ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

PGP and S/MIME encoding types supported by Encryption Management Server

book

Article ID: 203838

calendar_today

Updated On:

Products

Encryption Management Server Encryption Management Server Powered by PGP Technology Gateway Email Encryption Gateway Email Encryption Powered by PGP Technology Desktop Email Encryption Desktop Email Encryption, Powered by PGP Technology

Issue/Introduction

By default, Encryption Management Server will use Automatic encoding for outbound email messages. The type of encoding chosen will depend on the encoding supported by the recipient key. The available key encoding is:

  1. PGP Partitioned
  2. PGP/MIME
  3. PGP-EML
  4. S/MIME 

 

TIP: For samples of encoding examples, see article 150133.



1. PGP Partitioned

With PGP Partitioned encoding of encrypted messages:

  • The body of the encrypted email message contains these lines along with the cipher text: "-----BEGIN PGP MESSAGE-----" and "-----END PGP MESSAGE-----".
  • If the original unencrypted message was in HTML format, an attachment called PGPexch.htm.pgp will be attached to the encrypted message.
  • If the original unencrypted message had attachments, the encrypted message will include attachments named Attachment1.pgp, Attachment2.pgp, etc.
  • If the recipient of the encrypted message decrypts the message with Encryption Management Server or Encryption Desktop, the decrypted message will appear exactly like the original unencrypted message. The body of the message will contain what the sender wrote and HTML formatting will be retained. Any attachments will have the same names as they had when the message was sent; there will be no *.pgp attachments. This will not necessarily be the case if the recipient does not use Encryption Management Server or Encryption Desktop.

With PGP Partitioned encoding of signed messages:

  • The body of the signed email message begins with this line: "-----BEGIN PGP SIGNED MESSAGE-----".
  • The body of the signed email message contains these lines along with the message text: "-----BEGIN PGP SIGNATURE-----" and "-----END PGP SIGNATURE-----".
  • If the original unencrypted message was in HTML format, attachments called PGPexch.htm and PGPexch.htm.sig will be attached to the message.
  • If the original unencrypted message had attachments, these will be attached to the signed message unaltered and in addition there will be a signature file for each of them. For example, if the attachment was test.docx it will be attached along with an attachment called test.docx.sig.

2. PGP/MIME

With PGP/MIME encoding of encrypted messages:

  • The encrypted message will have two attachments: Version.txt and Message.pgp.
  • No matter how many attachments were attached to the original unencrypted message, the encrypted message will still only have two attachments.
  • The body of the encrypted message will be empty.
  • If the recipient of the encrypted message decrypts the message with Encryption Management Server or Encryption Desktop, the message will appear exactly like the original unencrypted message.

With PGP/MIME encoding of signed messages:

  • The body of the signed email message is unaltered.
  • The message will have an attachment called: PGP.sig
  • If the original unencrypted message had attachments, these will be attached to the signed message unaltered.

3. PGP-EML

With PGP-EML encoding of encrypted messages:

  • The encrypted message will have one attachment: Message.pgp.
  • No matter how many attachments were attached to the original unencrypted message, the encrypted message will still only have two attachments.
  • The body of the encrypted message will be empty.
  • If the recipient of the encrypted message decrypts the message with Encryption Management Server or Encryption Desktop, the message will appear exactly like the original unencrypted message.

With PGP-EML encoding of signed messages:

  • The body of the signed email message is unaltered.
  • The message will have an attachment called: PGP.sig
  • If the original unencrypted message had attachments, these will be attached to the signed message unaltered.

4. S/MIME

S/MIME encoding encodes to a certificate, not a PGP key. With S/MIME encoding of encrypted messages:

  • The encrypted message will have one attachment: Message.p7m.
  • No matter how many attachments were attached to the original unencrypted message, the encrypted message will still only have one attachment.
  • The body of the encrypted message will be empty.
  • If the recipient of the encrypted message decrypts the message with Encryption Management Server, Encryption Desktop or any application that supports S/MIME, the message will appear exactly like the original unencrypted message.

With S/MIME encoding of signed messages:

  • The encrypted message will have one attachment: SMIME.p7s.
  • If the original unencrypted message had attachments, these will be attached to the signed message unaltered.

 

To check which encoding format each external user key uses, do the following:

  1. In the Encryption Management Server administration console, navigate to Consumers / Users / External Users.
  2. If the User Type column is X.509 (Imported) then S/MIME will be used to encrypt email sent to the user.
  3. Click on the email address of the user to open the External User Information page.
  4. Click on Managed Keys to expand the managed keys section.
  5. If the Encoding Format column shows PGP/MIME or PGP-EML then these encoding formats will be used to encrypt email sent to the user.
  6. If the Encoding Format column is blank then PGP Partitioned format will be used to encrypt email sent to the user.

In terms of inbound messages, the above descriptions will apply to messages sent by Encryption Management Server or Encryption Desktop. Third party applications may use different message formatting.

Environment

Symantec Encryption Management Server 3.4.2 and above.

Resolution

Encryption Management Server stores the public keys of external users. Only the owner of the private key can change the key's encoding format.

PGP Partitioned is the oldest PGP encoding method and will be supported by any decryption application. However, some decryption applications may not be able to recover the original filenames of attachments or display the body of the message in HTML format.