Command Line

 View Only

 Decryption of .asc files

Sougata Chandra's profile image
Sougata Chandra posted Jun 24, 2021 01:15 AM
Hi All ,

We are evaluating the CLI tool for encryption/decryptions.
The file types we are using are .txt, .pdf, .asc , .csv etc.

We bump into an issue when using pgp on a  normal mainframe and unix ascii files - the files gets encrypted as <filename>.asc.pgp
But when we try to decrypt the encrypted files , the decrypted file is <filename> without any file extension.

This does not happen for .pdf or .txt file.

Do we need to do anything different for the .asc files to decrypt.


Adam's profile image
Broadcom Employee Adam

Adam's profile image
Broadcom Employee Adam
Hi Sougata,

Thank you for your interest in PGP Command Line.  I think I see what's happening.  PGP treats the asc and pgp file extensions to mean that the file contains pgp-encrypted data.  The pgp extension means the file contains pgp-encrypted data in binary format while asc means the file is using ascii-armor to represent encrypted data.  Ascii-armor is PGP's Radix-64 format for representing data in a text-only format safe for all platforms and transmission mediums.  After decrypting a file, pgp tries to remove any extension from the file name that indicates encrypted content.  I suspect that is why .asc.pgp is removed.  There is a way forward.  PGP has an output option, -o,  that allows specifying the filename as a full or relative path.  This lets the user place the file in a new location as well as override the filename.  Here is a small shell script example (using bash on linux) that overrides the output name.


# trim path, could also use basename utility
# remove .pgp from the end of base_output_name


echo "encrypted filename: $encrypted_filename"
echo "   output filename: $output_filename"

The output is as follows:

encrypted filename: /some/path/to/file.asc.pgp
   output filename: file.asc

Using the logic from the example script, we can retain the .asc portion of the filename.

pgp -d "$encrypted_filename" -o "$output_filename"

My example did not include an output path in the new filename so it should be placed in the current working directory.  A production implementation may specify an output location more explicitly.

I hope this answers your question and helps you find a solution that uses PGP Command Line.