PGP Command Line cannot decrypt email files using keys from a remote Encryption Management Server

book

Article ID: 222967

calendar_today

Updated On:

Products

PGP Command Line Encryption Management Server

Issue/Introduction

PGP Command Line can decrypt email format files using the --email switch. The usage format is as follows where message.eml is an RFC 822-encoded email message file:

pgp --decrypt --email message.eml

However, if the private key used to encrypt the email message is not stored on the local keyring and hence the --usp-server switch is used to communicate with an Encryption Management Server, PGP Command Line cannot decrypt the message:

pgp --decrypt --email message.eml --usp-server keys.example.com
pgp:decrypt (3090:operation failed, corrupt data)

Environment

  • Symantec PGP Command Line 10.5 and above.
  • Symantec Encryption Management Server 10.5 and above.

Resolution

As documented in Section 10 Working with Email of the PGP Command Line User Guide:

The keys used to encrypt, sign, decrypt, or verify must be on the local keyring; PGP Command Line does not do key lookups.

Therefore in order to decrypt with PGP Command Line using the --email switch, you must first import the private key to which the email messages is encrypted to the local keyring.

Broadcom is committed to product quality and satisfied customers. This issue is currently being considered by Broadcom to be addressed in a forthcoming version or Maintenance Pack of the product. Please be sure to refer back to this article periodically as any changes to the status of the issue will be reflected here.

Additional Information

EPG-23768

ISFR-1897