Usage of a Domain Key with Symantec Encryption Management Server (formerly known as PGP Universal Server)

Article:TECH149885  |  Created: 2010-07-26  |  Updated: 2013-12-05  |  Article URL
Article Type
Technical Solution




Using Symantec Encryption Management Server (SEMS - formerly known as PGP Universal Server) to encrypt to a single key for a specific recipient



The SEMS includes the ability to create mail rules to encrypt to specific keys, rather than having to search for a specific key.  Doing so could be useful if it is necessary to encrypt to a specific key under certain circumstances.  It may be that the recipient domain requests a single key be used whenever sending encrypted emails to their domain, and using these mail rules makes this possible. 

Use the following steps to encrypt all email messages to a domain key of an external recipient:

  1. Log into the Symantec Encryption Management Server admin interface.
  2. Click Mail > Mail Policy and then select the Outbound Policy Chain.
  3. Scroll down and click Add Rule.
  4. Type a name in the Rule Name field.
  5. In the Conditions section, change the value to If any of the following are true.
  6. Click the drop down arrow and select Recipient domain
  7. Leave the second value as is and type the name of the recipient domain.
  8. Select Actions
  9. In the Encrypt to section, place a checkmark next to Other Keys/Certificates.
  10. Click Import. The Import Key or Certificate screen is displayed.
  11. Import a public key file or key block for the recipient domain and then click Import.
  12. Click Save.


The SEMS does not support decrypting incoming encrypted mails to a single domain key for the SEMS managed domain. The SEMS does not include a single key for the entire domain for encryption and decryption.   For more information on this configuration, see KB HOWTO77258.


Legacy ID


Article URL

Terms of use for this information are found in Legal Notices