Invalid Passphrase error returned when attempting to set passphrase caching in PGP Command Line 10.4.1 MP2 and above for AIX

book

Article ID: 184818

calendar_today

Updated On:

Products

PGP Command Line

Issue/Introduction

PGP Command Line has the ability to cache a passphrase so that every time a command is run, a passphrase is not needed. In this scenario, the passphrase caching is not working properly and will encounter an error when attempting to do so.  This started with PGP Command Line 10.4.1 MP2 and above.  This issue does not occur with PGP Command Line 10.4.1 and previous versions.

Attempting to cache the passphrase with a command similar to the following will result in the error:

/opt/pgp/bin/pgp --cache-passphrase bill --passphrase 2fudge

0xAC8DC410:cache passphrase (3011:invalid passphrase specified)

 

Resolution

This is a known issue, which has a few workarounds:

Workaround 1:
Set the EXTSHM environment variable on the AIX system with a value of ON:

export EXTSHM=ON

 

Workaround 2:

It is also possible to cache the passphrase via the preferences:

1. Set <key>CLpassphraseCache</key> to <true></true> in /etc/PGPprefs.xml

# /opt/pgp/bin/pgp --version -v | grep "Cache new"
Cache new passphrases: Enabled

2. Set the timeout to 0 (never timeout) in /etc/PGPprefs.xml:

<key>CLpassphraseCacheTimeout</key>
<integer>0</integer>

Symantec Enterprise division recognizes this as a known issue and is documented in the release notes, and recommends using the above workarounds.