Video Screencast Help

Multiple Keys on PGP Viewer IOS app

Created: 11 Dec 2013 • Updated: 11 Dec 2013 | 4 comments

Hi Guys,

Looking for some assistance here.  I've asked Mr. google, but to no avail.  Here's my question... Can the mobile PGP Viewer App for IOS handle keys for more than one domain?  I ask because the division of my company has our own instance of exchange with email address @abc.com for example.  We're standing up PGP now.  My parent company has a pgp server with domain def.com.  All employees have an email address in both organizations.  As you can guess, our systems need to be completely seperate, so no sharing on servers of private keys.  The question is, is it possible for the PGP Viewer for IOS to support multiple keys?  I've searched everywhere and came up with nothing.

Thanks,

Mike

Operating Systems:

Comments 4 CommentsJump to latest comment

dcats's picture

Hi Mike,

I never tested, but don't think it is possible. Simply because you need to enroll the app against the server and it wouldn't make sense to allow a client enroll against different servers. Usually if there is a restriction to share private keys this would still be extensible to the client devices.

Rgs,
dcats

noochi01's picture

Hi dcats,

Thanks for the response.  I have some updated information regarding this situation...

 

One of my guys was able to get PGP on the iphone to work on both domain accounts without needing to do anything on the server.

He went into the ios app to remove a test account he was working with and enroll his abc.com email.  He then saw an option to reset the account.  He did that and signed in as himself (abc.com).  He then saw his new key but it still had the test account key as well.  He then deleted the app to start clean.  Signed into our VPN on his mobile and then into the PGP server and got the abc.com key.  Then in the PGP app, he hit reset account, logged into domain def.com and then into their PGP server and got the his def.com key.  Once complete, he then looked in the PGP app again, and saw both abc.com and def.com keys present.  He is now able to view encrypted emails from both domains with seperate keys, on his mobile.

Crazy right?  He even rebooted the device and everything is still present.  Since we're very new to PGP, do you see any issues future problems with this?

We were quite surprised.

Thanks,

Mike

 

noochi01's picture

Hi All,

 

We just spoke with Symantec, and they said that this setup would work becuase our keys and the parents keys don't expire.  If they did expire, the client would need to contact the server to renew them upon expiration.  So, it looks like this is a perfectly acceptable way to proceed if anyone has two seperate emails which both allow for encryption.

 

Thanks,

Mike

dcats's picture

Hi Mike,

Thanks for sharing!
However, please test before updating to the latest version (Symantec Mobile Encryption for iOS) because this version allows not only to receive, but also to send encrypted email, this workaround may no longer work.

Rgs,
dcats