Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

PGP Command Line keys

Created: 24 Jul 2012 • Updated: 27 Jul 2012 | 7 comments
ITSistemi's picture
This issue has been solved. See solution.

Hello everyone,

Can PGP Command Line keep a private key for decryption anywhere else than on local server where it's installed. What are our options here and can PGP Universal server be used for this somehow? Reason for this is that the customer is required to centrally manage keys and they don't want the private keys „exposed“ on a couple of servers.

Regards,

Ivan

Comments 7 CommentsJump to latest comment

Alex_CST's picture

You can specify where the key resides via an environment variable PGP_HOME_DIR or by using the --home-dir switch:

pgp --list-keys --home-dir central-location/

 

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

dfinkelstein's picture

Yes, you can store the private key in PGP Universal, enable Key Management Services on Universal, and access the key using an authentication credential you keep locally.  Each server can have its own authentication credential, and if you are concerned that any of them are compromosed, then you can revoke them on PGP Universal and issue new ones.

Regards,

 

--------

David Finkelstein

Symantec R&D

ITSistemi's picture

Hello,

the reason why I posted is that user guide is unclear on how to do the decryption in this scenario. Can you please provide a sample command(s) to decrypt a file using PGP Command Line when key resides on PGP Universal?

Thank you for your reply!

Regards,

Ivan

dfinkelstein's picture

General documentation can be found in chapter 12 of the PGP Command Line User's Guide, "Working with a PGP Key Management Server."

To decrypt with a key stored on PGP Universal, you use the "--usp-server" option to specify the server that holds the key.

There are some example scripts that show how to use PGP Command Line with KMS in the "Key Management" forum, https://www-secure.symantec.com/connect/security/forums/key-management

E.g., there is an example Perl script for secure file transfer, and the private keys are stored only the PGP Universal Server.

Regards,

 

--------

David Finkelstein

Symantec R&D

SOLUTION
ITSistemi's picture

Thank you,

you pointed us in the right direction so it works now.

Regards,

Ivan

dfinkelstein's picture

I'm glad you got it working.

--------

David Finkelstein

Symantec R&D

kkriese's picture

I'm glad you were able to were able to complete the proof-of-concept that the Key Management Server (KMS) will work as a key storage repository for keys used with PGP Command Line.  For reference, KMS is an add-on product to Universal Server, and there is an additional charge for a license to use KMS functionality. 

Regards,

Kathy Kriese, CISSP

Principal Product Manager, Symantec Corporation