PGP Desktop 10.4.2 HF1 and above cannot decrypt PGP zip files that were created with Encryption Desktop 10.4.2 and below.
If you are experiencing issues decrypting emails automatically after upgrading to Symantec Encryption Desktop 10.4.2 HF1 or above, please see the following article: Unable to decrypt email after installing Encryption Desktop 10.4.2 HF1 or above.
If you double click on the *.pgp file from Windows File Explorer the error is:
The PGP Zip may be corrupt. (-10800)
If you right click on the *.pgp file from Windows File Explorer and use the Symantec Encryption Desktop context menu to Decrypt & Verify the error is:
An error has occurred: PGPError #-10800
This error may also appear:
Decryption blocked. The file that you are trying to decrypt is not secure because it is not encrypted using SEIP (Symmetrically Encrypted Integrity Protected) packets.
Symantec Encryption Desktop and Symantec Encryption Management Server release 10.5 or above.
Encryption Desktop 10.5 and above protects against the EFAIL report by default. This change was introduced in release 10.4.2 HF1 and it prevents decryption of PGP Zip files if the PGP Keys were created before 10.4.2 HF1. If you have upgraded to 10.4.2 HF1 or above, this functionality will be engaged as it has SE Packets detection, which was an older method of encryption with these keys.
As part of these security features, PGP Desktop will decrypt PGPzip files if they include SEIP packets (newer method) instead of SE packets (Older method). The SEIP Packets include an additional Integrity Protection feature, which mitigates the Efail report.
For PGP Desktop versions below 10.4.2 HF1, there are two conditions in which files would have been encrypted using the SE packets instead of the more secure/modern SEIP packets:
The best solution is to upgrade your PGP Desktop client to the latest release of the software and generate a new key and then distribute this new public key to your third parties. Ensure your recipients are running the latest versions to support these Version 4 keys as well.
If an Additional Decryption Key (ADK) is being used, it is recommended to replace it with a key generated with release 10.5 or above. For information on ADK Generation Guidelines, see the following article:
153511 - Additional Decryption Key (ADK) Guidelines for Symantec Encryption Management Server
If you have old content that you still need to decrypt, and are unable to do so after upgrading to PGP Desktop 10.4.2 HF1 or above, reach out to Symantec Encryption Support for further guidance.