Certain special characters do not work properly unless escaped when used via Symantec Drive Encryption (previously PGP Whole Disk Encryption) Command Line

book

Article ID: 158166

calendar_today

Updated On:

Products

Drive Encryption

Issue/Introduction

When you run the pgpwde --add-user or pgpwde --secure command at a Microsoft Windows command prompt, the passphrase is accepted when entered as input on the Command Line, but the passphrase fails to authenticate successfully at the pre-boot authentication (BootGuard) prompt. The same complex passphrase may work correctly on the Symantec Encryption Desktop (previously PGP Desktop) graphical user interface.

Note: The PGP product line has been renamed. For a detailed map of old product names to new ones, refer to the Symantec Knowledgebase article TECH197084.

Authentication failed: "Incorrect passphrase"
Environment: Microsoft Windows command prompt

 

Cause

The passphrase authentication fails when you enter certain special characters using Command Line, without the escape character. These special characters are not saved properly on the hard disk used for Drive Encryption. This causes the user authentication failure even when the correct passphrase is entered at the pre-boot authentication prompt.

Resolution

A few special characters are interpreted differently when used in the Windows command prompt. Hence, you should precede the caret (^) escape character with the '&' and '>' characters at the Windows command prompt. However, using the Caret character does not solve the issue if a passphrase has double quotes in it.

For example:

For a complex passphrase, such as [email protected]&jelly>[email protected]&cheese, the Caret character should precede the '&' and '>' characters as follows:

[email protected]^&jelly^>[email protected]^&cheese

Note: The same complex passphrase may work correctly without the use of the Caret character on the Symantec Encryption Desktop graphical user interface.