PGP Decryption Failing - Looking for suggestions

JamesACA · a month ago

Hello,

I am working with PGP encryption for the first time and I have having issues decrypting a file using the “Bouncy Castle - PGP Utility” (ver 1.2.0). I am able to encrypt a file using the object but not decrypt it. I get the error “Private key for encrypted message was not found. Ensure the supplied Private Key Filepath contains a compatible private key for this file’s decryption”. Below I will detail the steps I have followed so far.

To create my key pair I am using GPG. I used the command “gpg --full-generate-key” and created an “RSA and RSA” key with no expiry date and 4096 bits long. For the name I selected “RPA” (as this will be used by the team), for the email address I use a shared email address and for the comment I put “TEST”. I was then prompted to input a passphrase (not within the CMD but via a popup from Kleopatra I believe). I saved the password is my password vault and then entered it. Afterword I ran the following command “--export -a "RPA" > "C:\Users\username\AppData\Roaming\gnupg\rpaTEST\rpaPublicTestKey.asc". I navigated to “C:\Users\username\AppData\Roaming\gnupg\private-keys-v1.d” and copied both private “.key” files into “C:\Users\username\AppData\Roaming\gnupg\rpaTEST”. I then created copies of both of them but changing the file extension from “.key” to “.asc”. I also created a text file called “passphrase” and in clear text entered the passphrase I originally put in. I copied the “rapTEST” folder to my Development machine in the documents folder. Now I will head over to what I did in Blue Prism.

I attached a screenshot to show my configuration for the “encrypt” action which works without a problem. I can also decrypt this file on my local desktop which I will show after. When decrypting I get the message “Private key for encrypted message was not found. Ensure the supplied Private Key Filepath contains a compatible private key for this file’s decryption”. I tried using both private keys and each their files types (“.asc” & “.key”). I tried with and without passphrase and nothing works.

Using Kleopatra on my desktop I am able to decrypt the file (that was encrypted in Blue Prism). I have attached screenshots of this process and I also included the audit logged after it was decrypted.

Please let me know what other troubleshooting steps I should follow.

Thank you,Blue Prism EncryptionBlue Prism DecryptionKleopatra Steps

Kleopatra Success

AUDIT LOG:

<html><head>
<title>GnuPG Audit Log Viewer</title>
</head><body>
<pre>gpg: encrypted with rsa4096 key, ID 72F272752BB4DF1F, created 2025-02-26
"RPA (TEST) <rpa@email.ca>"
gpg: used key is not marked for encryption use.
gpg: WARNING: cipher algorithm CAST5 not found in recipient preferences
</pre>
</body></html>

GeoffHirst · a month ago

Hi @JamesACA ,

Thank you for being a SS&C Blue Prism customer, and for using Blue Prism. I am sorry to see you are having issue with this asset.

As a first, very quick review, the reported issue seems to be suggesting a problem with the filepath. Given your key works using Kleopatra, I am assuming from your images that the key is simply pasted in here and not accessed by the file system.

So, my initial thoughts are, that this asset is written in C#. As such, filepaths SEEM to work better when the '\' (backslash) character is doubled-up, to avoid it being interpreted as an escape sequence. So, first up could I ask that you try this, double up every backslash in your file path, and see if that resolves the issue.

The next one is a bit of a straw clutch. Path length. I am not sure what the maximum path length might be for you. Some of those paths do look long, but do they breach the rules? Perhaps trying with a shorter path length. This is of course a straw clutch at this time, and my faith lies in my first recommendation.

Do come back to us here, if you are unable to resolve your issue and we will take a deeper look.

regards

Geoff Hirst Senior DX Engineer - Digital Exchange - EMEA SS&C Blue Prism

View answer in original post

GeoffHirst · a month ago

Hi @JamesACA ,

Thank you for being a SS&C Blue Prism customer, and for using Blue Prism. I am sorry to see you are having issue with this asset.

As a first, very quick review, the reported issue seems to be suggesting a problem with the filepath. Given your key works using Kleopatra, I am assuming from your images that the key is simply pasted in here and not accessed by the file system.

So, my initial thoughts are, that this asset is written in C#. As such, filepaths SEEM to work better when the '\' (backslash) character is doubled-up, to avoid it being interpreted as an escape sequence. So, first up could I ask that you try this, double up every backslash in your file path, and see if that resolves the issue.

The next one is a bit of a straw clutch. Path length. I am not sure what the maximum path length might be for you. Some of those paths do look long, but do they breach the rules? Perhaps trying with a shorter path length. This is of course a straw clutch at this time, and my faith lies in my first recommendation.

Do come back to us here, if you are unable to resolve your issue and we will take a deeper look.

regards

Geoff Hirst Senior DX Engineer - Digital Exchange - EMEA SS&C Blue Prism

JamesACA · a month ago

Hello Geoff,

Thank you for your response. I followed your suggestions, and they did not work; however, this comment, "Given your key works using Kleopatra, I am assuming from your images that the key is simply pasted in here and not accessed by the file system" was wrong as it was by the file system. I attempted to import the key, and it did not work. This made me restart my troubleshooting. I created a new key using "gpg --export-secret-keys -a "your-email@example.com" > private-key.asc" and this one worked. Thank you

SS&C Blue Prism Community

PGP Decryption Failing - Looking for suggestions