Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Enabling FIPS mode via Command Line 9.6

Created: 21 Jan 2013 • Updated: 21 Jan 2013 | 2 comments
This issue has been solved. See solution.

Hello there! We are having an issue with our PGP command line v9.6. I do not believe it is related to the version as 9.6 has the same capability in this as later versions (10x, etc).

We are attempting to enable FIPS for file encryption. If I view the pgp --version --verbose, under the PGPSDK section, it tells me that FIPS mode is disabled. By reviewing documentation, it tells me that I can turn on FIPS mode during the command line. However, when I type this command:

pgp --encrypt readme.txt --r <keyid> --fips-mode --verbose

It just returns to the commnd prompt, with no result, the encryption does not happen, and there are no messages printed to STDOUT. If I omit the fips-mode option (or fips option; there is difference in the result), the encryption happens normally.

In addition, if I set the environment variable PGP_FIPS_MODE=True, PGP no long does anything, not even a pgp --L or PGP --version

This happens with both RSA4 keys and DSS keys. I am not sure if I would need a different algorithm to make this work or not.

Any ideas? Thank you! :)

Dave

david.jones@trizetto.com

Comments 2 CommentsJump to latest comment

dfinkelstein's picture

I'm sorry you are having this problem.  There was a packaging issue with PGP Command Line 9.6, the SDK dll .sig file is missing from the packaging and causes this error.

Upgrading to a newer version of PGP Command Line would resolve the issue.  You can also try contacting customer support; possibly they could provide you with the version of the PGP SDK (including the signature file) that shipped with PGP Desktop 9.6.  (Installing PGP Desktop 9.6 was a known workaround for the issue.)

Regards,

 

 

--------

David Finkelstein

Symantec R&D

SOLUTION
Necros's picture

Thanks, David!  We probably should upgrade ayway, since we are behind, so it is good to know that is a way forward.

BTW, we have had a couple of issues over the years with Command Line, and you have always been extremely prompt and helpful in your responses. We really appreciate it. :)