ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Having two keys on Symantec Encryption Management Server is not supported for PGP Support Package for Blackberry


Article ID: 158592


Updated On:


Encryption Management Server


User having two keys on Symantec Encryption Management Server (SEMS) receive an error message during policy update.

"PGP Key is not Valid" or "PGP Key is expired"


PGP Support for Blackberry and Blackberry Enterprise Server (BES) don't have any ability to choose the primary key on the server.  Therefore users will get sometimes the second key during policy update.  Having two keys on SEMS is not supported, because only the primary key should be used for signing and encrypting email.


Symantec will not provide any solution on this issue.  Symantec provides following Workaround:

Please delete the second key from the server. If the user has Symantec Encryption Desktop (SED), the key can be imported to SED for en-/decrypting emails.

Please make sure that you have a backup of the deleted key, just in case the users has problems with their machine.

Applies To

Symantec Encryption Management Server

PGP Support Package for Blackberry