FEATURE REQUEST: All compatibility of X.509 certificates on Symantec Encryption Management Server using RSASSA-PSS algorithm

book

Article ID: 158768

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption PGP Command Line Encryption Management Server Endpoint Encryption File Share Encryption Powered by PGP Technology PGP Viewer (for Android) Gateway Email Encryption Mobile Encryption for iOS iOs FileShare PGP SDK

Issue/Introduction

When trying to import an X.509 certificate which uses the RSASSA-PSS signature scheme into Encryption Management Server using the Add External Users button in the administration console under Consumers / Users / External Users, the import fails.   There is currently no support for X.509 certificates using RSASSA-PSS.

A Feature Request has been submitted for generating/using keys using RSASSA-PSS.

Symantec Corporation is committed to product quality and satisfied customers. Technical Support filed a Feature Request to add the functionality listed above. This Feature Request is currently being considered by Symantec Corporation to be addressed in a forthcoming version of the product.  

There is no guaranteed date for this request from the Encryption Product Management team, or the Encryption Engineering team at this time. Please be sure to refer back to this article periodically as any changes to the status of the request will be reflected here. You can also subscribe to this article to receive notification when it is updated.

To have your organization added to the list of companies that desire this Feature Request, please contact technical support.

Note: A similar Feature Request has been made for PGP Key Support for RSASSA-PSS and Symantec Encryption Management Server (See article TECH257065 for more details).

The administration console shows this error message. Note that the Administration log does not contain any error:

Import Failed
There was an error importing the external user keys. Please check the Administration logs for further details.

Cause

This is by design. Encryption Management Server does not support X.509 certificates that use the RSASSA-PSS signature scheme.

Environment

Encryption Management Server 3.3 and above.

Resolution

Symantec Corporation is committed to product quality and satisfied customers.  This Feature Request is currently being considered by Symantec Corporation to be addressed in a forthcoming version of the product.

Technical Support filed a Feature Request to add this product feature. Note that an feature request is exactly that, a request. There is no committed date for this request from the Endpoint Encryption Product Management team, nor from the Endpoint Encryption Engineering team at this time.

Please be sure to refer back to this document periodically as any changes to the status of the request will be reflected here.