Unable to decrypt File Share encrypted folders using a group key

book

Article ID: 225844

calendar_today

Updated On:

Products

File Share Encryption Encryption Management Server

Issue/Introduction

Folders encrypted with File Share Encryption sometimes cannot be decrypted using a group key stored on Encryption Management Server.

For example, if a folder is encrypted to two group keys:

  1. File Share Administrators - Administrator permissions
  2. File Share Users - User permissions

If the user running pgpnetshare to decrypt the folder is a member of the group with administrator permissions, this command should decrypt the folder called protected:

C:\Program Files (x86)\PGP Corporation\PGP Desktop>pgpnetshare --decrypt z:\share\protected
Decrypting [z:\share\protected\]
Finished.

However, instead you see this. Note that the --force switch forces pgpnetshare to try to retrieve the key from Encryption Management Server:

C:\Program Files (x86)\PGP Corporation\PGP Desktop>pgpnetshare --decrypt z:\share\protected --verbose --force
- Preparing decryption...
Error: You are attempting to manage a File Share Encryption-protected file or folder, but you do not have rights to do so.

Environment

Encryption Desktop File Share Encryption 10.5 MP1 and below.

Resolution

Upgrade to release 10.5 MP2 or above.

If you cannot upgrade, export the private group key from Encryption Management Server and import it into the local keyring and then use the following command where password is the passphrase of the group key:

C:\Program Files (x86)\PGP Corporation\PGP Desktop>pgpnetshare --decrypt z:\share\protected --passphrase password