Desktop Email Encryption

 View Only

  • 1.  Can't verify private key

    Posted Dec 29, 2015 10:39 AM

    One of our users has PGP Desktop, v10.  She's had it for a while and it was working fine yesterday.  This morning when she opened it, she received this message:

    Capture.JPG

    When I open PGP Desktop, the private key is shown as unverified.  I can sign it, but nothing happens.  Both the private and public keys are in her home folder, which is a network share.  The share was a DFS namespace, which was working fine: I changed the path to the explicit UNC path but no change.  We can't think of anything that changed between yesterday and today.

    I am on the Helpdesk.  I don't have much experience with encryption: how should I trouble-shoot this?



  • 2.  RE: Can't verify private key
    Best Answer

    Posted Dec 29, 2015 11:02 AM

    It is not recommended to use a network share for key storage.  The best thing to do would be to move the home folder (My Documents>PGP) to a local spot on the machine, then set the program to look there for the keyrings.  After moving the folder locally, open PGP Desktop.  Select PGP Keys on the left, then in the top menu, select Keys>Keyring Properties, and browse to the new location for the public and private keyrings.  That would be your best fix.

    If the home folder is on a network share, it should still be accessible most of the time, but latency can affect usage.  It will also fail to locate the keys when the system starts, so might take a few minutes before they are able to open anything encrypted.  Mapping the home folder as a drive locally can help, but the best solution is definitely to keep the keyrings local.

    As far as the key showing as unverified, you should open PGP Desktop, right-click the key, and go to Key Properties.  On the properties page, look for Trust.  It should be in the left column, 4th option down.  Set the Trust to Implicit, and the key should be verified.



  • 3.  RE: Can't verify private key

    Posted Dec 29, 2015 01:38 PM

    Thanks, Mike.

    I moved the PGP folder to the local drive.  I also checked the properties of the key: it was already set to Implicit (grayed out).  I changed it to Trusted to see if I could change it back and get it working: I can't select Implicit now and having it set to Trusted generates the same error as the original.



  • 4.  RE: Can't verify private key

    Posted Dec 29, 2015 04:33 PM

    That sounds like only the public key is being recognized in the program.  Did you move both the public and private keyrings (pubring.pkr and secring.skr)?  Any keypair (public+private key) on her keyring should be able to be set as Implicit trust.



  • 5.  RE: Can't verify private key

    Posted Dec 30, 2015 08:09 AM

    I moved the whole PGP folder, so yes, both keyrings are present. 



  • 6.  RE: Can't verify private key

    Posted Jan 04, 2016 02:26 PM

    Are there any more suggestions for this?  I need to give the user some kind of solution.