2

I have a customer who sends me (via their legacy system) a file containing some data. The issue is that they encrypt it via PGP and then create an executable self-extracting file to encase it.

I am trying to move away from a windows process to do this extraction and they are - to put it bluntly - not technical or motivated enough to change their side of the extract.

My question is - what linux based utilities (and example commands) are there which would enable me to take this executable file and extract the data without having to run an exe on a windows platform ?

Please don't answer with "you should just be able to use gpg". Please do give the example commands I would need to use as I can't find them in the docs.

Here is a similar (probably exactly the same question) and the type of answer that I don't want : How can I decrypt a PGP Self Decrypting Archive programatically? "just use gpg"

Community
  • 1
  • 1
Richard Green
  • 2,037
  • 2
  • 20
  • 38
  • 2
    I am a little disappointed that this question has been closed due to "off topic" when, looking at the FAQ : http://stackoverflow.com/faq#questions this "fits" the requirements - predominantly "what tools commonly used by software programmers" could solve the above . I agree there is no code snippet because... I don't know what code to write to perform the above. – Richard Green Dec 27 '12 at 14:51
  • I don't believe it's off topic but you can't claim that this is a great question. What is wrong with gpg? If there's nothing wrong with it what problems are you having using it? If you want to use something else what have you investigated? What problems did you face? – Ben Dec 27 '12 at 15:11
  • It's definitely not a great question I agree with that ! I have started looking at gpg but ... I don't know where to start :-/ I have scoured the docos to no avail so far.. – Richard Green Dec 27 '12 at 15:26
  • From what I read about PGP SDA files, they are provided as a convenience to deliver encrypted files to people who do not have PGP (or gpg). Your best bet would be to install gpg (http://www.gnupg.org/), create your own key-pair and send your public key to your customer. That way they can encrypt the file directly with your key and send the result without wrapping it up in this SDA thing. Once you receive the encrypted file, there are many ways to decrypt on your side. – BellevueBob Dec 27 '12 at 18:44
  • @BobDuell - I know the best way is for the customer to change their ways ... but basically it's a legacy system, highly political, would involve getting top brass in the loop just to make one person's life a bit simpler (ie me). As mentioned, they lack the technical ability and also the motivation (ie nothing in it for them) to do such a change. Thanks anyway though for confirming what I think is the best course of action. – Richard Green Dec 30 '12 at 22:26

1 Answers1

1

I don't know of any tool that does this. I also can't find a spec for SDAs. They appear to be just what the other answer says: EXE stubs around an encrypted zip file.

Your process will probably look something like this:

  1. Parse the executable, find the data section where the encrypted zip is stored, and extract it.
  2. Decrypt the zipfile with GPG.

You'll probably want to do step 1 with a script. Python has the pefile module that allows you to inspect Windows executables. Other languages have similar libraries.

Alternatively, you can just run the SDA with wine.

cha0site
  • 10,517
  • 3
  • 33
  • 51
  • 1
    Unfortunately, running the executable in any form is what we are trying to avoid - even if in a wine sandbox (which if I am honest, will start to raise even more issues with our prehistoric security team). I appreciate your stab at the answer. It looks as if the powers that be are declaring this question off topic (not really sure why as they don't have to leave an explanation either). I would have hoped that what I am trying to do wouldn't be that complicated, but it looks as if it's beyond the experts here (and yes that is an invite to re-open the question to answer it!) – Richard Green Dec 27 '12 at 14:53
  • @Richard: It's a question of framing, really. Right now, your question is not really a programming question... It almost is, though. BTW, do you have one of these PGP SDA you can provide? – cha0site Dec 27 '12 at 19:48