action_decyrpt_128x128_xp_copy.jpg

Decrypt Action

Declaration

<AMDECRYPT ENCRYPTTYPE="Text[Option]" INPUTFILE="Text" OUTPUTFILE="Text" SUBFOLDERS="YES/NO" KEEPFOLDERSTRUCT="YES/NO" OVERWRITE="YES/NO" ISNEWER="YES/NO" ONLYIFEXIST="YES/NO" OVERWRITEREADONLY="YES/NO" OVERWRITEHIDDEN="YES/NO" ARCHIVETURNOFF="YES/NO" EXCLUDE="Text" RE="YES/NO"  ISNEWERTHAN="Date" ISOLDERTHAN="Date" ATTRFILTER="Text" ENCRYPTALGO="Text[Option]" PASSWORD="Text" PRIVATEKEY="Text" />

See Also

Decrypt Action-Setting Properties, Encrypt Action, Create Key Container Action, Delete Key Container Action

Description

Decrypts one or more previously encrypted files. This action supports decrypting any cipherfile provided the file was encrypted using one of the supported types and algorithms (not limited to files encrypted by AWE). Supports both symmetric (passphrase) and asymmetric (public/private key) modes. If PGP is installed, this action can optionally use the PGP engine for both passphrase and public/private key decryption and support for a wide variety of encryption algorithms.

NOTE: AWE comes bundled with the OpenPGP engine which is based on PGP as originally developed. OpenPGP is installed on the system during AWE installation.

Practical Usage

Used to decrypt encrypted files. Can be used to decrypt files encrypted by the Encrypt action or by an external encryption tool.

Parameters

General Tab

Source

Text, Required
MARKUP:
a) INPUTFILE="c:\sourcefoldername\file.txt"
b) INPUTFILE="c:\sourcefoldername\*.txt"

Specifies the path and file names for the files to decrypt. Wildcard characters asterisk (*) and question mark (?) can be used to decrypt files matching a certain mask.

Destination

Text, Required
MARKUP:
a) OUTPUTFILE="c:\destinationfoldername\file.txt"
b) OUTPUTFILE="c:\destinationfoldername\
c) OUTPUTFILE="c:\destfolder\newdestfolder\*.txt"

Specifies the destination folder and (optional) filename for the files being decrypted. Folders that do not exist will be automatically created at runtime.

Type

Text, Required - Default "passphrase"
MARKUP: ENCRYPTTYPE="KEY"

Specifies the type of encryption used to decrypt the specified file(s). Parameters vary depending on which encryption type is selected.

The available options are:
 

 

Algorithm

Text, Optional - Default "Rijndael"
MARKUP: ENCRYPTALGO="DES"

Specifies the encryption algorithm that was used to initially encrypt the file(s) to decrypt. This parameter is active only if the Type parameter is set to Passphrase.

The available Passphrase algorithms are:
 

 

NOTE: If the Type parameter is set to PGP Passphrase or OpenPGP Passphrase, there is no need to manually select the encryption algorithm used. The built-in OpenPGP engine will automatically select the correct algorithm during runtime.

The supported PGP Passphrase and OpenPGP Passphrase algorithms are:
 

 

Passphrase/Confirm Passphrase

Text, Required if Decryption requires a passphrase
MARKUP: PASSWORD="g9tc745yuig3j9t"

Specifies the passphrase needed to decrypt the selected file(s). This parameter is available only if the Type parameter is set to Passphrase, PGP Passphrase or OpenPGP Passphrase.

 

Key email address

Text, Required if PGP Public/Private Key decryption is selected
MARKUP: EMAIL="john@networkautomation.com

Specifies the e-mail address used to identify the PGP public/private keys. This parameter is available only if the Type parameter is set to PGP Public/Private Key.

NOTE: PGP must be installed on the system in order to use this parameter.

 

Secret Key Pass Phrase/Verify Pass Phrase

Text, Required if PGP Public/Private Key decryption is selected
MARKUP: PASSWORD="g9tc745yuig3j9t"

 

Specifies the PGP secret key pass phrase needed to validate and decrypt the selected file(s). This parameter is available only if the Type parameter is set to PGP Public/Private Key.

 

Options Tab

Include Subfolders

Yes/No, Optional default - NO
MARKUP: SUBFOLDERS="YES"

When set to YES, specifies that, if present, subfolders should be searched for files matching the mask specified in the Source parameter.

 

Preserve Folder Structure

Yes/No, Optional default - YES
MARKUP: KEEPFOLDERSTRUCT="NO"

Valid only if the "Include subfolder" [SUBFOLDERS] parameter is YES. When set to YES, specifies that subfolders found in the source folder should be created in the destination folder, and source files should be decrypted into their respective folders rather than directly into the root of the target folder specified in the "Destination" [OUTPUTFILE] parameter. If the "Include subfolders" [SUBFOLDERS] parameter is set to NO this parameter is ignored.

 

Overwrite if Exists

Yes/No, Optional default - NO
MARKUP: OVERWRITE="YES"

When set to YES, specifies that, if destination files already exist, they should be overwritten.

 

Only if Newer

Yes/No, Optional default - NO
MARKUP: ISNEWERTHAN="YES"

Valid only if the "Overwrite if exists" [OVERWRITE] parameter is YES. When set to YES, specifies that only files that are newer than those in the destination folders will overwrite existing files.

 

Only if Exists in Destination

Yes/No, Optional default - NO
MARKUP: ONLYIFEXIST="YES"

Valid only if the "Overwrite if exists" [OVERWRITE] parameter is YES. When set to YES, specifies that only files that already exist in the destination will be decrypted from the source. All other files, regardless of whether they match the mask or other parameter settings will be bypassed.

 

Overwrite Read-Only Files

Yes/No, Optional default - NO
MARKUP: OVERWRITEREADONLY="YES"

Valid only if the "Overwrite if exists" [OVERWRITE]  parameter is YES. When set to YES, specifies that already existing files should be overwritten even if the file in the destination is marked with the "read-only" attribute. By default, read only files are not overwritten.

 

Overwrite Hidden Files

Yes/No, Optional default - NO
MARKUP: OVERWRITEHIDDEN="YES"

Valid only if the "Overwrite if exists" [OVERWRITE]  parameter is YES. When set to YES, specifies that already existing files should be overwritten even if the file in the destination is marked with the "hidden" attribute. By default, hidden files are bypassed.

 

Turn Archive Attribute Off

Yes/No, Optional default - NO
MARKUP: ARCHIVETURNOFF="YES"

When set to YES, specifies that the "archive" attribute of the source files should be switched OFF. The Windows "archive" attribute is generally used to track whether a file has been backed-up by turning the source file's archive attribute off — this indicates to many backup programs that the file has already been backed-up.

 

Exclude Mask

Text, Optional default - (blank)
MARKUP: EXCLUDE="*.txt"

Causes the action to not decrypt files matching the masks specified. Filenames or wildcard masks may be used. Multiple entries may be specified by separating them with a pipe symbol (|), for example, *.txt|*.bak.

 

Regular Expression

Yes/No, Optional default - NO
MARKUP: RE="YES"

If set to YES, specifies that a regular expression is used in the Exclude Mask field.

 

Only if Newer Than

Date, Optional default - (none)
MARKUP: ISNEWERTHAN="%DateSerial(2007,10,12) + TimeSerial(00,00,00)%"

 

Causes the action to only decrypt files if the source is newer than the date/time specified. If this parameter is left blank or not included, the date of the files will be ignored.

 

Only if Older Than

date, Optional default - (none)
MARKUP: ISOLDERTHAN="%DateSerial(2007,10,12) + TimeSerial(00,00,00)%"

Causes the action to only decrypt files if the source is older than the date/time specified. If this parameter is left blank or not included, the date of the files will be ignored.

 

Attributes Tab

Attributes

Text, Optional (blank)
MARKUP:
ATTRFILTER="+R+A-S-H" (decrypt read-only and archive files, not System or Hidden)
ATTRFILTER="-S" (do not decrypt "System" files)

This group of settings causes the action to filter which files are decrypted based on the attribute settings of the source files.

In visual mode, a group of controls are provided to assist in the selection of this parameter. In markup mode, a single text item must be specified that contains the attributes of the files you wish to decrypt.

Available Options:

 

Key Options Tab

Public Keyring File

Text, Required
MARKUP: PUBKEYRINGPATH="c:\destinationfoldername\file.pkr"

Specifies the path and filename of the PGP, OpenPGP or GnuPG Public Keyring file. Entering a valid Public Keyring file along with a matching Secret Keyring file will populate the PGP tab with the appropriate signature information. This parameter is active only if the Type parameter located in the General tab is set to PGP Public/Private key or OpenPGP Public/Private Key.

NOTE: AWE comes equipped with the OpenPGP engine which is installed on the system during AWE installation.    

 

Secret Keyring File

Text, Required
MARKUP: SECKEYRINGPATH="c:\destinationfoldername\file.skr"

Specifies the path and filename of the PGP, OpenPGP or GnuPG secret keyring file. Entering a valid Public Keyring file along with a matching Secret Keyring file will populate the PGP tab with the appropriate signature information. This parameter is active only if the Type parameter located in the General tab is set to OpenPGP Public/Private Key.

NOTE: AWE comes equipped with the OpenPGP engine which is installed on the system during AWE installation.    

 

Decrypt using

Text, Required
MARKUP: CRYPTUSING="KEYCONTAINER"

Specifies the procedure to be used to authenticate and decrypt the specified file(s). Parameters vary depending on the option selected.

The available options are:

 

Key container name

Text, Required
MARKUP: KEYCONTAINERNAME="Microsoft Enhanced Cryptographic Provider v1.0"

Specifies the name of the key container to be used. Clicking the Select Key Container button will open a Key Container browser allowing selection from a list of cryptographic provider names. This parameter is active only if the Decrypt using parameter is set to Key Container.

 

Key container level

Text, Required
MARKUP: KEYCONTAINERLEVEL="USER"

Specifies whether to use a machine-level or user-level RSA key container. Microsoft Windows makes machine-level key containers available to all users, whereas a user-level key container is available only to the user that created (or imported) the key container. This parameter is active only if the Decrypt using parameter is set to Key Container. More details regarding Machine-Level and User-Level RSA Key Containers can be found below under the Notes section.

 

Public Key File

Text, Required
MARKUP: PUBKEYFILE="C:\Temp\filename.txt"

Specifies the path and filename of a public key file to be used to encrypt the selected file(s). Click the Folder icon to navigate to the appropriate public key file or simply enter the full path and filename of the private key file in the provided text-box. This parameter is active only if the Decrypt using parameter is set to Key File.

 

PGP Tab

The parameters contained in the PGP tab relate to the recipient's OpenPGP key ID (normally an email address or name) and the password that associates with that ID. These parameters are available only when OpenPGP Public/Private Key is selected under the Type parameter located in the General tab.

NOTE: The parameters of the PGP tab has no relation to PGP Encrypt/Decrypt type, only OpenPGP.

Email or Name

Text, Required
MARKUP: KEYID=John@networkautomation.com

 

Specifies the OpenPGP key ID (normally an email address or name) used to decrypt the file(s). If more than one Email/Name is entered (along with the associated password), during runtime, this action will read through the list and select the appropriate one.

NOTE: The User section becomes populated with the user information associated with the Public Keyring File and Secret Keyring File entered under the Key Options tab. This will allow for choosing users during design time. The User portion is only helpful during design if referencing a keyring that is available.

Passphrase

Text, Required
Markup: PASSWORD=password

 

Specifies the passphrase related to the information entered under the Email or Name field.

NOTE: The User section becomes populated with the user information associated with the Public Keyring File and Secret Keyring File entered under the Key Options tab. This will allow for choosing users during design time. The User portion is only helpful during design if referencing a keyring that is available.

Notes

Comparing Machine-Level and User-Level RSA Key Containers

User-level RSA key containers are stored with the Windows user profile for a particular user and can be used to encrypt and decrypt information for applications that run under that specific user identity. User-level RSA key containers can be useful if you want to ensure that the RSA key information is removed when the Windows user profile is removed. However, because you must be logged in with the specific user account that will make use of the user-level RSA key container in order to encrypt or decrypt protected configuration sections, they are inconvenient to use.

Machine-level RSA key containers are available to all users that can log in to a computer, by default, and are the most useful as you can use them to encrypt or decrypt protected configuration sections while logged in with an administrator account. A machine-level RSA key container can be used to protect information for a single application, all the applications on a server, or a group of applications on a server that run under the same user identity. Although machine-level RSA key containers are available to all users, they can be secured with NTFS Access Control Lists (ACLs) so that only required users can access them.

Link: http://msdn2.microsoft.com/en-us/library/f5cs0acs.aspx

Custom Description

This action includes the Description tab for entering a custom step description.

More on setting custom step description

Standard Error Handling Options

This action also includes the standard Error Causes and On Error failure handling options/tabs.

More on Error Handling Options

Variables and Expressions

All text fields allow the use of expressions, which can be entered by surrounding the expression in percentage signs (example: %MYVARIABLE%, % Left('Text',2)%). To help construct these expressions, you can open Expression Builder from these fields by pressing F2.

More on variables
More on expressions

More on the expression builder

Example

NOTE: The code below can be copied and pasted directly into the Steps pane of the Task Builder.

Example 1 - Passphrase Decryption

<AMDECRYPT ENCRYPTTYPE="PASSPHRASE" INPUTFILE="C:\Test\encr*.doc" OUTPUTFILE="C:\Test\decr*.doc" SUBFOLDERS="YES" KEEPFOLDERSTRUCT="YES" OVERWRITE="YES" EXCLUDE="*pri" ISNEWERTHAN="%DateSerial(2007,02,01)+TimeSerial(16,58,42)%" ATTRFILTER="-r-e" ENCRYPTALGO="Rijndael" PASSWORD="AM18VvUdXxcuRM=aME" />

 
Example 2 - Public/Private Key Decryption

<AMDECRYPT ENCRYPTTYPE="KEY" INPUTFILE="C:\Test\encr*.doc" OUTPUTFILE="C:\Test\decr*.doc" SUBFOLDERS="YES" KEEPFOLDERSTRUCT="YES" OVERWRITE="YES" ISNEWER="YES" ONLYIFEXIST="YES" ARCHIVETURNOFF="YES" EXCLUDE="*pri" ISNEWERTHAN="%DateSerial(2007,02,01)+TimeSerial(16,58,42)%" ATTRFILTER="+r-e" CRYPTUSING="KEYCONTAINER" KEYCONTAINERNAME="Microsoft Enhanced Cryptographic Provider v1.0" KEYCONTAINERLEVEL="USER" />