PGPDECRYPT -- Decrypt a PGP encrypted file

Syntax:	PGPDECRYPT	[ encrypt file ] [ target file ] [ keyring ] [ options ]
Arguments:	[ encrypt file ]	A variable or string defining the file name of the PGP encrypted file to decrypt; this file may or may not be ASCII armored. Wildcard characters are not permitted in [ encrypt file ] or [ target file ].
	[ target file ]	A variable or string defining the file name of the decrypted file; if the file exists, it will be overwritten. If an empty string is provided (i.e., “”) then the decrypted file is written to the original file name saved when the file was encrypted.
	[ keyring ]	Optional variable or string defining the location of the PGP keyring used in the decryption; if omitted, FileLink expects the keyring file to be in the current working folder.
Options:	/gpglog=xx	Include this option if you wish to define a log file where commands and responses from GnuPG (gpg.exe) are recorded during the decryption process. This log file may be used for troubleshooting; it may also be parsed by other script commands (e.g., READFILE) to identify GnuPG results not directly supported by FileLink.
	/gpgopt=xx	Any GnuPG (gpg.exe) decryption option not implemented by FileLink and therefore must be explicitly specified (e.g., --skip-verify). This option should only be used by advanced users and/or under the direction of FileLink technical support.
	/pw=xx	The PGP key Passphrase field associated with the PGP key to be used in the decryption; if you have only one key on your keyring and you saved the Passphrase field when creating or selecting the key using the FileLink configurator, you may omit this option.

This script command decrypts a file encrypted using PGP encryption. Files may have been encrypted using the FileLink PGPENCRYPT script command or any other PGP or GPG encryption application.

To decrypt a file, you must have an existing keyring containing your private key and have imported the public key of the originator of the file. You must specify your passphrase either within the command itself using the /pw option or by previously specifying it when creating or selecting a key using the FileLink configurator.

Below is a decryption example where the passphrase has been previously defined and the keyring file exists in the FileLink working folder.

If you haven’t saved the passphrase when creating the keyring then you will need to provide the passphrase on the PGPDECRYPT command as shown below.

FileLink secures your passphrase by saving it in an encoded format in the Windows registry along with its other settings. The passphrase is also never displayed in the FileLink console window nor written to any log file. But be aware that it does appear in clear-text in a script file. Therefore, the method of specifying your passphrase during configuration is the most secure.

The original file name of an encrypted file is often embedded within the decrypted file. FileLink allows an encrypted file to be automatically set to this name and saved in the current working folder by using the following syntax (Note: the [ target file ] is an empty string).

FileLink has no way of knowing what the original embedded file name is. If you use this option, you must know in advance what the file name is if you intend to perform other actions on the resulting decrypted file from within the FileLink script environment.

For advanced troubleshooting, you may include the /gpglog option which results in commands and responses to and from GnuPG (gpg.exe) being written to the specified log file. (GnuPG is the underlying PGP encryption/decryption engine used by FileLink.) The following example encrypts a file and writes to a log file named “encrypt.log”.

If a fully qualified file name is not specified, the log file will be created in the current FileLink working folder. If the file exists, it will be appended to. Delete the file before each PGPDECRYPT command if you want only a single command to be logged.

In some cases you may be required to decrypt a file using a GnuPG option that is not directly implemented by FileLink. In such cases, the /gpgopt option allows you to specify the necessary option(s) in the PGPDECRYPT command and have it passed to GnuPG. The following example encrypts a file and specifies an unsupported option.

Multiple GnuPG options may be passed using /gpgopt. When doing so, separate each complete option with a semi-colon as shown below.