PGPDECRYPT - Decrypt a PGP encrypted file

Syntax:	PGPDECRYPT	[ decrypt file ] [ target file ] [ options ]
Arguments:	[ decrypt file ]	A variable or string defining the file name of the PGP encrypted file to decrypt; this file may or may not be ASCII armored. Wildcard characters are not permitted in [ encrypt file ] or [ target file ].
	[ target file ]	A variable or string defining the file name of the decrypted file; if the file exists, it will be overwritten. If an empty string is provided (i.e., “”) then the decrypted file is written to the original file name saved when the file was encrypted.
Options:	/pw=xx	This option specified the passphrase field associated with the PGP private key used for decryption. You may omit this option if you have only one private key listed on the Manage Keys grid in the Configurator and you saved the passphrase field when you created that key in the Configurator.
	/signature=x	required - a valid digital signature must exist optional - if there is a signature it must be valid (default) ignore - signatures are ignored

This script command decrypts a file that was previously encrypted using PGP encryption. To decrypt a file you must have already imported the private key that matches the public key that was used to encrypt the file. Keys are imported with the PGPIMPORT script command or by using the Import Key functionality in the Robo-FTP Configurator. This command may by used to decrypt a file encrypted using the PGPENCRYPT script command or any external PGP or GPG encryption application.

The /pw option specifying the passphrase is required unless you have only one private key listed on the Manage Keys grid in the Configurator and you saved the passphrase field when you created that key in the Configurator.

When you use the Configurator to create new PGP keys you may optionally choose to save the passphrase. If you choose this option, the password is saved in an encrypted format in the Windows registry along with Robo-FTP's other settings. Later, when you use these keys for encryption or decryption, the passphrase will not appear in the console window nor will it be written to any log file. If you choose not to save the passphrase (or if you use externally generated PGP keys) then you will probably need to specify the passphrase in clear-text in a script file. Therefore, saving the passphrase when you create the key is the most secure option.

In the following example, the private key for decryption is the only private key in Robo-FTP and the passphrase was saved when the key was generated or imported.

If you did not save the passphrase when generating or importing the key then you will need to provide it using the /pw option as shown below.

The original file name is often embedded within a PGP encrypted file. Robo-FTP allows an encrypted file to be decrypted and saved using its original name in the current working folder by using the following syntax (Note: the empty quotes are used to pass no name to the [ target file ] argument).

Robo-FTP has no method of knowing the original embedded file name. If you use this option, you must know in advance what the file name is if you intend to perform other actions on the resulting decrypted file from within the Robo-FTP script environment. Alternatively, you could change the current working folder to one that you know is empty before decrypting the file. This would ensure that the only file in folder must therefore be the recently decrypted file.

Hint: If Robo-FTP is unable to find the correct private key for decryption, ask the person who encrypted the file for the Key ID of the public key that they used for encryption. The Key ID must match the value shown on the Manage Keys window in the Configurator. Some PGP software only displays an 8 character Key ID so in those cases you'll compare with the last 8 digits of the value shown in the Configurator. For a more precise comparison you can right-click the grid row and choose "Show Key Fingerprint" from the pop-up context menu.

Note: When the TMPFILE command is active, the output [ target file ] created by this command will have a different name until the decryption process is successfully completed.