Attachment Decryption for PGP Support Package for BlackBerry

Article:TECH164655  |  Created: 2011-07-14  |  Updated: 2011-07-14  |  Article URL http://www.symantec.com/docs/TECH164655
Article Type
Technical Solution


Environment

Issue



In certain situations, it may not be possible to decrypt PGP-encrypted attachments on the BlackBerry device with the PGP  Support Package


Environment



This article applies to PGP Desktop 10.x Standalone clients, or PGP Universal Server 3.x managing PGP Desktop 10.x clients.

Prerequisites: Using Microsoft's MAPI/Exchange email protocol.


Cause



PGP Desktop has the ability to secure an entire email, including attachments to offer full encryption protection.  The PGP Support Package can be

used to decrypt these types of messages.  PGP Desktop will typically default to using PGP Partitioned encoding for encryption.  When this happens,

and attachments are part of the email, the PGP Support Package for BlackBerry will not be able to decrypt the content.

When using PGP Partitioned encoding, attachments cannot be decrypted by the PGP Support Package.   When PGP/MIME encoding is used, the PGP Support

package can decrypt these attachments on the BlackBerry device.
 


Solution



If using a PGP Universal Server, there is a setting for Exchange/MAPI clients using PGP Desktop called "Allow outbound PGP/MIME from Windows MAPI

account".  This can be accessed via the Consumer Policy in the Desktop Settings on the Messaging & Keys tab of the consumer policy.

Once this setting is enabled in the policy on the PGP Universal Server and the PGP Desktop clients receive this policy, future emails should be

forced to use PGP/MIME, enabling decryption of attachments on BlackBerry devices.

If using the standalone client of PGP Desktop, or a PGP Desktop client that is not managed by a PGP Universal Server, the PGP Desktop client will

typically default to using PGP Partitioned, unless otherwise told.

There is a setting that can be configured in the PGPprefs.xml file manually to force using PGP/MIME encoding for MAPI clients.

The PGPprefs.xml file can be found in %appdata%\PGP Corporation\PGP\

Windows XP:
C:\Documents and Settings\user profile\Application Data\PGP Corporation\PGP

Win7:
C:\Users\user profile\AppData\Roaming\PGP Corporation\PGP

Use a third-party text editor, such as Notepadd++, or Wordpad to edit the PGPprefs.xml.  Using Notepad or MS Word will not format the file

properly.

Find the following tags:

Before:
<key>enableOutboundPGPMIMEInMAPI</key>
   
<false></false>

After:
<key>enableOutboundPGPMIMEInMAPI</key>
   
<true></true>


Once this is configured, exit the PGP Services and restart.  To do so, close PGP Desktop completey, then click the PGP Desktop padlock icon by the

time, then click Exit PGP Services.  Wait a few moments to ensure the servies stop.  Re-launch PGP Desktop and send the message.

In the logs, it is possible to confirm PGP/MIME is being used for the message that was just sent:

PGP/MIME:
Encrypting PGP/MIME message to user@user.dom with key(s):

PGP Partitioned:
Encrypting PGP Partitioned message to user@user.dom with key(s):

Once the PGP Desktop client encrypts the message that contains the attachment and uses PGP/MIME, the attachment can then be decrypted on the

BlackBerry device.

Once the attachments are decrypted, these cannot be forwarded on.  This functionality is to simply decrypt the attachments and view on the device.

Encrypting of email attachments on the BlackBerry Device is not currently supported.




Article URL http://www.symantec.com/docs/TECH164655


Terms of use for this information are found in Legal Notices