HPE Community
Operating System - OpenVMS
1751687 Members
5377 Online
108781 Solutions
New Discussion юеВ

Re: How to encrypt a file in batch job to be opened later on Windows system?

 
SOLVED
Go to solution
Rick Dyson
Valued Contributor

тАО02-25-2011 07:48 AM

тАО02-25-2011 07:48 AM

How to encrypt a file in batch job to be opened later on Windows system?

I have Zip v3.0 and have tried many tricks to get around the requirement to enter the encrypted password from the command line without any success.

Any solutions on how to automate that would be greatly appreciated!

My goal is to encrypt a text file on OpenVMS, FTP it to a Windows file system and then view it there later.

On my OpenVMS systems, I only have Zip for encryption. I am aware of GnuPG and I thought it was available for OpenVMS, correct?

I currently have to do this on OpenVMS v7.3-2 but would also need to support v8.3-x soon.

0 Kudos
5 REPLIES 5
Steven Schweda
Honored Contributor

тАО02-25-2011 08:29 AM

тАО02-25-2011 08:29 AM

Solution

Re: How to encrypt a file in batch job to be opened later on Windows system?

> I have Zip v3.0 and have tried many tricks
> [...]

Did you try this "trick": "zip -h"? It leads
to this "trick": "zip -h2", which leads to
yet another "trick":

[...]
Encryption:
-e use standard (weak) PKZip 2.0 encryption, prompt for password
-P pswd use standard encryption, password is pswd
[...]

Putting a password into a script/procedure
was considered so bad an idea that "-P"
wasn't documented in earlier Zip versions
(other than in the source code). We got
tired of answering the question, however, so
now "-P" is described in the (extended,
"show more") help. We're still waiting for
the question to stop appearing, of course.

> I am aware of GnuPG and I thought it was
> available for OpenVMS, correct?

Is Google broken?

http://antinode.info/dec/sw/gnupg.html

> [...] OpenVMS v7.3-2 but would also need to
> support v8.3-x soon.

Zip should be good back to VMS V5.4 (at
least). GnuPG probably would have trouble
before V7.0. I haven't tested it on anything
before V7.3. (To the extent that I've tested
it at all. But what could go wrong?)
Rick Dyson
Valued Contributor

тАО02-25-2011 09:37 AM

тАО02-25-2011 09:37 AM

Re: How to encrypt a file in batch job to be opened later on Windows system?

Thanks Steven. I had not dug that deep into Zip's docs.

I had already picked up GnuPG from your web site and just built it on a test box I have before I got your answer concerning Zip. I will try to stick with Zip since it works seamlessly in WinXP, so far.

I find that the zip "-P" command works to encrypt in a batch job.

Rick
0 Kudos
Steven Schweda
Honored Contributor

тАО02-25-2011 10:45 AM - last edited on тАО08-04-2011 11:28 AM by

тАО02-25-2011 10:45 AM - last edited on тАО08-04-2011 11:28 AM by

Re: How to encrypt a file in batch job to be opened later on Windows system?

If you get so far as to worry about how to
get a passphrase into GnuPG
non-interactively, then you might look at:

http://h30499.www3.hp.com/t5/Security/GNUPG-Encryption-Decryption-in-Batch-on-OpenVMS/m-p/5097162#M1588

Hoff
Honored Contributor

тАО02-25-2011 10:55 AM

тАО02-25-2011 10:55 AM

Re: How to encrypt a file in batch job to be opened later on Windows system?

V8.3 and later has integrated DES and AES encryption.

Here is an example of encrypting and decrypting a text file, and then a BACKUP saveset:

http://labs.hoffmanlabs.com/node/1444

Here are some general considerations with encryption:

http://labs.hoffmanlabs.com/node/372

If you're embedding keys into DCL procedures, you really don't really have encryption; that key is rather exposed. You will have the effort and the overhead of encryption, but with rather less of the security. (The V8.3 tools can help here, as you can easily load and remove the keys.)

I might well look to use SSL or sftp here, too, given this proposed configuration really don't have end-point security. Viewing the file resident on OpenVMS from the remote client can also be easily feasible via https, for instance. Probably also via WebDAV via https, too, given OpenVMS Apache did appear to have that capability, and given that Windows and Mac OS X can access WebDAV with rather less hassle than can VMS.
0 Kudos
John Gillings
Honored Contributor

тАО02-27-2011 01:04 PM

тАО02-27-2011 01:04 PM

Re: How to encrypt a file in batch job to be opened later on Windows system?

Rick,

copy and paste from production code creating an encrypted ZIP file to be sent into the PC world:

$ ZIP -qmj "-P" 'pass' 'zipname' 'scratch'*.CSV


symbol pass contains the ZIP password, zipname is the name of the zip file and scratch is a directory containing a number of CSV files to be zipped and encrypted.
A crucible of informative mistakes
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.