Unable to decrypt S/MIME email encrypted using the RSAES-OAEP key transport algorithm with PGP Encryption Server (Symantec Encryption Management Server)
search cancel

Unable to decrypt S/MIME email encrypted using the RSAES-OAEP key transport algorithm with PGP Encryption Server (Symantec Encryption Management Server)

book

Article ID: 170265

calendar_today

Updated On: 03-12-2025

Products

Encryption Management Server PGP Command Line PGP Encryption Suite PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK Desktop Email Encryption Drive Encryption Endpoint Encryption File Share Encryption Gateway Email Encryption

Issue/Introduction

The PGP Encryption Server (Symantec Encryption Management Server) cannot decrypt S/MIME email encrypted using the RSAES-OAEP (RSA Encryption Scheme - Optimal Asymmetric Encryption Padding) key transport algorithm.

The mail log will contain entries like this when the PGP Encryption Server attempts to decrypt an RSAES-OAEP encrypted message:

2017/10/11 09:30:09 +01:00  INFO   pgp/messaging[3412]:      SMTP-00001: recipient internal.user@example.com: policy rule match: chain: "Inbound", rule: "Decrypt Message (SMTP)"
2017/10/11 09:30:09 +01:00  WARN   pgp/messaging[3412]:      SMTP-00001: fatal exception evaluating policy for recipient internal.user@example.com: unimplemented public key operation - jumping to Exception chain

Resolution

If you are using RSAES-OAEP, and finding that decryption is failing, this not currently supported.  

If you are running into this issue, reach out to Symantec Encryption Support for further guidance.

Additional Information

EPG-37432

Powered by Wolken Software