PGP Command Line cannot decrypt email files using keys from a remote Encryption Management Server


Article ID: 222967


Updated On:


PGP Command Line Encryption Management Server


PGP Command Line can decrypt email format files using the --email switch. The usage format is as follows where message.eml is an RFC 822-encoded email message file:

pgp --decrypt --email message.eml

However, if the private key used to encrypt the email message is not stored on the local keyring and hence the --usp-server switch is used to communicate with an Encryption Management Server, PGP Command Line cannot decrypt the message:

pgp --decrypt --email message.eml --usp-server
pgp:decrypt (3090:operation failed, corrupt data)


  • Symantec PGP Command Line 10.5 and above.
  • Symantec Encryption Management Server 10.5 and above.


As documented in Section 10 Working with Email of the PGP Command Line User Guide:

The keys used to encrypt, sign, decrypt, or verify must be on the local keyring; PGP Command Line does not do key lookups.

Therefore in order to decrypt with PGP Command Line using the --email switch, you must first import the private key to which the email messages is encrypted to the local keyring.

Broadcom is committed to product quality and satisfied customers. This issue is currently being considered by Broadcom to be addressed in a forthcoming version or Maintenance Pack of the product. Please be sure to refer back to this article periodically as any changes to the status of the issue will be reflected here.

Additional Information

243419 - Decrypt Emails using PGP Command Line (.msg or .eml)