Symantec Encryption Desktop attempts to process inbound S/MIME email (PGP Desktop)
search cancel

Symantec Encryption Desktop attempts to process inbound S/MIME email (PGP Desktop)

book

Article ID: 154831

calendar_today

Updated On:

Products

Desktop Email Encryption

Issue/Introduction

Symantec Encryption Desktop (PGP Desktop) can sign, verify, encrypt and decrypt S/MIME messages. See article the following KB for more information on this topic:

158199 - Sending and receiving S/MIME encrypted email with third parties who do not use Encryption Management Server

If Microsoft Outlook is trying to perform S/MIME for Encryption or Verification of signed emails, you may find that PGP Desktop could run into some potential collisions as PGP Desktop will also attempt to validate SMIME signatures.

This article will provide information on how to allow Outlook to do the verification instead of PGP Desktop.

Resolution

If you are a managed PGP Desktop client, meaning the (Symantec Encryption Management Server) PGP Server is managing the policies and email rules, follow the steps below:

Login to the PGP Server and click on the appropriate Consumer Policy that manages the PGP Desktop clients in question. 

Add the policy option passthroughInboundSMIME to each relevant consumer policy. This will cause PGP Desktop to ignore inbound S/MIME messages. To do this:

  1. Login to the PGP Server administration console.
  2. Click on Consumers / Consumer Policy and then click on the name of the policy you wish to modify.
  3. Click on the Edit button from the General section.
  4. Click on the Edit Preferences button.
  5. From the XML Preferences Editor page, add the following:
    • Pref Name: passthroughInboundSMIME
    • Type: Boolean
    • Value: true
  6. Click the Save button to save the new policy preference.
  7. Click the Cancel button to return to the previous page.
  8. Click the Save button to save the policy.
  9. Encryption Desktop clients will download and apply the modified policy.

In terms of outbound messages, Encryption Desktop will only try to encrypt or sign these using S/MIME if you use the Encrypt and/or Sign buttons or include specific text such as [pgp] in the Subject.

Update policy on the PGP Desktop client and re-launch Outlook.

If you are a standalone client, this can be done by editing "both" values for passthroughInboundSMIME as shown above.  Use Notepad++ or another text editor to modify the PGPPrefs.xml file in %appdata%\PGP Corporation\PGP.

Once the above has happened on standalone, re-launch PGP Desktop and outlook (Rebooting may be easiest) and then PGP Desktop will no longer attempt to validate SMIME-signed emails.

 

For further guidance, please reach out to Symantec Encryption Support

Powered by Wolken Software