this

"C:\Program Files\PGP Corporation\PGP Command Line\pgp" --encrypt D:\FTPRoot\HSBC\FPSOut\Outbound\FPSOUT_%strdate%*.PBS --recipient "ice1dev_pub"

Key Details: ice1dev_pub
     Key ID: 0x522F3C6E (0xDE427659522F3C6E)
       Type: DSA public key
       Size: 1024
   Validity: Complete
      Trust: Never
    Created: 2008-04-18
    Expires: Never
     Status: Active
     Cipher: CAST5
     Cipher: IDEA
     Cipher: TripleDES
       Hash: SHA-1 (Absent)
   Compress: Zip (Absent)
      Photo: No
  Revocable: No
      Token: No
  Keyserver: Absent
    Default: No
    Wrapper: No
 Prop Flags: Absent
 Ksrv Flags: Absent
 Feat Flags: Absent
  Notations: None
      Usage: Sign user IDs
      Usage: Sign messages

  Subkey ID: 0x2D943F89 (0x2D79AE1E2D943F89)
       Type: Elgamal public subkey
       Size: 2048
    Created: 2008-04-18
    Expires: Never
     Status: Active
  Revocable: No
      Token: No
      X.509: No
 Prop Flags: Absent
  Notations: None
      Usage: Encrypt communications
      Usage: Encrypt storage
      Usage: PGP NetShare
      Usage: PGP WDE
      Usage: PGP ZIP
      Usage: PGP Messaging

        ADK: None

    Revoker: None

1 key found

C:\Program Files\PGP Corporation\PGP Command Line>pgp --verify --debug --verbose
 D:\FTPRoot\HSBC\FPSOut\Outbound\FPSOUT_30092011_22S.PBS.pgp --passphrase xxxxxxxxx

pgp:verify (3157:current local time 2011-09-30T14:40:27+01:00)
D:\FTPRoot\PGP\pubring.pkr:open keyrings (1006:public keyring)
D:\FTPRoot\PGP\secring.skr:open keyrings (1007:private keyring)
Decoding D:\FTPRoot\HSBC\FPSOut\Outbound\FPSOUT_30092011_22S.PBS.pgp...
 begin lex event
 file is encrypted
 file is asymmetrically encrypted
D:\FTPRoot\HSBC\FPSOut\Outbound\FPSOUT_30092011_22S.PBS.pgp:verify (3093:data is
 encrypted to subkey ID 0x2D943F89)
D:\FTPRoot\HSBC\FPSOut\Outbound\FPSOUT_30092011_22S.PBS.pgp:verify (3044:subkey
ID 0x2D943F89 belongs to 0x522F3C6E ice1dev_pub)
D:\FTPRoot\HSBC\FPSOut\Outbound\FPSOUT_30092011_22S.PBS.pgp:verify (1080:no priv
ate key could be found for decryption)
Decode complete 

----------------------------------------------------------------------------------------------------------------

C:\Program Files\PGP Corporation\PGP Command Line>pgp --list-key
pgp:parser (9000:invalid flag "--list-key")

C:\Program Files\PGP Corporation\PGP Command Line>pgp --list-keys
 Alg  Type Size/Type Flags   Key ID     User ID
----- ---- --------- ------- ---------- -------
*RSA4 pair 2048/2048 [VI---] 0xFD8B81A3 ingdirect
 RSA4 pub  2048/2048 [V----] 0x3197E0F3 publickey
 DSS  pub  2048/1024 [VT---] 0x75D65FBF ice1liv_aes128_pub
 DSS  pub  2048/1024 [V----] 0x522F3C6E ice1dev_pub
4 keys found 

Hi. Any differences regarding the accounts that the different batch-jobs are running beneath and yours?

Hi

thank you for your reply

We use the same service account to run all batch jobs.

If it works locally, but not when run as the service, then you are likely getting different keyrings for the different operations.

Try running with "--debug" as the service also, and see what keyring files are being used.