Endpoint Encryption

 View Only

  • 1.  PGP key mismatch?

    Posted Jul 22, 2011 05:47 AM

    I am confident I generated only 1 PGP keypair and this public key is all I distributed.

    Every time I receive email or attempt to send any email, I am required to enter my PGP Passphrase upon first use in the day - correctly. Initially this worked fine and my passphrase was accepted. However, since recently my passphrase is not accepted anymore. If I open the key properties and use "Change Passphrase", my existing phrase is not accepted. When I use "Forgot passphrase" option, use my KRB file, correctly answer the security questions and enter my correct passphrase (effectively changing the passphrase to the one I know), it is accepted. If I IMMEDIATELY attempt to use this correct passphrase again, it is again not accepted.

    When I receive email from certain individuals it contains an "Unknown key", instead of mine. I exported my public key from within PGP desktop, thus creating a "new" key, just to make sure that I have something which exactly matches that which is on my keyring. For these individuals I supplied a "new" key, asking them to resend with this "new" key, but the problem remains. Maybe they did not correctly apply this "new" key, but they should not have the problem in the first place as it is still the same public, presumably.

    When I look in PGP desktop, I also see an additional key for myself, italicised; in other words I have 2 public keys on my ring. I am confidend I did not add that explicitly.

    Am I going mad?

    I use Outlook 2010 on Windows Pro 7.



  • 2.  RE: PGP key mismatch?

    Posted Jul 22, 2011 07:06 AM

    Please check the Key properties to make sure the key is Enabled and that its Trust is set to Implicit.



  • 3.  RE: PGP key mismatch?

    Posted Jul 22, 2011 07:50 AM

    Yes, Enabled=Yes, Trust=Implicit, Verified=Yes, Expires=Never



  • 4.  RE: PGP key mismatch?

    Posted Jul 22, 2011 08:07 AM

    I have see you (Tom) mention that PGP Desktop is not yet compatible with Outlook 2010, but the next release will support it (plus long Symantec forward looking statement disclaimer :-). On that I can say the following:

    In the latest e-mail from a correspondent there is an attachment. After saving that to disk and opening with File->Open, I get the response "1 Unknown key(s)". As far as I understand this means that the issue is not related to Outlook.



  • 5.  RE: PGP key mismatch?
    Best Answer

    Posted Jul 22, 2011 08:50 AM

    It is correct that the current PGP version is not designed to have support for Outlook 2010.  The disclaimer was required for me to be able to state its anticpated support in the next release.

    I agree with you that it does not appear that this is related in your specific difficulty.  When a key is in italics, it means that it is not available for use, such as being disabled or revoked.  The unknown key error is meant to reflect that the encryption is to a key for which you do not have the private key available for use.  If the file is being encrypted manually and then attached to your email, it is certainly possible that it is not being encrypted to your public key.  If you have added and deleted encryption subkeys on your key, it could also have been encrypted to a subkey you no longer possess or which is revoked or disabled on your keyring; you may want to check your subkeys in your key's Properties.



  • 6.  RE: PGP key mismatch?

    Posted Jul 23, 2011 04:17 AM

    Checking my subkeys: Can you please help me understand? Below the "root" entry in the key are one or two entries - that is each a subkey, right? Then each of these potentially has a number of entries which I assume to be signatures (icon=slanted pen?, one of the two in my view has a little ball next to it, =earth? - I cannot find description of these icons. If someone knows of a description somewhere I'd be grateful if you can point that out.)

    In general how do I distinguish between PGP keys and S/MIME keys (which I was told are also on my keyring)?



  • 7.  RE: PGP key mismatch?

    Posted Jul 23, 2011 08:23 AM

    It sounds like you are looking at the key in All Keys.  I think you are referring to the User ID's that then do show the signatures on each when you expand them.  To understand each of these symbols, look at the Description column (which you may need to select Options in the View menu to make available the option of showing it).  That column will also show the key type.  The User's Guide shows some of the subkey symbols under the section Working With SubKeys - you need to right click on the key and select Properties to see the subkeys at the bottom of the resultant display.



  • 8.  RE: PGP key mismatch?

    Posted Jul 30, 2011 01:59 PM

    Well, this only shows: Never be too confident. My very first statement in this thread proved to be wrong. The source of all my woes was a new keypair (which I now recall was generated for me by my Sysadmin in January). My passphrase was different for this keypair and therefore always rejected. I was misled by the fact that my key recovery mechanism (using the KRB file of my original key) accepted my answers and reported that I successfully changed my passphrase.

    So after deleting this key and re-instating my original key, I was able to communicate again.

    I wish there was a way to add comments to keys and also to easily figure out which keys are which. It seems I have to become an expert on PKC to use PGP, where the S/MIME integration with Outlook makes life so simple.

    Thanks for the help, Tom. It is really great to have a forum where there are helpful and intelligent people reading your questions and being willing to help struggling cryptography amateurs like me.



  • 9.  RE: PGP key mismatch?

    Posted Jul 30, 2011 02:22 PM

    Glad to hear that you figured this out and that all is well now.  I'm not sure what comment you want to add, but a possibility would be for you to create another Key ID for the key, but instead of doing the usual name and email address, you could make a comment.