Video Screencast Help

PGP Desktop

Created: 10 Oct 2012 | 10 comments

PGP desktop is not encrypting/decrypting email. The account properties appear to be correct as I have compared them with settings of PGP Desktop from another user and the de/encryption process is working. The policy I am using is "Require Encryption:[PGP] Confidential (default)". The key pair is configured.

"Use Email proxy" is checked.

Whenever I send email, it is not encrypting it. I do see the following error in the PGP Desktop Log Cannot "proxy process <ID> due to insufficient privileges.  Process may be a service however I do not see this error everytime I send an email" Would this be the root cause and if so, what is the resolution.

I want to test sending an email to a gmail account and the intended result should be the PGP garble but I see plain text. I then want to send an email encrypting it with a friends public key (who is also using PGP desktop) and ensure his public key decrypted my message.

Has anyone experienced this? If so, do you know how make the program work?

I apologize if this is the wrong forum.

Thank you,
 

Comments 10 CommentsJump to latest comment

Tom Mc's picture

Please see these Knowledge Base Articles:

http://www.symantec.com/docs/TECH161040
http://www.symantec.com/docs/TECH149945
http://www.symantec.com/docs/TECH180768
 

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

PGP_Guy's picture

Hi Tom,

Thank you for your help. The links you sent solved the problem with the Proxy error. My challenge now is that email is still not encrypted going out or coming in. I send an email to my gmail account and I do not see it encrypted. I am using the default "Require Encryption: [PGP] Confidential rule". I change the sensitivity to confidential but I still do not see an encrypted email in my gmail inbox or any other inbox for that matter.

I have confirmed the following:

1. The emails are getting processed. See snippet from log below.

08:59:30 Email     Info    Processing message from xxxxxxxxxxxx with subject: test

2. I am using the default Require Encryption: [PGP] Confidential rule.

3. I have set up my private key and have imported various public keys.

4. My incoming/outgoing mail settings are correct (I copied them from my Outlook and we use Exchange)

5. I can encrypt a file using the PGP zip utlity.

Is there anything else I am missing? Your assistance is appreciated.

 

Thank you,

 

 

 

 

Tom Mc's picture

Please make sure that the default Require Encryption: [PGP] Confidential rule is above the default Opportunistic Encryption rule in the  listing of your policies.

This may be a silly question, but just to make sure, do you have a public key with your gmail address on one of its User ID's?  PGP selects the public key to encrypt to based on the email address.  Is the key showing as Verified in All Keys of PGP Desktop?

This KBA might be helpful. 

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

PGP_Guy's picture

Hi Tom,

Thank you for your quick response.

The only rule I have is the Require Encryption: [PGP] Confidential rule. I have unchecked the rest.

Regarding your question (its not silly). I do have a public key for my gmail account. It is located under the PGP Keys window. It is signed and verified. I am going through the KBA you sent and will let you know how I make out.

Again, thank you kindly for you all your help.

 

 

PGP_Guy's picture

Hi Tom,

I still cannot encrypt or decrypt a mail message. Please see below for responses to the KB article.

 

  1. Verify that you can both connect to the Internet and send and receive email with PGP Services stopped. To do this:
  • Right-click the PGP Desktop Tray icon and select Stop PGP Services from the list of commands.
     

          My Response: I can connect to the internet and email when PGP services are stopped. I have to restart Outlook to be able to send mail when I shut off or restart PGP Desktop

  1. Read the PGP Desktop Release Notes for the version of PGP Desktop you are using to see if your problem is a known issue.

         My Response: I do not see any issues with this version.
 

  1. Make sure SMTP authentication is enabled for the email account (in your email client). This is recommended for PGP Desktop to proxy your messaging. If you only have one email account and you are not using PGP Desktop in a PGP Universal Server-managed environment, then SMTP authentication is not needed. It is required when using a PGP Universal Server as your SMTP server, or when you have multiple email accounts on the same SMTP server.

          My Response: We are not using PGP Universal Server. How can you tell if you entered the correct user name. I do not see an error if I add an incorrect username.

  1. Open the PGP Log to see if the entries offer any clues as to what the problem might be.

           My Response: No errors. See attached.

  1. If SSL/TLS is enabled in your email client, you must disable it there if you want PGP Desktop to proxy your messaging. (This does not leave the connection to and from your mail server unprotected; by default PGP Desktop automatically attempts to upgrade any unprotected connection to SSL/TLS protection. The mail server must support SSL/TLS for the connection to be protected.)

          My Response: Not applicable
 

  1. If either Require STARTTLS or Require SSL is selected (in the SSL/TLS settings of the Server Settings dialog box) your mail server must support SSL/TLS or PGP Desktop will not send or receive any messages.
     

         My Response: Not applicable

 

  1. If your email account uses non-standard port numbers, make sure these are included in the settings of your messaging service.

         My response: It is set to automatic. Email is being sent and received so I do not believe the problem is here.

 

  1. If PGP Desktop is creating multiple messaging services for one email account, use a wild card for your mail server name.
     

         My Response: I only have one messaging service for one account.

 

  1. Delete the PGP Messaging service that is not working correctly and send/receive email. PGP Desktop regenerates the messaging service.

        My Response: PGP Desktop cervice did not regenerate the service when I deleted it. I had to recreate it manually

If none of these items help correct the problem, try manually creating a PGP Messaging Service.

       My Response: I created a new service and it still does not encrypt/decrypt email.

 

Is there a way to ensure I have the correct username in place. I changed it to batman and I was still able to send/receive email.

It looks like the emails are getting processed (see attached log) however the rules are not being enforced. Even when I change the mail message sensitivity to confidentiality and/or add [PGP] in the subject line of the email.

I just noticed that PHP Desktop is listening to port 33333. Why is it listening on that port? Does Outlook know to send it to that port by default? Please see attached log. I santized it to remove email addresses.

11:36:14 Email     Verbose    Listening on port 33333
11:36:14 PGP     Verbose    Worker threads started

Please help,

Thank you,

 

 

AttachmentSize
pgp_desktop_mail_log.txt 9.85 KB
Tom Mc's picture
  1. Make sure SMTP authentication is enabled for the email account (in your email client). This is recommended for PGP Desktop to proxy your messaging. If you only have one email account and you are not using PGP Desktop in a PGP Universal Server-managed environment, then SMTP authentication is not needed. It is required when using a PGP Universal Server as your SMTP server, or when you have multiple email accounts on the same SMTP server.

          My Response: We are not using PGP Universal Server. How can you tell if you entered the correct user name. I do not see an error if I add an incorrect username.

If your SMTP server requires authentication for sending email, you must enter your passphrase and user name in your email client.  If you use an incorrect email user name, your email client should be giving an error - this should be just the same as when not using PGP.

Just to be sure, in PGP Options, Messaging tab, have you selected Secure Email, and Discover New Accounts?

 

 

 

 

 

 

 

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

PGP_Guy's picture

We are using exchange therefore I did not need to enter my username. my user alias was entered when the workstation was first set up. I never had a problem with our email client with regards to sending/receiving mail. In PGP Options, "Discover new accounts" is checked however I do not see an option for "Secure Email". Please see attached screenshot.

Thank you Tom :)

PGP_Options.png
Tom Mc's picture

The top option on your pic is Secure Email, and you do have it enabled.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

PGP_Guy's picture

Hi Tom,

I see that now. Thanks. is there anything else I should be looking for or that I should check?

This one has me stumped. I do not wish to use GnuPG on an RFC compliant mail client but its almost looking that way. 

Thank you for all your help. It really is appreciated.

 

Tom Mc's picture

Have you made any changes to the messaging policy you have activated?  It may be worthwhile to test disabling it and enabling the Opportunistic Encryption Policy.  If this takes care of encryption, it would indicate a problem with the Require Encryption policy.

It may also help to double check your PGP Messaging Account settings, including using the link/button on the right hand side for Server Settings.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &