Unable to send emails to *@symantec.com when Using PGP Desktop Email Encryption, or PGP Universal Server Email Encryption.


Article ID: 157160


Updated On:


Symantec Products


When PGP Universal Server or PGP Desktop try to encrypt to keys found at keys.symantec.com:389,  an error that the keys are considered invalid, and cannot be encrypted to is displayed. Depending on current policy the email may be blocked or sent as a Web messenger message.

 SMTP-31040: fatal exception evaluating policy for recipient *@symantec.com: key can’t be used for encryption -jumping to Exception chain


Keys found at keys.symantec.com:389 do not have the messaging usage flag and therefore cannot be encrypted too the key.

Sample of the Key Usage properties of a key obtained from keys.symantec.com



You will need to modify your Mail Encryption Policy appropriately.  

Use one of the following configuration options:

1) Ignore the result and send the message in the clear.
2) Set your key searches to either ignore keys from keys.symantec.com or just not search the keys.symantec.com domain at all.

Applies To

PGP Desktop 9.9 or later
PGP Universal Server 2.9 or later