File Share Encryption

Hi,

I have a user who got the following message when trying to create a NetShare:

Which started me looking into how the ADK is configured on Universal server (we have had an ADK imported for quite some time).

You can seemingly add an ADK under Keys->Organization Keys AND as part of a Consumer Policy under the General tab.

The descriptions in the Admin Guide suggest the Organization ADK is used for email only, whereas a policy-specific ADK is used for all encrypted entities. Surely that isn't the case?

The Admin Guide also indicates that the ADK is "added" to all generated keys, but the message above would suggest it is missing, even though we have it configured.

Any ideas why the above error is being presented?

Thanks.

Hi,

Was there a change made in ADK key lately?

There may be possibility that key is not updated with the new ADK changes. You can check if the user key properties has the ADK key added under it.

Hi,

No, no change of ADK.

When I asked the user to send me the key properties, it showed the correct ADK.

Am I correct in thinking that a policy-specific ADK would overide one listed under Keys->Organization Keys?

Thanks, Neal.

Hi there,

Is your ADK also listed in the Master Key List?

From the PGP Desktop, you can check it by clickin the tools from the Menu and options and then Master Key Tab.

Can you check it and let me know?

Regards,

bipshr

Hi,

Just asked the user, and I can confirm that the ADK is listed on the Master Keys list.

Interestingly, the user can click OK and create a NetShare quite happily, and the ADK appears on the allowed users list.

Thanks, Neal.

Try to run the following command via SSH in read-only mode and post the feedback:

[root@keys ~]# psql oviddb -U ovidr -c "Select * from key where subject='adk'" -x

 

Hi,

Here is an extract of the command output:

Hi Neal,

Sorry, I need to ask you again what the issue is. Do you get the "ADK not found" pop up always when you try to create a netshare folder? Can you please provide us the exact steps how you reproduce the issue?

Regards,

bipshr

Hi,

Sorry for the confusion! I actually asked the original question about ADKs because a user was getting this error, and it wasn't clear (to me) exactly how the ADK configuration worked.

I think I understand ADK configuration now, but I'd say that the admin guide isn't particularly good in that respect.

With respect to the error message - the user gets the message whenever they attempt to create a NetShare. So right-click a network/local folder, select "PGP Desktop" -> "Add <directory> to PGP NetShare.....".

If the user clicks okay, they can continue to create the NetShare without issue. So its not a massive issue, but rather odd all the same. No other users get the message, just this one.

Thanks, Neal.

Hi,

Thanks for your clarification.

If it is only one user who is having this issue, then I would suggest that you re-enroll the user to PGP Universal Server and see whether it resolves the issue. Please click on the link below for more information about how to re-enroll client on the server.

http://www.symantec.com/docs/HOWTO42029

Please try it and let me know the results.

As far as the documentation of ADK is concerned, we also usually refer to the admin guide. However, there is one documentation which is really helpful. It is kind of old but it describes basically everything about the ADK. Please have a look by clicking the link below:

http://www.symantec.com/business/support/index?page=content&id=TECH149500

Regards,

bipshr