The PGP Encryption Server (Symantec Encryption Management Server) stores the public keys of external users. Only the owner of the private key can change the key's encoding format.
PGP Partitioned is the oldest PGP encoding method and will be supported by any decryption application. However, some decryption applications may not be able to recover the original filenames of attachments or display the body of the message in HTML format.
The PGP Server makes available the following key encoding methods:
- PGP Partitioned
- PGP/MIME
- PGP-EML
- S/MIME
TIP: For samples of encoding examples, see article 150133.
1. PGP Partitioned
With PGP Partitioned encoding of encrypted messages:
- The body of the encrypted email message contains these lines along with the cipher text: "-----BEGIN PGP MESSAGE-----" and "-----END PGP MESSAGE-----".
- If the original unencrypted message was in HTML format, an attachment called PGPexch.htm.pgp will be attached to the encrypted message.
- If the original unencrypted message had attachments, the encrypted message will include attachments named Attachment1.pgp, Attachment2.pgp, etc.
- If the recipient of the encrypted message decrypts the message with PGP Encryption Management or PGP Encryption Desktop (Symantec Encryption Desktop), the decrypted message will appear exactly like the original unencrypted message. The body of the message will contain what the sender wrote and HTML formatting will be retained. Any attachments will have the same names as they had when the message was sent; there will be no *.pgp attachments. This will not necessarily be the case if the recipient does not use PGP Encryption Server or PGP Encryption Desktop.
With PGP Partitioned encoding of signed messages:
- The body of the signed email message begins with this line: "-----BEGIN PGP SIGNED MESSAGE-----".
- The body of the signed email message contains these lines along with the message text: "-----BEGIN PGP SIGNATURE-----" and "-----END PGP SIGNATURE-----".
- If the original unencrypted message was in HTML format, attachments called PGPexch.htm and PGPexch.htm.sig will be attached to the message.
- If the original unencrypted message had attachments, these will be attached to the signed message unaltered and in addition there will be a signature file for each of them.
For example, if the attachment was test.docx it will be attached along with an attachment called test.docx.sig.
2. PGP/MIME
With PGP/MIME encoding of encrypted messages:
- The encrypted message will have two attachments: Version.txt and Message.pgp.
- No matter how many attachments were attached to the original unencrypted message, the encrypted message will still only have two attachments.
- The body of the encrypted message will be empty.
- If the recipient of the encrypted message decrypts the message with PGP Encryption Management or PGP Encryption Desktop, the message will appear exactly like the original unencrypted message.
With PGP/MIME encoding of signed messages:
- The body of the signed email message is unaltered.
- The message will have an attachment called: PGP.sig
- If the original unencrypted message had attachments, these will be attached to the signed message unaltered.
3. PGP-EML
With PGP-EML encoding of encrypted messages:
- The encrypted message will have one attachment: Message.pgp.
- No matter how many attachments were attached to the original unencrypted message, the encrypted message will still only have two attachments.
- The body of the encrypted message will be empty.
- If the recipient of the encrypted message decrypts the message with PGP Encryption Management or PGP Encryption Desktop, the message will appear exactly like the original unencrypted message.
With PGP-EML encoding of signed messages:
- The body of the signed email message is unaltered.
- The message will have an attachment called: PGP.sig
- If the original unencrypted message had attachments, these will be attached to the signed message unaltered.
4. S/MIME
S/MIME encoding encodes to a certificate, not a PGP key. With S/MIME encoding of encrypted messages:
- The encrypted message will have one attachment: Message.p7m.
- No matter how many attachments were attached to the original unencrypted message, the encrypted message will still only have one attachment.
- The body of the encrypted message will be empty.
- If the recipient of the encrypted message decrypts the message with PGP Encryption Management, PGP Encryption Desktop or any application that supports S/MIME, the message will appear exactly like the original unencrypted message.
With S/MIME encoding of signed messages:
- The encrypted message will have one attachment: SMIME.p7s.
- If the original unencrypted message had attachments, these will be attached to the signed message unaltered.
To check which encoding format each external user key uses, do the following:
- In the PGP Encryption Management administration console, navigate to Consumers / Users / External Users.
- If the User Type column is X.509 (Imported) then S/MIME will be used to encrypt email sent to the user.
- Click on the email address of the user to open the External User Information page.
- Click on Managed Keys to expand the managed keys section.
- If the Encoding Format column shows PGP/MIME or PGP-EML then these encoding formats will be used to encrypt email sent to the user.
- If the Encoding Format column is blank then PGP Partitioned format will be used to encrypt email sent to the user.
In terms of inbound messages, the above descriptions will apply to messages sent by PGP Encryption Management or PGP Encryption Desktop. Third party applications may use different message formatting.