ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

BUG REPORT: Error "invalid byte sequence for encoding" When Sending Mail Through PGP Universal


Article ID: 157456


Updated On:


Symantec Products


Certificates being used with a "commonName" attribute with ISO8859-1 encoding instead of the correct i.e. "T.61String" or "UTF8String" encoding.

This is not compliant with RFC 3641 ( 3.3.b) "ChoiceOfStrings Types" which defines:
   b) The component type of each alternative is one of the following
      ASN.1 restricted string types: NumericString, PrintableString,
      TeletexString (T61String), VideotexString, IA5String,
      GraphicString, VisibleString (ISO646String), GeneralString,
      BMPString, UniversalString or UTF8String.

Unfortunately, it's quite common with several vendors and products like OpenSSL, Microsoft Internet Explorer and Netscape to use ISO-8859-1 instead of the standard compliant encoding.


After importing such a certificate into PGP Universal and sending a mail though the server as the imported user the following error might occur.

SMTP-00000: SMTP connection from (local address is
SMTP-00000: message <[email protected]> from [email protected] (1 recipient)
SMTP-00000: SQL command execution error: ERROR: invalid byte sequence for encoding "UTF8": 0xf8
SMTP-00000: error handling SMTP DATA event: unknown error
SMTP-00000: pgpproxy: Error processing SMTP message, awaiting next client command. (-11980)
SMTP-00000: connection from closed


PGP Universal expects the "commonName" attribute to be UTF8 and fails parsing it if a non standard compliant encoding is used.


In PGP Universal 3.2.1 MP5 a fix was implemented to handle such certificates.
If the "commonName" attribute is not UTF-8 it is considered ISO-8859-1 to be compliant with other vendors that use this non standard configuration.

Per the Release Notes:
2950213: PGP Universal Server now supports the T.61 character set for the commonName attribute on imported X.509 certificates.


This version/Maintenance Pack is available for download via your account on Symantec File Connect.

Applies To

PGP Universal versions below 3.2.1 MP5 (build 5033) using certificates with ISO-8859-1 encoded "commonName" attribute.