topic Re: Can we avoid pinentry pop-up while using tGPGDecrypt component? in Talend Studio

Can we avoid pinentry pop-up while using tGPGDecrypt component?

jp2019_talend — Sat, 16 Nov 2024 04:47:01 GMT

Hi,

I am using Talend Open Studio for Data Integration version 7.2.1.

I have job that gets the gpg encrypted file from remote server, saves to local system, decrypts the file using tGPGDecrypt component, this works fine with decrypted file saved to local system. However, I see a passphrase pop-up during decryption every time I run the job even though I have the passphrase field filled-in with the value.

The tGPGDecrypt component Basic settings screenshot is attached:

Is there a way we can avoid pin-entry passphrase pop-up? This would be a show stopper if we plan to automate this job.

Installations used:

Talend Open Studio for Data Integration version 7.2.1.

GnuPG for Windows, version 2.2.17

I appreciate your support.

Thanks

Re: Can we avoid pinentry pop-up while using tGPGDecrypt component?

Anonymous — Mon, 23 Sep 2019 08:30:04 GMT

Hello,

Could you please create a work item jira issue with your requirement on talend bug tracker?

Best regards

Sabrina

Re: Can we avoid pinentry pop-up while using tGPGDecrypt component?

Anonymous — Wed, 18 Mar 2020 14:48:38 GMT

Hi,

Facing the same issue.

When hard-coding the passphrase or passing via context variable, the pop-up still appears.

Appreciate if you are aware of any solution.

Re: Can we avoid pinentry pop-up while using tGPGDecrypt component?

Anonymous — Fri, 27 Mar 2020 12:27:53 GMT

Hi All,

I was able to achieve this by using tsystem component and batch file. It is able to decrypt without the password prompt.

Re: Can we avoid pinentry pop-up while using tGPGDecrypt component?

Fish3 — Tue, 13 Apr 2021 15:52:52 GMT

Realize this is a year old, but this was the post that showed up in my search for answers and gave me the clues to make something work.

Problem is that we keep having the password requested of us when we try to use the decrypt component.

SHORT ANSWER: mahadev has the right of using the tsystem, but doing a batch file leave a passphrase in the clear, which isn't ideal. You CAN do it, but I don't think you SHOULD do it this way.

****A note here Talend should fix this. I found adding the --pinentry-mode loopback solves the problem. Guessing this would be just adding this to the code on the backside. Please and thank you!

LONG ANSWER:

This works as best it can with something that should work out of the box.

Step One: Use tsystem component in a Pre-job setup or a subjob prior to tgpgdecrypt component.

I found that when you run a test file with the same encryption, the loopback mode stays active for a limited amount of time and so you can then run the tgpgdecrypt component and it will not prompt for passwords.

For the actual command line I used:

"cmd /c gpg.exe --batch --yes --pinentry-mode loopback --decrypt --passphrase \""+ context.pw+"\" "+" C:/SFTP/test.pgp"

Set your home directory to where gpg.exe is installed.

This allows me to run multiple files in a filelist and iterate on those files decrypting everything at once. Notice that the pw is in a context variable. This allows me not to have a password sitting in the clear.

Step Two: Set up the context variable

Very easy to do. Make sure you use the password type instead of string. In the command line, you have to escape the passphrase with quotes so that it follows the formatting for the options of gpg.exe.

Step Three: Use tgpgdecrypt component as you think it would be used. You can set the password to your context variable as well, which is nice if you might need to use this for different encrypted files for prod/test/dev or whatever.

Hope this helps someone to save a lot of time. Spent way to much effort figuring this out.