Endpoint Encryption

 View Only
  • 1.  Stubborn pgp client, not encrypting to pgp/mime

    Posted Dec 13, 2011 12:42 PM

    Having abanddon PGP desktop for mac, I am trying to find a solution between pgp desktop for windows and other software using gpg encryption...

    I have been trying to make, both independent clients and those using the universal server our office has (both in windows) to encrypt using pgp/mime in the security policies...

    Creating a new message service (disabling the other ones), selecting under every policy,

    "Perform the following actions on the message:

    encrypt to: reciepients unverfied (I have also tried verified variant) key

    Preferend encoding: PGP/MIME"

    however, when I check the pgp log in verbose view, I get:

    11:22:02 Email     Info    Processing outgoing message from XXX <yyy@xxx.com> with subject: test gpg
    11:22:02 Email     Verbose    Looking for verified encryption keys for email address yyy@.xxxcom
    11:22:02 Email     Verbose    1 usable encryption key(s) returned from local store(s)
    11:22:02 Email     Verbose    Looking for verified encryption keys for email address yyy@xxx.com
    11:22:02 Email     Verbose    1 usable encryption key(s) returned from local store(s)
    11:22:03 Email     Info       Encrypting PGP Partitioned message to yyy@xxx.com, yyy@xxx.com with key(s):
    11:22:03 Email     Info          'XXX <yyy@xxx.com>' (-------------)

    I have contacted the pgp support we still have at the office, but as always, we end up knowing more than they do about the software, so I turn to these forums when most of the time it has been users who have experienced the same problem and solved it...

    Anyone have any clue on how to fix this?

     

    thanks

     



  • 2.  RE: Stubborn pgp client, not encrypting to pgp/mime

    Posted Dec 13, 2011 01:12 PM

    In the good old days, when PGP Corp actually ran the show and had real support... (got off the phone with the symantec support people blaming the other products which were the ones causing the problem [again knowing more than them] this is ludricus, symantec really stinks...)

    for anyone having the problem, its in your pgppref.xml file

     

    http://forum.pgp.com/t5/PGP-Desktop-for-Windows/PGP-MIME-encoding-not-working-from-Lotus-Notes/td-p/32671



  • 3.  RE: Stubborn pgp client, not encrypting to pgp/mime

    Posted Dec 13, 2011 02:10 PM

    Thanks for posting your resolution.  It may be helpful to others in the future if you use the Mark As Solution option on your post.



  • 4.  RE: Stubborn pgp client, not encrypting to pgp/mime

    Posted Dec 15, 2011 10:01 AM

    I dont see the problem. you logs state that the email was encrypted

    So probably you have received some error message, somewhere.

    If you want to enable debug for logs, follow this article:

    http://www.symantec.com/business/support/index?page=content&id=TECH149847

    Send send full debug logs.



  • 5.  RE: Stubborn pgp client, not encrypting to pgp/mime

    Posted Dec 19, 2011 04:39 PM

    There are 3 types of encryption methods for pgp, I believe,

    - PGP/MIME which is the universal one

    - S/MIME

    - what is called pgp inline - which actually an older type of encryption (if I'm not mistaken)...

    What my logs show was that it was encrypted, but using pgp partioned, which is now symantecs way of calling pgp inline. The difference between pgp inline and pgp/mime is that pgp inline wraps the whole mail into it's own method of transfer, which, unless you have a pgp inline client that can de-wrap it, what you get is a *.html file for the text, and some attachmentxx.pgp for the documents you sent, so unless you have pgp desktop you won't be able to decrypt it (at least on a mac).

    To be clear there is no degree of difference on the encryption using either of the methods (unless I've missed something studying this), except for the fact that pgp inline is a pain in the butt to un-wrap.

    For some reason pgp desktop client is programmed as to by default send the encrypted messages in pgp inline (pgp partioned) method, and even if you select to be encrypted via pgp/mime in your policies, and you have to end up editing a XML file in your appdata folder in windows to solve it.

    Why am I using something else in Mac, other than pgp? Well, according to me, and the other 90%-ish of people who have answered the poll, think that symantec has NO SUPPORT for Mac and it hasn't been properly paid attention to...

    Another thing, for those who read this and use PGP UNIVERSAL SERVER, the servers policies refresh every 30 min or so, and modify the XML file back to PGP inline (pgp partitioned) method, so you have to edit that as well...  this will explain how to --- http://www.symantec.com/business/support/index?page=content&id=TECH164655 



  • 6.  RE: Stubborn pgp client, not encrypting to pgp/mime

    Posted Dec 19, 2011 05:04 PM

    You issue has solution, please open a new support case :

    Customer care:
    http://www.symantec.com/business/support/assistance_care.jsp

    PGP has severals ways of encryption

    They are all fully customizable.

    It´s false that every user which needs decrypt emails needs PGP software.

    Using Universal server, emails can be automatically decrypted by the server.

    Even, mail server is not needed, since encrypted emails can be read via web interface using Web messenger feature in the Universal server.

    MAC is fully supported. It´s true that there have been some bugs , but thanks to the support and developement team , this bugs have been fixed in the latest release.

    Universal server policy refresh rate can be customized using the Universal server Web interface.....

    I don´t know what "pgp inline" is; i have never read something like that.



  • 7.  RE: Stubborn pgp client, not encrypting to pgp/mime

    Posted Dec 19, 2011 05:13 PM

    I believe what you are calling inline encryption is actually what PGP calls PGP Partitioned.  It was the original PGP encryption, and is still the only encryption that can be used with v3 RSA keys (now called Legacy RSA keys by PGP).  This is why my initial thought as to why PGP Partitioned encryption was occuring; that maybe one of the keys being encrypted to was a Legacy RSA key.  S/MIME is actually a competing encryption alternative and is to X.509 certificates.  It has been awhile since PGP added the ability to do S/MIME encryption to x.509 certs for when that might be necessary or preferred.



  • 8.  RE: Stubborn pgp client, not encrypting to pgp/mime

    Posted Dec 19, 2011 07:44 PM

    Julian,

    Good to see someone other than Tom replying, thanks for taking the time and reading. 

    I'm sorry if I wasn't clear, or tried to use tech wording higher than my capacity, the issue was solved last week, I did contact support and opened a case, but ended finding the answer faster by myself on the internet, and getting a 3 day later answer from support, the firm I work for has pgp desktop licences', universal server, an email gateway and blackberry support....

    1. I don't know where I wrote that users needed to decrypt PGP desktop specifically, what I was pointing out to the PGP inline (or pgp partitioned -  Thanks Tom for clearing it out, I might not have been clear on this), becomes a pain in the butt to de-wrap using other open pgp alternatives, so using any other alternative, isn't really a good choice - as the message sent will eliminate the file extensions when encrypting it using PGP inline (pgp partitiones) and unless it's a doc file, the other pgp-gpg software won't be able to decrypt it - when it comes to mac at least.

    2.That is true, in the case that the recepient of the mail is also using the server, but not a standalone client in the laptop, or using a gpg alternative - in mac at least. 

    3. I am not familiar with the web messenger feature as I dropped windows and pgp desktop daily use in mac as well from my side of the firm, and it hard enough to teach the old associates to use pgp, let alone something else... I only use the pgp desktop on mac to support associates and try out new releases...

    4. Mac is supported, don't know how far I would say fully, i.e, the belated releases facing the OS upgrades from Mac, the faux apperance that Lion is 100% supported as know glitches still exists, i.e, the pgp client randomly quitting, the client deleting accounts, no support for MAPI/Exchange accounts... As I say, I appreciate the fact that Mac is being taken into account, but the 93% of people who answered the poll share the sentiment that, well, fully supportted isn't an expression that can be used right now, hopefully in the future. I have downloaded all versions of mac to date (Incluing recelntly released MP3), tried each and everyone, hoping that the glitches will be solved, but it seems it's not quite there, and being the whole concept of encryption and security a really important one, a glass half full isn't a valid statement.

    5. In relation to Tom's comments, I did try new keys we created for new associates using the universal server, but as I pointted out, for some odd reason in windows, which was the environment we tried in (at least 10 differente computers and keys) it was necessary to modify the XML file, some default programming in the instalation from what I've read in different posts and opinions, - that's why've I posted the links. 

    So I hope one day I can go back to recommending your product to new clients or people that are wow-ed at Mac's versatility, saying that PGP desktop is a must and a 100% reliable, to go hand-in-hand with their new mac, but not today...