Encryption Management Server Group Keys can only be used for File Share Encryption

book

Article ID: 196903

calendar_today

Updated On:

Products

Encryption Management Server Powered by PGP Technology Encryption Management Server Encryption Desktop Powered by PGP Technology

Issue/Introduction

Encryption Management Server Group Keys allow each member of the group to access folders protected by File Share Encryption. The private key is stored on Encryption Management Server and accessed by Encryption Desktop at runtime. The group key is not downloaded to the local keyring of Encryption Desktop.

Group keys cannot be used for email encryption or PGP Zip (file encryption).

Environment

  • Symantec Encryption Management Server 3.4 and above.
  • Symantec Encryption Desktop 10.4 and above.

Resolution

To allow multiple users to decrypt email messages or files using a shared key, the only method available is to distribute the private key to all the users who need it. Each user needs to import the private key into their local keyring. This also allows each user to manage their copy of the shared key. For example, they can change the key's passphrase.

If the users only need to encrypt data to the key then it is not necessary to distribute the key because Encryption Desktop can look up the public key on Encryption Management Server.

Additional Information

Etrack: 4268256