ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Using Keyserver.pgp.com with the PGP Global Direcotry to find public keys with Symantec Encryption products

book

Article ID: 181410

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption Encryption Management Server Mobile Encryption for iOS

Issue/Introduction

 Symantec Encryption Management Server has some advanced capabilities for managing PGP Keys as well as SMIME (X.509) certificates.

Broadcom continues the tradition of offering this public keyserver as a service to be able to upload keys publicly.  All keys submitted to the PGP Global Directory server go through a verification process so all keys uploaded are trusted insofar as each key submitted contains an email address, and the owner of the key must validate an email the PGP Global Directory sends  to this owner before the key is uploaded.  In this way, all the keys submitted are for valid email addresses.  In order for the keys to remain on the server, a user must re-validate periodically through this same process, otherwise the keys are automatically removed from the server.

Using the PGP Global Directory also offers you a way to test whether your ports may be open for proper communication in searching for keys.  

Each key that is submitted to the PGP Global Directory is also signed by the "PGP Global Directory Verification Key".  If a user imports and trusts this key, then all keys found on the PGP Global Directory can then be automatically trusted and subsequently all keys can then be used to encrypt to.

Resolution

When you go to the PGP Global Directory Server, you can see the main UI where you can search for keys:

Enter some known information about the key in the field above and click Search, and then enter the CAPTCHA, then the key should then be found.

To download the PGP Global Directory Verification Key, click the URL "Download Verification Key" on the main page.

The Key ID for the PGP Global Directory is 0xCA57AD7C

 

If you would like to test whether or not you have connectivity to the PGP Global Directory with Symantec Encryption Desktop, open the client and click on PGP Keys.

You will then see the following window where you can search for keys you need to find.  Notice in the "Search" field, "keyserver.pgp.com" is listed.  The Default port used for this is "389", which is a common port for LDAP used for key lookups.  

 

You can change this port to "636" if you wish by editing the keyserver list for this keyserver:

Next, select the "Custom" field and enter port "636":


Now when you use the search functionality within Symantec Encryption Desktop, it'll use port 636, which is for LDAPS (Secure LDAP).

 

If you would like to test whether the port is open from one of your systems, run the following command:

telnet keyserver.pgp.com 389

and

telnet keyserver.pgp.com 636

 

 

For information on how to submit your key to the PGP Global Directory server, see the following article:

180125 - HOW TO: Submit a Public Key to the PGP Global Directory Using a Web Browser (Windows)

 

 

Additional Information

Historical Information:

Historically, PGP Corporation carried on the tradition of signing the installation files that were distributed to customers so the assurance that no modifications were made between the files being posted, and the files being downloaded to the destination have occurred.  This is why when a file is downloaded and extracted, a .sig file will be included so it can then be verified, given the proper keys are in place to do so.

NOTE: Symantec Corporation continued this tradition with all Symantec Encryption products (Formerly PGP Encryption products) until Symantec Encryption products versions 10.3.2 and 3.3.2.  Starting with Symantec Encryption products 10.3.2 MP1\3.3.2 MP1, Symantec provides these zip files, however upon extraction, all installation files are immediately available for use.  Although the .sig files are no longer included, all files downloaded from fileconnect.symantec.com can validated against the SHA-1 hash values posted on the fileconnect site using any preferred hash validation tool. 

Prior to Symantec Encryption products versions 10.3.2 MP1 and 3.3.2 MP1, once the installation files were released, they were signed by the Corporate Release Key that is available publicly.  As of this writing, this same Corporate Release Key is available to validate all prior versions of the software (Versions 10.3.2\3.3.2 and previous).

This Corporate Release Key continues to be named “PGP Corporate Release Key” and can be found on the PGP Global Directory Server.


The Key ID for this PGP Corporate Release Key is 0xFA85D00F.

This PGP Corporate Release Key has been signed by various trusted sources, one of which is the PGP Global Directory Verification Key.

Attachments

PGP Global Directory Verification Key.asc get_app
PGP Corporation Release Key.asc get_app