search cancel

Encryption Management Server Key Cache purge routines differ depending on how keys are retrieved


Article ID: 162609


Updated On:


Encryption Management Server Gateway Email Encryption


The Encryption Management Server Key Cache stores keys that are found in inbound email messages that pass through Encryption Management Server or are looked up on a remote key server.

The key cache is shown in the administration console under Keys / Key Cache. If the Source column for a key shows Mailflow then the key was found in an email. If the Source shows the hostname of a key server then the key was retrieved during a key lookup. For example, is the hostname of the PGP Global Directory.


Symantec Encryption Management Server 10.5 and above.


Keys retrieved from external key servers are, by default, purged after 1 day. Keys that are retrieved from the inbound mail flow are purged after 180 days.

Clicking on the Cache Settings button allows you to modify the number of days or hours that keys retrieved from external key servers are retained.


Important Note: It is not possible to change the purge settings for keys retrieved from the inbound mail flow.  In other words, if an SMIME email comes inbound to the PGP server, and the key is cached (in Key Cache), this cached key does not get purged per the Key Cache Settings configuration and is hardcoded at 180 days.

Only keys that are cached via Keyserver searches are cached and then get purged per the key cache settings. 


Keys in the cache can be manually deleted or imported. If they are imported, an external user will be created.

Additional Information

158748 - Key Cache with Symantec Encryption Management Server FAQ (Caching Keys for inbound email)

233835 - Symantec Encryption Management Server is not Encrypting to cached keys