Symantec PGP Encryption

  • Private Community
 View Only

  • 1.  PGP Encryption Issue

    Posted Nov 14, 2019 04:08 PM

    Hello all,

    Our organization is currently using Symantec PGP Encryption software and a File Transfer Protocol Application called, Axway to received and send files through encrypted SFTP connections. And we found there are some several vendors/clients who cannot use our keys for some reasons such as cipers or algorithms that may be different. Or other issues. Has anyone encounter an issue with certain PGP compabilities and in what ways or how did you resolved that issue? We have some who uses PGP command line and they need to change their script/code to make it work. What other scenarios have you seen?

    We have an issue where the vendor needs an email address in order to import the key. Many other vendors does not have that issue. Once we add the email address, the PGP Key Block has changed, would this affect the encryption and decryption process when delivering files?

    Another issue is the vendor such as Workday is using their Integrated tool to encrypt the key but when sending the files it failed to encrypt and sign once it hits our Axway File Transfer Protocol Application.

    Any suggestions and help in guidance would be appreciated!

    Let me know if I need add any attachment.

    Thanks,

    Q G



  • 2.  RE: PGP Encryption Issue

    Posted Nov 15, 2019 03:39 AM

    I'd say there are a potential variety of issues here.  First off, could you advise how you are actually using PGP?

    From your decription, I can only infer that you receive files that are first encrypted by external parties before sending, and all you do is decrypt and use the files.  Is that correct?

    Without any information on the external parties, or any indication of the kinds of errors you're encountering, there is little we can offer to help.

    At the very least, I'd recommend you ensure you and all the entities sending you files, are all running the latest version of the software.  The main reason for this is because v10.4.2MP1 and later versions dropped support for files potentially susceptible to the EFAIL vulnerability.

    Beyond that, and specifically regarding Workday, it sounds like their system is not working correctly.  Encryption against your key should happen locally on their end before the file is even sent over SFTP, therefore it sounds as if that if failing to happen if it arrive in clear text when you receive it (I assume here that you don't have some automated process in your SFTP server to decryp files on arrival, and if you did, that you checked the logs.)

    A key needs to be assigned to an entitiy, but in the case of file encryption, and as you've found with your other venders, it need not be an email address.  The external party may just need some help and guidance.  Is it possible your company is the only party for whom they have to encrypt files in this way?  Perhaps offering your own experience would help?