FEATURE REQUEST: Native support of x509 certificates for the Symantec Encryption Verified Directory

book

Article ID: 158674

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

The Symantec Encryption Management Server Verified Directory currently does not support the import of native x509 certificates, for example either in Base64 or DER encoded format.

Only OpenPGP keys (for example with extension ".asc") can be imported to the Verified Directory.

If OpenPGP keys are imported into Verified Directory, and X.509 certificates are bundled in the PGP Key, this will result in a partial upload, but the key will not import properly.

When trying to import a x509 certificate into the Verified Directory the certificate can not be imported.

The server will issue the following error to the user trying to import the certificate:

"Not PGP Key
The file you uploaded was not a PGP key. Please submit only PGP keys."

The Server log files for the Verified Directory service will notify the administrator with an error message:

User uploaded a key block that was not a PGP Key

If attempting to upload a PGP Key that has an X.509 certificate bundled, the key upload will appear to succeed, however upon searching for the key, and attempting to download, the following error will appear:

"The public key could not be found. It may have been removed."

Cause

This limitation of the Verified Directory applies for all Symantec Encryption Management Server versions as well as the keyserver.pgp.com public Keyserver service.

The Verified Directory was designed to host OpenPGP public keys but not x509 certificates.

Resolution

Symantec Corporation is committed to product quality and satisfied customers. This Feature Request was considered by Symantec Corporation to be addressed in a forthcoming version of the product, however it has been determined this feature will not be included in the product at this time. 

Please be sure to refer back to this document periodically as any changes to the status of the request will be reflected here.