I suggest to make things easier and do not depend on time stamp in file names.
The commented batch code below decrypts each file Y:\my_daily_export_*.csv.gpg once having archive file attribute set and ignores all other files.
@echo off
setlocal EnableExtensions DisableDelayedExpansion
rem All folder paths must end with a backslash!
set "ctaFolder=S:\"
set "decryptFolder=G:\"
set "encryptFolder=Y:\"
set "secret=mypassphrase"
set "Error=0"
rem Process all files matching the wildcard pattern in folder with the
rem encrypted files having the archive attribute set. Skip all directories
rem and all files matching also the pattern having archive attribute not
rem set anymore as being processed already once in the past by this script.
for /F "delims=" %%I in ('dir /AA-D /B "%encryptFolder%\my_daily_export_*.csv.gpg" 2^>nul') do call :DecryptFile "%encryptFolder%%%I"
rem Output an empty line and standard user prompt for any key
rem press in case of a decryption or copying error occurred.
if %Error% == 1 echo/ & pause
endlocal
goto :EOF
rem DecryptFile is a subroutine called by the FOR loop above to
rem decrypt the file passed as first argument to the subroutine
rem which must be with full path and enclosed in double quotes.
rem An error message is output if gpg.exe fails to decrypt the file
rem detected by exit code of gpg or by decrypted file missing or by
rem decrypted file has a file size of 0 bytes in which case the empty
rem output file is deleted before batch file processing continues.
rem The file is copied to the cta folder after successful decryption
rem with verification on successful copying. Otherwise the decrypted
rem file is kept in decrypt folder and an error message is output.
rem The archive attribute on encrypted file is removed after successful
rem decryption and copying to cta folder. So this file is not processed
rem once again in future except it is modified or copied once again into
rem folder for encrypted files on which Windows sets the archive attribute
rem automatically again on this file.
:DecryptFile
gpg.exe --batch --passphrase "%secret%" -o "%decryptFolder%%~n1" --decrypt %1 2>nul
if errorlevel 1 goto FailedDecrypt
if not exist "%decryptFolder%%~n1" goto FailedDecrypt
for /F %%J in ("%decryptFolder%%~n1") do if %%~zJ == 0 goto FailedDecrypt
set "CopiedCount=0"
for /F %%J in ('%SystemRoot%\System32\xcopy.exe "%decryptFolder%%~n1" "%ctaFolder%" /C /Q /V /Y 2^>nul') do set "CopiedCount=%%J"
if not "%CopiedCount%" == "1" (
echo Failed to copy "%decryptFolder%%~n1" to "%ctaFolder%"
set "Error=1"
goto :EOF
)
%SystemRoot%\System32\attrib.exe -a %1
goto :EOF
:FailedDecrypt
del "%decryptFolder%%~n1" 2>nul
echo Failed to decrypt file: %1
set "Error=1"
goto :EOF
Another variant is decrypting the latest file in folder according to file name which is the newest folder on file names containing the date in format YYYYMMDD.
@echo off
setlocal EnableExtensions DisableDelayedExpansion
rem All folder paths must end with a backslash!
set "ctaFolder=S:\"
set "decryptFolder=G:\"
set "encryptFolder=Y:\"
set "secret=mypassphrase"
rem With all files matching pattern my_daily_export_????????.csv.gpg
rem containing the date in format YYYYMMDD in file name the list output by
rem DIR in reverse order sorted by name results in getting as first line
rem output the newest file in the folder. This file has to be decrypted.
for /F "delims=" %%I in ('dir /A-D /B /O-N "%encryptFolder%\my_daily_export_????????.csv.gpg" 2^>nul') do (
set "FileNameFull=%encryptFolder%%%I"
set "FileNameOnly=%%~nI"
goto DecryptFile
)
goto ExitBatch
rem DecryptFile block decrypts the file specified which full file
rem name which is assigned to the environment variable FileNameFull.
rem An error message is output if gpg.exe fails to decrypt the file
rem detected by exit code of gpg or by decrypted file missing or by
rem decrypted file has a file size of 0 bytes in which case the empty
rem output file is deleted before batch file processing continues.
rem The file is copied to the cta folder after successful decryption
rem with verification on successful copying. Otherwise the decrypted
rem file is kept in decrypt folder and an error message is output.
:DecryptFile
gpg.exe --batch --passphrase "%secret%" -o "%decryptFolder%%FileNameOnly%" --decrypt "%FileNameFull%" 2>nul
if errorlevel 1 goto FailedDecrypt
if not exist "%decryptFolder%%FileNameOnly%" goto FailedDecrypt
for /F %%I in ("%decryptFolder%%FileNameOnly%") do if %%~zI == 0 goto FailedDecrypt
set "CopiedCount=0"
for /F %%I in ('%SystemRoot%\System32\xcopy.exe "%decryptFolder%%FileNameOnly%" "%ctaFolder%" /C /Q /V /Y 2^>nul') do set "CopiedCount=%%I"
if not "%CopiedCount%" == "1" (
echo Failed to copy "%decryptFolder%%FileNameOnly%" to "%ctaFolder%"
echo/
pause
)
goto ExitBatch
:FailedDecrypt
del "%decryptFolder%%FileNameOnly%" 2>nul
echo Failed to decrypt file: "%FileNameFull%"
echo/
pause
:ExitBatch
endlocal
The batch file would decrypt the newest file according to last modification date on using /O-D instead of /O-N on DIR command which would make the batch file independent on file names.
For understanding the used commands and how they work, open a command prompt window, execute there the following commands, and read entirely all help pages displayed for each command very carefully.
attrib /?call /?del /?dir /?echo /?endlocal /?for /?goto /?gpg --helpif /?pause /?rem /?set /?setlocal /?xcopy /?
Read the Microsoft article about Using Command Redirection Operators for an explanation of 2>nul.
And read the answer on Single line with multiple commands using Windows batch file for an explanation of operator &.
