PGP Command Line has the ability to cache a passphrase so that every time a command is run, a passphrase is not needed. In this scenario, the passphrase caching is not working properly and will encounter an error when attempting to do so. This started with PGP Command Line 10.4.1 MP2 and above. This issue does not occur with PGP Command Line 10.4.1 and previous versions.
Attempting to cache the passphrase with a command similar to the following will result in the error:
/opt/pgp/bin/pgp --cache-passphrase bill --passphrase 2fudge
0xAC8DC410:cache passphrase (3011:invalid passphrase specified)
This is a known issue, which has a few workarounds:
Set the EXTSHM environment variable on the AIX system with a value of ON:
It is also possible to cache the passphrase via the preferences:
1. Set <key>CLpassphraseCache</key> to <true></true> in /etc/PGPprefs.xml
# /opt/pgp/bin/pgp --version -v | grep "Cache new"
Cache new passphrases: Enabled
2. Set the timeout to 0 (never timeout) in /etc/PGPprefs.xml:
Symantec Enterprise division recognizes this as a known issue and is documented in the release notes, and recommends using the above workarounds.