After upgrading to Encryption Desktop version 10.4.2 MP1 or above, you are unable to decrypt emails automatically. The PGP Viewer can successfully decrypt the email content. The issue occurs when the email was encrypted with a release of Encryption Desktop below 10.4.2 MP1 but is being decrypted by 10.4.2 MP1 or above.
NOTE: If you are experiencing issues decrypting PGP Zip files or other encrypted files after upgrading to Encryption Desktop 10.4.2 MP1 or above, please see article 173613.
Entries like this appear in the Encryption Desktop log file:
MAPI Proxy: Decryption failed with error: PGPError #-12562
In 10.4.2 MP1 and above, Encryption Desktop only decrypts email messages that include SEIP (Symmetric Encryption Integrity Protection) packets, not just SE (Symmetric Encryption) packets. The Integrity Protection feature mitigates the Efail vulnerability.
When encrypting an email with Encryption Desktop 10.4.2 MP1 and above, Encryption Desktop will enforce the use of SEIP packets regardless of the key(s) used to encrypt the email.
For Encryption Desktop versions below 10.4.2 MP1, there are two conditions in which emails could be sent using the SE packets instead of the more secure SEIP packets. Both involve keys that would be considered to be old and/or deprecated, especially with the discovery of the Efail vulnerability:
These conditions do not affect emails encrypted by Encryption Desktop 10.4.2 MP1 or above.
Upgrade all clients to 10.4.2 MP1 or above and generate new keys so that SEIP packets will be used regardless of the key settings. Distribute the new keys to third parties.
If an ADK (Additional Decryption Key) is being used, please replace it with a key generated with release 10.4.2 MP1 or above.
The steps above will not allow email messages sent or received before upgrading to be decrypted automatically. These messages can be decrypted with PGP Viewer. Note, however, that PGP Viewer does not work correctly with some versions of Outlook.
Encryption Desktop 10.4.2 MP2 and above includes two new policy options:
If your organization understands these risks and wishes to implement one of these policy options, please contact Technical Support for assistance in configuring these policy options.