Encrypting network file shares to Group Keys with PGP File Share Encryption
search cancel

Encrypting network file shares to Group Keys with PGP File Share Encryption

book

Article ID: 161242

calendar_today

Updated On: 02-05-2025

Products

File Share Encryption Encryption Management Server Desktop Email Encryption Drive Encryption Gateway Email Encryption

Issue/Introduction

This article will go over the steps on how to use PGP File Share to encrypt shares using Group Keys, which will save you a lot of time and effort.  Using  Group Key will mean you no longer need to reencrypt shares when you want to add or remove user access.  All you need to do is add the users to the existing Group in PGP Encryption Management Server, and the users will then be able to immediately access the shares, all without needing to enter a passphrase.

Group Keys are secure as well.  When the user authenticates to the PGP Encryption Server for policy this group access is automatically determined.  If the user is part of an applicable group, whenever accessing the share is performed, the share is automatically unlocked and the keys are never stored locally, which means you don't need to worry about user key management.

 

For information on other topics for File Share Encryption, see the following articles:

155519 - Best Practices for Creating and Managing Symantec File Share Encrypted Folders
180791 - Symantec File Share Encryption Group Key FAQ's.
180789 - How do I create a new Group with a File Share Encryption Group Key on PGP Encryption Management Server?
155582 - Adding a Group Key to an Existing Group on the PGP Encryption Management Server

Resolution

In order to provide access to Network drive for all the members of the consumer group, manually add the Group key to the Encrypted folder using following steps.

For details on creating Group Key refer to the PGP Fileshare Encryption Group Key FAQ's 

  1. Right Click on the Folder and select "Reencrypt”
  2. From the “Add Users” window, select "Add”
  3. Select the Group Key if already imported in the keyring and click on Add, else search the group key from the PGP Key Server and "Add" to the keys. 
  4. Click on "OK".
  5. From the Select Signer page, from the drop down select the Signer (optional).
  6. Click on "Next", and then "Finish" 

Related articles: 

Tip: Network Drives should not be added in whitelist from consumer policy. If we do so, the content of the folder are encrypted to the key of the first user to receive the policy setting who has the shared folder mapped on their computer as a network drive, and no other user can assess the encrypted network drive.

 

Best Practices for Creating and Managing Symantec FileShare Encrypted Folders

 

Applies To

Symantec Encryption Desktop (PGP)

Symantec Encryption Server, powered by PGP.

Powered by Wolken Software