Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Send email encrypted with external users

Created: 21 Sep 2011 | 7 comments
NTC's picture

Hi...

How can i configure the US to search for the public keys of external users.. When i send email to external users from PGP desktop,  it doesnt find the public key.. so i guess i need to configure the US to search for them.. Where can i find this option???

Regards,

NTC

Comments 7 CommentsJump to latest comment

Symc_TomC's picture

On the Universal Server:

Keys -> Key Servers /->Add Key Server

Tommy Cooper
Regional Product Manager (RPM)

Information Security Group | Encryption
Symantec Corporation

Symc_TomC's picture

Btw - forgot to mention - depending on your client (is it managed by a UN or standalone)?  I assumed managed since you mention the UN.  In either case and depending on your UN Policy, you may also be able to adjust where the client searches for keys on the client itself.

Tommy Cooper
Regional Product Manager (RPM)

Information Security Group | Encryption
Symantec Corporation

NTC's picture

Hi Tom..

Yes its managed, i think that the Global directory is enable by default right?? I changed some rules of my policy chains (outbound), all to search in the gobal directory, but didnt work. How can i troubleshot mail flow?? I tried to enable the Learn Mode but i dont see any log.. im not sure if it also works if the encryption is done in PGP Desktop.

Regards,

NTC

bnilsson's picture

Hi NTC.

Regarding the troubleshooting, adding the logging at chain or rule level is a first step,

second - does your logs on the universal or client level indicate that the resolve or connection to the global directory was a success or not?

NTC's picture

Hi bnilsson,

Ok.. before the actions i supposed that need to add a log entry .. and then continues processing the other actions, right ?

Mmm no, i dont find any log  entry refering to the Global Directory... All i see is in the PGP Desktop with the notifier the pop up that says.. Not key found, send it clear.

 

Regards,

NTC

bnilsson's picture

Hi again.

Yes, you could either add separe rules just containing the log action, or better, add a log entry to existing rules (before the "normal action").

Ok. Is the Global Directory enabled beneath Key-servers? - you should have some indication on the UNI - client logs (turn on verbose) that indicates something - at least something along the line : CLIENT-XXXXX: key search <recipient@domain> [keyserver.pgp.com]: Y .

NTC's picture

ok.. thats a good idea.. i understand that the mail flow that a PGP desktop follows is this: Default - Outbound client mail - outbound - application is client - client outbound only -send message.. I notice that inside the Key search of this policy the Global Directory is in second place.. i will try to change the priority..

and.. i was looking in the wrong logs.. i will do some test and tell you the results...

thanks for your help...