Decrypt

Declaration

<AMDECRYPT ENCRYPTTYPE="PASSPHRASE" INPUTFILE="text" OUTPUTFILE="text" SUBFOLDERS="Yes/No" KEEPFOLDERSTRUCT="Yes/No" OVERWRITE="Yes/No" EXCLUDE="text" ISNEWERTHAN="text%" ENCRYPTALGO="text(options)" PASSWORD="text" />

See Also

Delete Key Container, Generate Key Files, Sign, Verify, Encrypt

Description

Decrypts one or more previously encrypted files. This action supports decrypting any cipherfile provided the file was encrypted using one of the supported types and algorithms (not limited to files encrypted by AutoMate). Also, supports both symmetric (passphrase) and asymmetric (public/private key) modes. If PGP is installed, this action can optionally use the PGP engine for both passphrase and public/private key decryption and support for a wide variety of encryption algorithms.

NOTE: AutoMate comes bundled with the OpenPGP engine which is based on PGP as originally developed. OpenPGP is installed on the system during AutoMate installation.

Practical Usage

Can be used to decrypt files encrypted by the Encrypt action or by an external encryption tool.

Parameters

General Properties

Property

Type

Required

Default

Markup

Description

Source

Text

Yes

(Empty)

a)INPUTFILE="c:\source\file.txt"
b)INPUTFILE="c:\source\*.txt"

Indicates the path and filename of the file(s) to decrypt. Wildcard characters (i.e. * or ?) can be used to decrypt files matching a certain mask.

Destination

Text

Options

Yes

User

a)OUTPUTFILE="c:\destfile.txt"
b)OUTPUTFILE="c:\dest\

Specifies whether the new key container should be set to User-Level or Machine-Level. Microsoft Windows makes Machine-Level key containers available to all users, whereas a User-Level key container is available only to the user that created (or imported) the key container. The available options are:

  • User (Default)

  • Machine

More details regarding Machine-Level and User-Level key containers can be found below under Comparing Machine-Level and User-Level RSA Key Containers.

Type

Text Options

Yes

Passphrase

ENCRYPTTYPE="key"

Specifies the type of encryption used to initially encrypt the file(s) to decrypt. Parameters vary depending on which decryption type is selected. The available options are:

  • Passphrase (Default): A proper passphrase must be entered to decrypt.

  • Public/Private key: A private key must be used to decrypt.

  • PGP Passphrase: A proper PGP passphrase must be entered to decrypt. This option is available only if PGP is installed on the system.

  • PGP Public/Private key: A PGP private key must be used to decrypt. This option is available only if PGP is installed on the system.

  • OpenPGP Passphrase: A proper OpenPGP passphrase must be entered to decrypt.

  • OpenPGP Public/Private Key: An OpenPGP private key must be used to decrypt.

Algorithm

Text

No

Rijndael

ENCRYPTALGO="DES"

Indicates the encryption algorithm that was used to initially encrypt the file(s) to decrypt. This parameter is active only if the Type parameter is set to Passphrase. The available Passphrase algorithms are:

  • Rijndael (Default)

  • DES

  • RC2

  • TripleDES

NOTE: If the Type parameter is set to PGP Passphrase or OpenPGP Passphrase, there is no need to manually select the encryption algorithm used. The built-in OpenPGP engine will automatically select the correct algorithm during runtime.

Passphrase

/Confirm Passphrase

Text

Yes if decryption requires a passphrase

(Empty)

PASSWORD="g9tc745yuig3j9t"

Specifies the passphrase needed to decrypt the selected file(s). This parameter is available only if the Type parameter is set to Passphrase, PGP Passphrase or OpenPGP Passphrase.

Key E-mail Address

Text

Yes if PGP Public/Private Key decryption is selected

(Empty)

EMAIL="john@netauto.com

Specifies the e-mail address used to identify the PGP public/private keys. This parameter is available only if the Type parameter is set to PGP Public/Private Key.

Secret Key Pass Phrase

/Verify Pass Phrase

Text

Yes if PGP Public/Private Key decryption is selected

(Empty)

PASSWORD="g9tc745yuig3j9t"

Specifies the PGP secret key pass phrase needed to validate and decrypt the selected file(s). This parameter is available only if the Type parameter is set to PGP Public/Private Key.

 

Options Properties

Property

Type

Required

Default

Markup

Description

Include Subfolders

Yes/No

No

No

SUBFOLDERS="YES"

If set to YES, specifies that, if present, subfolders should be searched for files matching the mask specified in the Source parameter. The default value is set to NO.

Preserve Folder Structure

Yes/No

No

Yes

KEEPFOLDERSTRUCT="NO"

If set to YES, specifies that subfolders found in the source folder should be created in the destination folder, and source files should be decrypted into their respective folders rather than directly into the root of the folder specified in the Destination parameter. Valid only if the Include subfolder parameter is set to YES.

Overwrite if Exists

Yes/No

No

No

OVERWRITE="YES"

If set to YES, specifies that, if destination files already exist, they should be overwritten. The default value is set to NO.

Only if Newer

Yes/No

No

No

ISNEWERTHAN="YES"

If set to YES, indicates that only files that are newer than those in the destination folder will overwrite existing files. Valid only if the Overwrite if Exists parameter is set to YES.

Only if Exists in Destination

Yes/No

No

No

ONLYIFEXIST="YES"

If set to YES, specifies that only files that already exist in the destination will be decrypted from the source. All other files, regardless of whether they match the mask or other parameter settings will be bypassed. Valid only if the Overwrite if Exists parameter is set to YES.

Overwrite Read-Only Files

Yes/No

No

No

OVERWRITEREADONLY="YES"

If set to YES, indicates that already existing files should be overwritten even if the file in the destination is marked with the "read-only" attribute. By default, read only files are not overwritten. Valid only if the Overwrite if Exists parameter is set to YES.

Overwrite Hidden Files

Yes/No

No

No

OVERWRITEHIDDEN="YES"

If set to YES, specifies that already existing files should be overwritten even if the file in the destination is marked with the "hidden" attribute. By default, hidden files are not overwritten. Valid only if the Overwrite if Exists parameter is set to YES.

Turn Archive Attribute Off

Yes/No

No

No

ARCHIVETURNOFF="YES"

If set to YES, denotes that the "archive" attribute of the source file should be switched OFF. The Windows "archive" attribute is generally used to track whether a file has been backed-up. By turning the source file's archive attribute off—this indicates to many backup programs that the file has already been backed-up.

Exclude Mask

Text

No

(Empty)

EXCLUDE="*.txt"

Causes this action to omit decrypting files matching the mask(s) specified. Filenames or wildcard masks may be used. Multiple entries may be specified by separating them with a pipe symbol (|). For example: *.txt|*.bak.

Regular Expression

Yes/No

No

No

RE="YES"

If set to YES, specifies that a regular expression is used in the Exclude Mask field.

Only if Newer Than

Date

No

(Empty)

ISNEWERTHAN=

"%DateSerial(2007,10,12) + TimeSerial(00,00,00)%"

Causes this action to only decrypt files if the source is newer than the date/time specified. If this parameter is left blank or not included, the date of the file(s) will be ignored (excluding Only if newer parameter).

Only if Older Than

Date

No

(Empty)

ISOLDERTHAN=

"%DateSerial(2007,10,12) + TimeSerial(00,00,00)%"

Causes this action to only decrypt files if the source is older than the date/time specified. If this parameter is left blank or not included, the date of the file(s) will be ignored (excluding Only if newer parameter).

↑ Top of Page

Attributes Properties

Property

Type

Required

Default

Markup

Description

Attributes

Text Options

No

(Empty)

ATTRFILTER="+R+A-H" (decrypt read-only & archive files but not hidden files)

This group of settings causes the action to filter which files are decrypted based on the attribute settings of the source file(s). In visual mode, a group of controls are provided to assist in the selection of this parameter. In markup mode, a single text item must be specified that contains the attributes of the files you wish to decrypt.

Available Options:

  • R—Read-only: Specifying "+R" causes files with this attribute turned on to be included, "-R" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.

  • A—Archive: Specifying "+A" causes files with this attribute turned on to be included, "-A" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.

  • S—System: Specifying "+S" causes files with this attribute turned on to be included, "-S" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.

  • H—Hidden: Specifying "+R" causes files with this attribute turned on to be included, "-H" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.

  • C—Compression: Specifying "+C" causes files with this attribute turned on to be included, "-C" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.

 

Key Options Properties

Property

Type

Required

Default

Markup

Description

Public Keyring File

Text

Yes

(Empty)

PUBKEYRINGPATH="c:\foldername\file.pkr"

Specifies the path and filename of the PGP, OpenPGP or GnuPG Public Keyring file. Entering a valid Public Keyring file along with a matching Secret Keyring file will populate the PGP tab with the appropriate signature information. This parameter is active only if the Type parameter located in the General tab is set to PGP Public/Private Key or OpenPGP Public/Private Key.

NOTE: AutoMate comes equipped with the OpenPGP engine which is installed on the system during AutoMate installation.    

Secret Keyring File

Text

Yes

(Empty)

SECKEYRINGPATH="c:\foldername\file.skr"

Specifies the path and filename of the PGP, OpenPGP or GnuPG secret keyring file. Entering a valid Public Keyring file along with a matching Secret Keyring file will populate the PGP tab with the appropriate signature information. This parameter is active only if the Type parameter located in the General tab is set to OpenPGP Public/Private Key.

NOTE: AutoMate comes equipped with the OpenPGP engine which is installed on the system during AutoMate installation.    

Decrypt using

Text Options

No

Key Container

DECRYPTUSING="KEYCONTAINER"

Indicates the procedure to be used to authenticate and decrypt the specified file(s). Parameters vary depending on the option selected.

The available options are:

  • Key Container: Specifies that a key container will be used to decrypt the file(s).

  • Key File: Specifies that a private key file will be used to decrypt the file(s). Click the Folder icon to navigate to the appropriate private key (.pri) file or simply enter the full path and filename of the private key file in the provided text-box.

Key container name

Yes/No

No

(Empty)

KEYCONTAINERNAME=

"Microsoft Enhanced Cryptographic Provider v1.0"

Specifies the name of the key container to be used. Clicking the Select Key Container button will open a Key Container browser allowing selection from a list of cryptographic provider names. This parameter is active only if the Decrypt using parameter is set to Key Container.

Key container level

Text Options

No

User

KEYCONTAINERLEVEL="USER"

Specifies whether the new key container should be set to User-Level or Machine-Level. Microsoft Windows makes Machine-Level key containers available to all users, whereas a User-Level key container is available only to the user that created (or imported) the key container. The available options are:

  • User (Default)

  • Machine

More details regarding Machine-Level and User-Level key containers can be found below under Comparing Machine-Level and User-Level RSA Key Containers.

↑ Top of Page

PGP Properties

These parameters relate to the recipient's OpenPGP key ID (normally an e-mail address or name) and the password that associates with that ID. These parameters are available only when OpenPGP Public/Private Key is selected under the Type parameter located in the General tab.

NOTE: The parameters of the PGP tab has no relation to PGP Encrypt/Decrypt type, only OpenPGP.

Property

Type

Required

Default

Markup

Description

Email or Name

Text

No

(Empty)

KEYID=John@netauto.com

Specifies the OpenPGP key ID (normally an email address or name) used to decrypt the file(s). If more than one Email/Name is entered (along with the associated password), during runtime, this action will read through the list and select the appropriate one.

NOTE: The User section becomes populated with the user information associated with the Public Keyring File and Secret Keyring File entered under the Key Options tab. This will allow for choosing users during design time. The User portion is only helpful during design if referencing a keyring that is available.

Passphrase

Text

No

(Empty)

PASSWORD=password

Specifies the passphrase related to the information entered under the Email or Name field.

NOTE: The User section becomes populated with the user information associated with the Public Keyring File and Secret Keyring File entered under the Key Options tab. This will allow for choosing users during design time. The User portion is only helpful during design if referencing a keyring that is available.

Comparing Machine-Level and User-Level RSA Key Containers

User-level RSA key containers are stored with the Windows user profile for a particular user and can be used to encrypt and decrypt information for applications that run under that specific user identity. User-level RSA key containers can be useful if you want to ensure that the RSA key information is removed when the Windows user profile is removed. However, because you must be logged in with the specific user account that makes use of the user-level RSA key container in order to encrypt or decrypt protected configuration sections, they are inconvenient to use.

Machine-level RSA key containers are available to all users that can log in to a computer, by default, and are the most useful as you can use them to encrypt or decrypt protected configuration sections while logged in with an administrator account. A machine-level RSA key container can be used to protect information for a single application, all the applications on a server, or a group of applications on a server that run under the same user identity. Although machine-level RSA key containers are available to all users, they can be secured with NTFS Access Control Lists (ACLs) so that only required users can access them.

Description Properties

The Description tab allows you to customize the text description of any step as it appears in the Task Builder's Steps Pane.

More on setting custom step description

Error Causes Properties

The Error Causes tab properties allows you to instruct a task step to react only to specific errors or ignore certain errors that should cause it to fail.

More on Error Causes properties

On Error Properties

The On Error tab properties lets you determine what the task should do if a particular step encounters an error as defined in the Error Causes properties.

More about On Error properties

Additional Notes

Expressions, Variables and Functions

All text fields allow the use of expressions such as variables, functions or AutoMate extended functions, which can be entered by surrounding the expression in percentage signs (example: %FileDateTime(myVar)% or %myVar%, %Left('Text',2)%). To help construct these expressions, you can open Expression Builder from these fields by clicking the Insert Expression (%) button or by pressing F2.

More on expressions

More on variables

More on function

More on extended functions
More on the expression builder

Example

NOTE: The code below can be copied and pasted directly into the Steps pane of the Task Builder.

 

Example 1 - Passphrase Decryption

 

<AMDECRYPT ENCRYPTTYPE="PASSPHRASE" INPUTFILE="C:\Test\encr*.doc" OUTPUTFILE="C:\Test\decr*.doc" SUBFOLDERS="YES" KEEPFOLDERSTRUCT="YES" OVERWRITE="YES" EXCLUDE="*pri" ISNEWERTHAN="%DateSerial(2010,06,14)+TimeSerial(08,30,38)%" ENCRYPTALGO="DES" PASSWORD="AM1czBCMWFYJo4=aME" />

 

 

Example 2 - Public/Private Key Decryption

 

<AMDECRYPT ENCRYPTTYPE="KEY" INPUTFILE="C:\Test\encr*.doc" OUTPUTFILE="C:\Test\decr*.doc" SUBFOLDERS="YES" KEEPFOLDERSTRUCT="YES" OVERWRITE="YES" EXCLUDE="*pri" ISNEWERTHAN="%DateSerial(2010,06,14)+TimeSerial(08,30,38)%" CRYPTUSING="KEYCONTAINER" KEYCONTAINERNAME="Microsoft Enhanced Cryptographic Provider v1.0" KEYCONTAINERLEVEL="USER" />

 

↑ Top of Page