PGP Command Line stores the licensing information in the current user's home directory in a file called
PGPprefs.xml. This file cannot be moved to another directory or shared with other users.
In addition, each user will have an individual keyring. This means that keys cannot easily be shared between users.
If you have a multi-user environment then you can do one of the following:
Symantec PGP Command Line on Windows and Linux
Please adopt one of the following strategies to use PGP Command Line in a multi-user environment.
Licensing PGP Command Line for each user that needs to use it involves each user issuing just one command. For example:
pgp --license-authorize --license-number "AB0CD-EFGHJ-1K2LM-N3PQR-STVW4-XYZ"
However, more importantly, each user will have their own keyring.
This may be precisely what you require. If some keys need to be shared then keys can be imported into the keyrings of individual users as and when required.
PGP_HOME_DIR variable lets users share a common home directory for PGP Command LIne. This means that the product only needs to be licensed once and users will share a single keyring.
PGP_HOME_DIR variable is defined you must license PGP Command Line in order to create a new
PGPprefs.xml file in the shared directory. After this, all users on the system will be able to run PGP commands without needing to license the software. This location will also be used for keyrings and key operations.
PGP_HOME_DIRon a Windows system
PGPprefs.xmlfile. Note that a trailing slash is required. For example,
setto verify that this variable is correctly set.
PGP_HOME_DIRon a Red Hat Linux system
usermod -a -G pgp user1
pgpgroup ownership of the
chown :pgp /home/pgp
/etc/profile.ddirectory containing the environment variable name
PGP_HOME_DIRand its value. Also append the
/opt/pgp/bindirectory to the search path. This will set these environment variables for all users of the system. For example, to set
/home/pgp/and update the search path, create
# Set global home directory for PGP Command Line
# Add PGP Command Line to the path
echo $PGP_HOME_DIR; echo $PATH
$HOME/.pgp/PGPprefs.xmlfile will be created for each user.
--home-dirparameter. For example, to create a shared key for the user [email protected]:
pgp --gen-key "Bob <[email protected]>" --key-type rsa --encryption-bits 2048 --passphrase mypassword --home-dir $PGP_HOME_DIR
pgpgroup access to the shared keyring:
chown :pgp $PGP_HOME_DIR/*
On a Red Hat Linux system, you can use the
sudo command to run PGP Command Line as a service account. This avoids needing to create a PGP_HOME_DIR and complies with security best practice. All PGP Command Line commands will be executed as the service account:
usermod -a -G pgpsvc user1
sudoersfile for PGP Command Line in order to allow members of the service account group to execute commands as the service account user without a password. For example, if the service group is
pgpsvcand the service user is also pgpsvc:
echo "%pgpsvc ALL=(pgpsvc) NOPASSWD: ALL" > /etc/sudoers.d/pgp
sudoersfile in future you should always use the
visudoeditor because it will check the contents of the file for syntax errors:
visudo -f /etc/sudoers.d/pgp
$HOME/.bashrcfile to add PGP Command Line to the search path. For example:
echo "# Add PGP Command Line to the path" >> $HOME/.bashrc
echo "PATH=\$PATH:/opt/pgp/bin" >> $HOME/.bashrc
chmod g+rwx $HOME
pgp --license-authorize --license-number AB0CD-EFGHJ-1K2LM-N3PQR-STVW4-XYZ
passwd -d pgpsvc
sudocommand. For example, for user1 to use PGP Command Line as the pgpsvc service account:
sudo -iu pgpsvc pgp --version --verbose |grep Home
Home Directory: /home/pgpsvc/.pgp/
To allow another existing user to execute PGP Command Line commands as the service account:
usermod -a -G pgpsvc user2
sudocommand. For example, login as user2 and list keys on the PGP keyring:
sudo -iu pgpsvc pgp --list-keys