PGP Command Line Suggested Output Functionality
search cancel

PGP Command Line Suggested Output Functionality


Article ID: 162542


Updated On:


PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption


PGP Command Line uses a "Suggested Output" feature when encrypting files to help facilitate in a consistent and predictable experience. 

When a file is encrypted, the file will eventually be decrypted, and the suggested output file will be the output name upon decryption. 




As an example of this suggested output functionality, consider a file that is called "testing123.txt". 

When the file is encrypted, the suggested output will be taken into account and will be marked within the encrypted file.  For encryption solutions that comply with the PGP standards and support the Suggested Output functionality, the suggested output will be called "testing123.txt". 

The encrypted file may be called "testing123.txt.pgp".  Upon decryption, the output file should automatically be named "testing123.txt".

It is possible to rename a file that was already encrypted to something else, but even when the file is renamed, it does not change the marker that designated the "suggested output" when the file was encrypted.



Scenario 1: A File was received, but the output file is nothing similar to the encrypted filename.

Take for example, the filename from the example above, "testing123.txt".  Upon encryption, the encrypted output file will be called testing123.txt.pgp". 
The .pgp extension is a clue that the file is encrypted, but there could be reasons the sender may want to rename the file, such as, we don't want the ".txt" to be included as a clue of the type of file inside.
If the sender renames the "testing123.txt.pgp" file to "thelist.pgp", the recipient will decrypt the file, but the output file will still be "testing123.txt".

In order to override this functionality, the "--output" option (-o for shorthand version) can be used, and any output filename could be used, such as the following:

--output c:\testingXYZ.txt" 

By using the --output option, the suggested output marker is overriden and will then decrypt the file to any filename specified. 

Scenario 2: USP In Older Versions Not Honoring Suggested Output
This has been resolved in PGP Command Line 10.3.2 MP11.

Consider the following scenario:
A file "test.txt" is encrypted and signed with PGP Command Line.  As no "-o" operation is specified in the command, the output file would be "test.txt.pgp".  Rename this file to "newfile.pgp".

Although this file has been renamed, during encryption, a "suggested output" standard was used so that a decryption routine should honor the suggested output filename.  In this scenario, when running the following command, as there is no "-o" option specified, the expected output filename should be "test.txt", even if the file has been renamed:

pgp --decrypt newfile.pgp --auth-username "skm" --auth-passphrase "skm" --usp-server keys.manageddomain.dom --debug --auth-passphrase "skm" --debug

When using PGP Command Line 10.3.2 and the "-usp-server" option, the suggested output filename is not honored for encryption, or decryption.


Symantec Encryption always recommends being on the latest version of the software.  For a list of the latest versions, see the following KB:

156303 - Symantec Encryption Products Current Version Available