search cancel

Verified Directory can allow internal users to overwrite their own private keys


Article ID: 185083


Updated On:


Encryption Management Server


Encryption Management Server Verified Directory optionally allows internal users to submit PGP keys.

An internal user is a user whose key contains an email domain that is listed under Consumers / Managed Domains in Encryption Management Server. For example, if the user's key has an email address of [email protected] and is listed under Consumers / Managed Domains, that user is regarded as an internal user.

Verified Directory only stores public keys. If a private key is uploaded, only the public key is saved.

If an internal user submits their key with the same key ID as the key already associated with their account, the user's existing private key is replaced with the uploaded public key.


Symantec Encryption Management Server 3.3.2 MP13 and above with the Verified Directory service enabled.


To avoid internal users effectively overwriting their own private keys, do one of the following:

  1. Do not allow Verified Directory submission by internal users. This is the default setting. If required, encourage internal users to submit their keys to the PGP Global Directory. Encryption Management Server searches the PGP Global Directory by default and it can also be searched by anyone using a web browser.
  2. Install a separate Encryption Management Server. Ensure all of the organization's email domains are listed under Consumers / Managed Domains. You can then permit internal users to submit their keys using Verified Directory.