Endpoint Encryption

 View Only
  • 1.  PGP Command Line Problem with Concurrent Processing

    Posted Jul 15, 2014 11:09 AM

    I have two batched processes that try Keyed decryption. One worked the other erred. A simple process restart works for the erred, but this is a problem. This seems more like an error than a limitation.

     

    I extracted part of my log, which looks like this with the error in bold:

     

    C:\Windows\system32>rem using the second tells where the file goes

    C:\Windows\system32>if not /"E:\AFD\int\data\XXXIn\out\YYY_XXX_XXXXXXXX.pdf" == / E:\afd\int\pgp\pgp --decrypt "E:\AFD\int\data\XXXIn\In\YYY_XXX_XXXXXXXX.pgp" --passphrase "XXXXXXXXXXXXXXXXXXXXXXX" --output "E:\AFD\int\data\XXXIn\out\YYY_XXX_XXXXXXXX.pdf" --overwrite remove  2>&1
    C:\ProgramData\PGP Corporation\PGP\PGPprefs.xml:decrypt (1009:unable to open preferences file)

    C:\Windows\system32>exit

     

    Can someone help?  I could have up to five processes running concurrently, but this erred with only two.

    Thanks,

    Chris

    P.S. I did fine another person that had a similar problem here, but I do not see an answer:

    http://zubeneschamali54.rssing.com/chan-24041585/all_p5.html

     

     



  • 2.  RE: PGP Command Line Problem with Concurrent Processing

    Broadcom Employee
    Posted Jul 16, 2014 07:01 AM

    Hi Ckwp,

    Have a look into this thread if can be of any help becuase you are running command as a part of the script and in fact you extracted only a part of the logs

    https://www-secure.symantec.com/connect/forums/cant-decrypt-second-server-pgp-command-line

    --snip-

    If I had a "\" to the end of the --home-dir option, I get:

    <1009:unable to open preferences file>

    -----------

    I would try to extract command first and run on it's own to see if you can get this error from pgp command line bypassig any script:

    A quick test for example:

    C:\Program Files\PGP Corporation\PGP Command Line>pgp --encrypt --sign  C:\Users
     \user3\Documents\PGP\pgp123.txt --recipient "0xD5483454" --signer "0xFF392B60" -
     -passphrase "XXXXXX" --output C:\Users\user3\Documents\PGP\pgp123.txt.pgp --o
     verwrite remove -v
     

    pgp:encrypt (3157:current local time 2014-07-16T12:33:29+02:00)
     C:\Users\user3\Documents\PGP\pubring.pkr:open keyrings (1006:public keyring)
     C:\Users\user3\Documents\PGP\secring.skr:open keyrings (1007:private keyring)
     0xD5483454:encrypt (1030:key added to recipient list)
     0xFF392B60:encrypt (1030:key added to recipient list)
     0xFF392B60:encrypt (1050:key added as signer)
     C:\Users\user3\Documents\PGP\pgp123.txt:encrypt (3048:data encrypted with cipher
      AES-256)
     Encoding C:\Users\user3\Documents\PGP\pgp123.txt... 100% (Γ╕ѵÿ▒τîÑ)
     C:\Users\user3\Documents\PGP\pgp123.txt.pgp:encrypt (0:file removed successfully)
     C:\Users\user3\Documents\PGP\pgp123.txt:encrypt (0:output file C:\Users\user3\Do
     cuments\PGP\pgp123.txt.pgp)

    C:\Program Files\PGP Corporation\PGP Command Line>

     

    If the error still exist I would also concentrate to give the the full permissions to all folders which taking a part in encryption/decrytion process including scripts.

    HTH

     

     

     



  • 3.  RE: PGP Command Line Problem with Concurrent Processing

    Posted Jul 16, 2014 09:14 AM

    I will take this apart step by step and let you know. But just wanted you to know that the error is seemingly intermittent. 



  • 4.  RE: PGP Command Line Problem with Concurrent Processing

    Posted Jul 16, 2014 02:12 PM

    Here is what I have so far.

    I do not use  --home-dir  so that is not an issue.

    This process has been running for a few months. I don't think that it is a Windows Folder permission issue.

    It has only errored 3 times in the last two months, so writing the command out of the .bat file should not be an issue.

    Like I said the error is intermittent. I just tried to recerate it and it worked.

    Maybe I need to figure out how to turn up logging (if there is a way to do this) to get more detail for when it happens again.

     

     



  • 5.  RE: PGP Command Line Problem with Concurrent Processing

    Posted Jul 17, 2014 04:01 AM

    append your commands with --status-file filename.log

    It will then create a log file.



  • 6.  RE: PGP Command Line Problem with Concurrent Processing

    Posted Jul 17, 2014 11:44 AM

    Hmmm, testing I ran 29 Processes to process 29 files at the same moment. I added the "--status-file" and kept my old ">" redirection to log out put. Named both logs differently.

    28 logs per each where created. = 56 logs.

    1 process failed with the intermittent "C:\ProgramData\PGP Corporation\PGP\PGPprefs.xml:decrypt (1009:unable to open preferences file)"

    For that one errored process only the old ">" redirection log get created.

    So, I was able to reproduce the problem under some more extreem situation. Another problem crept in with the "--status-file" not working at all.

     

    But like I noted this intermitted error sometimes happens with just 2 processes running, which I consider to be inapropriate.

    Well, what is my next step - who could help with this problem - who whould want to help?

    Thanks,

    Chris

     



  • 7.  RE: PGP Command Line Problem with Concurrent Processing

    Broadcom Employee
    Posted Jul 18, 2014 09:32 AM

    Hi Chirs,

    I guess you should attach all the logs together with the full script to investigate this issue further step by step and as you said and we see this is completely intermittent problem.

    I would give you advice to contact Symantec Support and open a case for further troubleshooting.