Results 1 to 4 of 4
  1. #1
    Join Date
    Dec 2009
    Posts
    6

    Unanswered: PGP Decryption From Stored Procedure

    Hi All;

    I am trying to write a stored procedure that decrypts .pgp files.
    Since i knew how to create a batch file manually to decrypt these files, i figured i would create a batch file programatically in my stored procedure and run it from there.
    This was the the case. The batch file was created, but would not run in SQL Server and gave me the following errors:
    gpg: encrypted with RSA key, ID 6FD97C2D
    gpg: decryption failed: secret key not available
    When i tested the batch file manually from windows, it worked perfectly, so i know my password is not the issue.

    Any advice would be appreciated and thank you in advance.

    I provided my sample sql code below:

    Code:
    SELECT @pgpsql = 'exec master..xp_cmdshell ''echo c: > c:\decrypt.bat'''
    EXEC (@pgpsql )
    SELECT @pgpsql = 'exec master..xp_cmdshell ''echo cd "\pgp\" >> c:\decrypt.bat'''
    EXEC (@pgpsql )
    SELECT @pgpsql = 'exec master..xp_cmdshell ''echo gpg.exe --batch --passphrase "password" c:\filename.txt.pgp >> c:\decrypt.bat'''
    EXEC (@pgpsql )
    SELECT @pgpsql = 'exec master..xp_cmdshell ''echo exit >> c:\decrypt.bat'''
    EXEC (@pgpsql )
    SELECT @pgpsql = 'exec master..xp_cmdshell ''c:\decrypt.bat'''
    SELECT @pgpsql 
    EXEC (@pgpsql )

  2. #2
    Join Date
    Nov 2004
    Location
    on the wrong server
    Posts
    8,835
    Provided Answers: 6
    This is an inappropriate use of the DATA layer. Do this in your application code. It will be easier and fraught with fewer headaches. Since the data layer is often a performance bottleneck, it is just wrong to use the SQL engine for things that are not related to the data layer. This is file system stuff.
    “If one brings so much courage to this world the world has to kill them or break them, so of course it kills them. The world breaks every one and afterward many are strong at the broken places. But those that will not break it kills. It kills the very good and the very gentle and the very brave impartially. If you are none of these you can be sure it will kill you too but there will be no special hurry.” Earnest Hemingway, A Farewell To Arms.

  3. #3
    Join Date
    Dec 2009
    Posts
    6
    What do you mean by "Application Code" ?

  4. #4
    Join Date
    Jun 2004
    Location
    Long Island
    Posts
    696
    Since the .cmd files are running in the O/S, I believe they have access to the PGP Keys, I'm not sure if they can be read via o/s calls from sql/data layer. I've never bothered with trying to do it from sql, I just use batch file wrappers.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •