Script to Move and Decrypt Files in a Specified Directory

wirestyle22

I am playing with PGP keys for a project I am working on and the next phase requires a script to be written. This is what the script needs to do:

• Move the encrypted file into an archive.
• Decrypt the file and place it in a specific directory that will be used by the load process which an application team will be creating.

Once the load process is complete, the decrypted file will be deleted outside of the script.

I found this in my search:

@ECHO off
mv /directory/*.gpg /home/service_account/directory
SET password=jaredisacuddlebear
PUSHD "/path/to/directory"
FOR /F "tokens=+" %%F IN ('DIR * .gpg /B') DO (
        gpg --output "&&~nF" --batch --yes --passphrase %password% --decrypt "%%F")
POPD

I haven't had the opportunity to test it yet, but does this look correct? There are parts of it I'm not sure about.

JaredBusch

@wirestyle22 said in Script to Move and Decrypt Files in a Specified Directory:

jaredisacuddlebear

I don’t do the furry scene. Sorry.

wirestyle22

@JaredBusch said in Script to Move and Decrypt Files in a Specified Directory:

@wirestyle22 said in Script to Move and Decrypt Files in a Specified Directory:

jaredisacuddlebear

I don’t do the furry scene. Sorry.

If you did, what animal would you be?

Obsolesce

@wirestyle22 said in Script to Move and Decrypt Files in a Specified Directory:

@JaredBusch said in Script to Move and Decrypt Files in a Specified Directory:

@wirestyle22 said in Script to Move and Decrypt Files in a Specified Directory:

jaredisacuddlebear

I don’t do the furry scene. Sorry.

If you did, what animal would you be?

Everyone knows it would be a fox.

scottalanmiller

This is a CMD script. What language do you need and/or what platform are you writing for?

scottalanmiller

That script looks odd because it has UNIX filesystem designations mixed into Windows-only legacy code.

scottalanmiller

@wirestyle22 said in Script to Move and Decrypt Files in a Specified Directory:

Move the encrypted file into an archive.

Once we have a language, let's go step by step. Where are the files coming from? This is really easy, it's just a mv command, like you had, if it is just going from one directory to another. But if it is doing that, can't you make them get put in the right one in the first place and save that step?

scottalanmiller

@wirestyle22 said in Script to Move and Decrypt Files in a Specified Directory:

and place it in a specific directory that will be used by the load process

What's the reason for needing to move it, decrypt it, and move it again? Isn't that unnecessary steps? Or can it not be decrypted where it first gets put?

wirestyle22

@scottalanmiller said in Script to Move and Decrypt Files in a Specified Directory:

@wirestyle22 said in Script to Move and Decrypt Files in a Specified Directory:

and place it in a specific directory that will be used by the load process

What's the reason for needing to move it, decrypt it, and move it again? Isn't that unnecessary steps? Or can it not be decrypted where it first gets put?

yes, it can't. someone else is dictating where the files and placed and then where they are moved to

scottalanmiller

Let's look at this in BASH, because it's way easier...

You have files that end in .gpg in a directory now. You want them in a new one, not encrypted, correct?

#!/bin/bash
for i in $(ls /orig/directory/*.gpg); do
    gpg --decrypt $i > /new/directory/$i.txt
done

scottalanmiller

Sounds like all you need to do is list the files, loop through the ones that you found, and decrypt.

A for loop is the easiest to read, but is much longer. A find would do this too, in a single line. you could make this a one line for command, too.

No need for this to be a script, it's really just a single for loop, so just a one line command you can run.

scottalanmiller

@scottalanmiller said in Script to Move and Decrypt Files in a Specified Directory:

for i in $(ls /orig/directory/*.gpg); do
gpg --decrypt $i > /new/directory/$i.txt
done

Here it is as a command....

for i in $(ls /orig/directory/*.gpg); do gpg --decrypt $i > /new/directory/$i.txt; done

wirestyle22

This week was a learning experience.

#!/usr/bin/env bash
source "/home/datatransfer/company/master.sh"
encryptedFolderPath="/home/datatransfer/company/in /"
decryptedFolderPath="/home/datatransfer/company/out"
archiveFolderPath="/home/datatransfer/company/archive"
for i in $(ls $encryptedFolderPath.pgp)
do
    gpg --batch --passphrase $PASS --list-only --list-packets --yes $i | grep -q "encrypted"
    if [ $? != 0 ]; then
        echo "$i is not a pgp file"
        continue
    fi
    v=${i%.}
    encryptedFile="$v"
    fileName=${encryptedFile##/}
    timeNow=$(date +%Y%m%d%H%M)
    extension=${fileName##.}
    newFileName=${fileName%.*}
    fileWithTimestamp="$newFileName""_""$timeNow.$extension"

    gpg --batch –passphrase $PASS --yes --decrypt $i > $decryptedFolderPath/$fileWithTimestamp

    ls -lr $decryptedFolderPath/$fileWithTimestamp
    if [ $? != 0 ]; then
        echo "$fileWithTimestamp is not a readable file"
        continue
    fi

    mv $i $archiveFolderPath
done

Thanks to @scottalanmiller @stacksofplates and my friend Erik