Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Saving public keys to keyring

Created: 22 Mar 2011 | 2 comments

Hi,

Product: PGP Desktop/ PGP Universal Server
Product Version: 10.1.1 (Build 10)/ 3.1.0 Build (860)

Platform / OS Info: Windows XP/ Windows 7
Severity (Major or Minor)**: Major
Technical Question:

I would like to log a bug with PGP Desktop where public keys aren’t being saved to users local key-ring.

So we have a local pgp keyserver that each PGPdesktop client would search and find any bskyb users public key when sending an encrypted mail using the following policy chain when you hit send:

  • PGP Global Directory (ldap://keyserver.pgp.com:389)

    Once this has been found (Talking about local company keys found from keyserver) and the email is sent I would expect to see that public key in my key ring for future use as I have set the following in each PGPDesktop:

    Tools, Options, Keys, When keys are found: 'Save keys to my keyring'

    But unfortunately it doesn’t: (Is this some bug?)

    We really need this option to work otherwise there is no point us using this product......for example:

    You are sending internal encrypted mail for say years with this setup then for some reason the servers go down or there is some routing issue where PGPDesktop clients cant see the local pgp keyserver for keys before sending you would then need to ask everyone you have sent to in the past from the local keyserver to send you their public key.....but this should not be if you have the option selected to say 'Save keys to my keyring' when found.

    Kind regards,

    Anthony

  • Comments 2 CommentsJump to latest comment

    Sarah Mays's picture

    This might be caused by a setting in your consumer policy, log on to the universal server and click on Consumers -> Consumer Policy-> pick one of your policies ->PGP Desktop -> Messaging & Keys -> Allow the user to locally manage keys

    Also, you can turn on debug logging in PGP Desktop to see more information when trying to add user's public keys to a key ring.

    https://pgp.custhelp.com/app/answers/detail/a_id/2...

    I have a similar setup with PGP DT 10.1.1, windows and mac clients with a PGP universal server 3.1, and we do not have this issue with saving public keys to our keyrings.

    dseefer's picture

    I also observed this issue with my implementation; Universal Server 3.1 with pgp desktop 10.1.1.  I finally found a statement in the Pgp desktop online help file that indicates this is by design. In a Universal Server managed environment, keys found on the servers are NEVER saved to the local ring, but are cached if the consumer policy is set to allow caching. Here is the statement from the user manual. I've pasted in the exact statement from the "Keys Options" section of the help file (the typo "if they are cached" towards the end of the statement is Symantec's, not mine...)

    Note: If you are using PGP Desktop in a PGP Universal Server-managed environment, this option is not used. Your PGP Universal Server defines whether keys are looked up and, if found, if they are cached. Keys found in a PGP Universal Server-managed environment are never saved to your keyring.