PGPENCRYPT        Encrypt a file using PGP

 Top  Previous  Next

Syntax:

PGPENCRYPT

[ src file ] [ target file ] [ keyring ] [  options ]

Arguments:

[ src file ]

A variable or string defining the file name of the PGP encrypted file to encrypt. Wildcard characters are not permitted in [ src file ] or [ target file ].

 

[ target file ]

A variable or string defining the file name of the newly encrypted file; if the file existed, it will be overwritten.

 

[ keyring ]

Optional variable or string defining the location of the PGP keyring used in the encryption; if omitted, FileLink expects the keyring file to be in the current working folder.

Options:

/armor

Select this option to ASCII armor the [ target file ].

 

/gpglog=xx

Include this option if you wish to define a log file where commands and responses from GnuPG (gpg.exe) are recorded during the encryption process. This log file may be used for troubleshooting; it may also be parsed by other script commands (e.g., READFILE) to identify GnuPG results not directly supported by FileLink.

 

/gpgopt=xx

Any GnuPG (gpg.exe) encryption option not implemented by FileLink and therefore must be explicitly specified (e.g., --force-v3-sigs). This option should only be used by advanced users and/or under the direction of FileLink technical support.

 

/comment=xx

The PGP key Comment field on your keyring associated with the PGP key of the recipient of the encrypted file; this option may not be necessary if enough information is provided via the /email and/or /user options to uniquely identify the recipient’s key on your public keyring. The comment specified must completely match the Comment field in the keyring.

 

/email=xx

The PGP key E-mail Address field on your keyring associated with the PGP key of the recipient of the encrypted file; this option may not be necessary if enough information is provided via the /comment and/or /user options to uniquely identify the recipient’s key on your public keyring. The e-mail address specified must completely match the E-mail Address in the keyring.

 

/pw=xx

The passphrase associated with the private key on your keyring necessary when using the /sign option; if a passphrase was not saved when the key was created or when a keyring was selected using the FileLink Configurator then this option is required when the /sign option is specified so that the encrypted file can be digitally signed; otherwise the passphrase saved at configuration time is used if present.

 

/sign

Select this option if you wish to digitally sign the file using your own public key.

 

/textmode

Select this option if you wish to have [ target file ] saved in a text mode format.

 

/user=xx

The PGP key User Name field on your keyring associated with the PGP key of the recipient of the encrypted file; this option may not be necessary if enough information is provided via the /comment and/or /email options to uniquely identify the recipient’s key on your public keyring. The user name may be a full or partial match with the User Name field in the keyring if /user option is used without /comment and /email. It must be a complete match if either or both of the /comment or /email options are used.

 

.

This script command encrypts a file using PGP encryption. Files may be decrypted using the FileLink PGPDECRYPT script command or any other PGP or GPG encryption application.

 

To encrypt a file, you must have an existing keyring containing the private key you wish to use. (If you have multiple private keys on a given keyring, FileLink will always use the first key.) You must also have the public key of the recipient of the file on the keyring and use the /user, /comment, and/or /email options to specify all or part of the key ID for it to be identified.

 

Use the /armor option if you wish the resulting file to be in ASCII armored format.

 

Use the /sign option if you wish the resulting file to be digitally signed.

 

Use the /textmode option if you wish the resulting file to be a text mode format.

 

When signing an encrypted file, you must specify your passphrase either within the command itself using the /pw option or by previously specifying it when creating or selecting a key using the FileLink configurator.

 

Important

FileLink secures your passphrase by saving it in an encoded format in the Windows registry along with its other settings. The passphrase is also never displayed in the FileLink console window nor written to any log file. But be aware that it does appear in clear-text in a script file. Therefore, the method of specifying your passphrase during configuration is the most secure.

 

It is typical for encrypted files to have an extension of .gpg (except where noted below). In most of the examples below, we add this extension at the end of the original file to create the name of the encrypted version of the file. We recommend that you adopt these conventions as well.

 

       Original File Name: "datafile.txt"

       Encrypted File Name: "datafile.txt.gpg"

 

For ASCII armored files (see below):

 

       Original File Name: "datafile.txt"

       Encrypted File Name: "datafile.txt.asc"

 

In the example below a file is encrypted using a public key on the default keyring that is identified by a user name of “Dick Tracy”.

 

       PGPENCRYPT "datafile.txt" "datafile.txt.gpg" /user="Dick Tracy"

 

In the example below, more of the key ID is specified.

 

       PGPENCRYPT "datafile.txt" "datafile.txt.gpg" /user="Dick Tracy" /[email protected]

 

The following example encrypts a file and specifies the keyring is in an alternate location.

 

       PGPENCRYPT "datafile.txt" "datafile.txt.gpg" "c:\gnupg" /user="Dick Tracy"

 

The following example encrypts a file and specifies the output format to be ASCII armored. (The .asc extension is typically used for these types of files.)

 

       PGPENCRYPT "datafile.txt" "datafile.txt.asc /user="Dick Tracy" /armor

 

The following example encrypts a file and digitally signs it.

 

       PGPENCRYPT "datafile.txt" "datafile.txt.gpg" /user="Dick" /sign /pw="my passphrase"

 

Important

When encrypting a file, PGP requires the public key of the recipient so that only the recipient may decrypt the file. The recipient’s public key must be present on your keyring at the time of encryption. Keys are imported to your keyring by way of the PGPIMPORT script command or by using the Manage Key functionality in the FileLink configurator.

 

For advanced troubleshooting, you may include the /gpglog option which results in commands and responses to and from GnuPG (gpg.exe) being written to the specified log file. (GnuPG is the underlying PGP encryption/decryption engine used by FileLink.) The following example encrypts a file and writes to a log file named “encrypt.log”.

 

       PGPENCRYPT "datafile.txt" "datafile.txt.gpg" /user="Dick" /gpglog="encrypt.log"

 

If a fully qualified file name is not specified, the log file will be created in the current FileLink working folder. If the file exists, it will be appended to. Delete the file before each PGPENCRYPT command if you want only a single command to be logged.

 

In some cases you may be required to encrypt a file using a GnuPG option that is not directly implemented by FileLink. In such cases, the /gpgopt option allows you to specify the necessary option(s) in the PGPENCRYPT command and have it passed to GnuPG. The following example encrypts a file and specifies an unsupported option.

 

       "datafile.txt" "datafile.txt.gpg" /user="Dick" /gpgopt="--force-v3-sigs"

 

Multiple GnuPG options may be passed using /gpgopt. When doing so, separate each complete option with a semi-colon as shown below.

 

       PGPENCRYPT ... /gpgopt="--force-v3-sigs;--no-verbose"

 

Be sure to always precede each GnuPG option with two dashes.

 

Related Command(s): PGPDECRYPT, PGPIMPORT