I am trying to utilise the key permissions feature in the SEMS to enable a user to be able to read the encrypted email of another user who has been given Full Exchange permissions to their mailbox. When I try this, it just acts like it can't find the key in the local key ring and errors.
I don't want the end users to have access to key management, so that is unticked in policy. All users are in SKM. I have tried various permissions ranging from "Have access to key pair" and "Can Decrypt" for the user in question, but the errors are still the same.
The SEMS is setup to be just a KMS. All endpoints in question have PGP Desktop, and encryption happens at the desktop.
I really don't want to have to put the keypair of the user into someone elses local key ring, that's just bad security. I don't want them to be able to encrypt to the user, just be able to read the emails. (Shared mailboxes etc. are a prime example of this)