Using the Universal Services Protocol to search for and import external user public keys from Encryption Management Server using PGP Command Line

book

Article ID: 158845

calendar_today

Updated On:

Products

PGP Command Line Encryption Management Server File Share Encryption Powered by PGP Technology

Issue/Introduction

PGP Command Line can search for the public keys of Internal users on Encryption Management Server using the LDAP or LDAPS protocol and import them into its keyring. However, it cannot search for or import  the public keys of External users.

In order to search for and import external user public keys on Encryption Management Server using PGP Command line, the USP (Universal Services Protocol) needs to be used. 

Note that Verified Directory keys can be searched for and imported by PGP Command Line using the --keyserver-search and --keyserver-recv commands. See article TECH247428 for further information on how to do this.

Cause

 

Environment

  • Encryption Management Server 3.3 and above with the Universal Services Protocol running.
  • PGP Command Line 3.3 and above.

Resolution

Use the following steps to search, download and import a public key from Encryption Management Server using the Universal Services Protocol:

  • Search for an external public key using the Key ID:

pgp --search-mak "EQ(KEY_ID, "0x00000000")" --usp-server keys.example.com --auth-username username --auth-passphrase userpassphrase

  • The output of this command will show the key information including the UUID for the public key. For example:
fda70193-88e5-4a0e-8505-999c1dd29d40  CKM   [email protected]
  • Use this UUID with the export-mak parameter in order to download the key to a file (username.asc in this example). The auth-username and auth-passphrase parameters are the username and passphrase of a valid user on Encryption Management Server:
pgp --export-mak fda70193-88e5-4a0e-8505-999c1dd29d40 -output username.asc --usp-server keys.example.com --auth-username username --auth-passphrase userpassphrase
  • Import the file containing the key into the local PGP Command Line keyring:
pgp --import --input username.asc 
  • If the key imported successfully, delete the key file: 
pgp --wipe username.asc