Using Symantec File Share Encryption to send encrypted files to Group Keys (Shared Key Method)
search cancel

Using Symantec File Share Encryption to send encrypted files to Group Keys (Shared Key Method)


Article ID: 225452


Updated On:


Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK


There are some scenarios where it is required to send encrypted files so that recipients can decrypt where the key being used is not the individual's key, but a "shared key".  This can be achieved by using Symantec File Share Encryption to incorporate it's Group Key logic and seamlessly encrypt to these recipients.

The goal is to encrypt a file to a recipient and the recipient can easily access the encrypted content without the worry of having a private key to decrypt.  The other goal is to be able to use a key that has access, but access can be easily revoked if needed, and there is no local access to the key to decrypt files using this "Shared Key" (The key is not technically shared, but provided access to in a seamless way that multiple users can use).

Using File Share Group keys can achieve the goal of a shared key and this article will cover this scenario using the PGP Encryption Server where a File Share group key functionality can be extended for email groups.


*Recipients have already enrolled and have Symantec Encryption Desktop managed by the PGP Encryption Server. 
*Symantec File Share Encryption is already enabled for use for these users.
*A Group Key has been configured for a group on SEMS.
*The recipients are also a part of the group for which the group key was created. 


To be able to achieve access to the Group keys there are two things that should be done on the server and client:

On PGP Encryption Server:
*Disable automatic decryption for Explorer.exe, fixmapi.exe, and Outlook.exe
Note: The above are for Microsoft Outlook, but if any other mail programs are being used, add the primary executables to the exclusion list.
*Create groups and a group key for the mail-enabled AD security group or distribution lists.


On PGP Encryption Desktop :
*Open the “PGP Options”, then click the “File Share” tab.  Check the box for “Protect Individual Files”.
*Encrypt any file to the desired group key or use a file from any folder already encrypted to the group key.
*Use this encrypted file as an attachment and send to the group.
*The recipients will be able to transparently decrypt.


For more information on Symantec File Share Encryption Group Keys, see the following article, which will link to several other articles on this topic:

180791 - Symantec File Share Encryption Group Key FAQ's.

Additional Information

209776 - Integrating a shared PGP Key for multiple users on Symantec Encryption Management Server