How to export report greater than 6 months for the ones who have been encrypted with PGP and with SMIME?

The PGP Encryption Server (Symantec Encryption Management Server) uses PGP encryption by default, such as OpenPGP or PGPMIME.  Alternatively, S/MIME can also be used.

Every internal user is issued with a PGP key and, if you have an Organization Certificate, they are also issued an S/MIME certificate.  Because the SMIME cert was issued by the Org Cert, which is likely an Internal CA, it will not be trusted by third parties by default. 

The server does not track whether it uses PGP or S/MIME encryption in its database so you would have to look at the mail logs. The mail logs are only kept by default for the last 30 days.

When a message is encrypted with PGP you see this under Reporting / Logs / Mail log:

found key

When a message is encrypted with S/MIME you see this under Reporting / Logs / Mail log:

found certificate

To narrow your review, search for "found key" under Reporting / Logs / Mail log in order to find which external user had a PGP key.

If you drill down on the message reference, eg, SMTP-00001, you can see who sent the message.

Depending whether you are using Web Email Protection or not, the mail chain and rule that does the encryption will either be called "Outbound: Secure Message: Send Secure Message (Web)" or "Outbound: Secure With Key Only: Send Secure Message".

The Send Secure Message (Web) and Send Secure Message rules will have a Preferred encoding format as one of its Actions.

By default this is Automatic but if you want to use S/MIME where possible, you should change this to S/MIME. This means that if the recipient has both a PGP key and an S/MIME certificate, the S/MIME certificate will be used, otherwise the PGP key will be used. The Automatic setting will use PGP by default:

If you are running into this scenario, please reach out to Symantec Encryption Support to be added to improved logging requests for further tracking.