Quantcast
Channel: Symantec Connect - Security - Discussions
Viewing all 203 articles
Browse latest View live

Need Implementaion Plan and SOW for PGP Command Line Encryption

$
0
0
I need a solution

Hi,

Can you help and suggest for docunment related to implementation plan ansd scope of work for PGP Command Line Encryption Solution.

0

Attempting to Decrypt ZIP

$
0
0
I need a solution

I have a zip.pgp file I'm attempting to decrypt with PGP Command Line, I have imported both keys and PGP throws no errors when using the -decrypt command. Windows is unable to open or extract the output file.

0

Signing & Setting trust on an imported key pair to an empty keyring

$
0
0
I need a solution

My use case:

I need to setup PGP Commandline in 4 different server (which is load balanced -- meaning at any given point in time, any one of the server will handle the request & we don't know which one it will be). Hence the keys (both pubring & secring) should be common & in sync.

What i did:

On one of the server, i generated a keyring and export the key pair . In rest of the 3 servers, i'm trying to create an empty keyring & import the key pair from Server#1.

But the problem is when I try to sign & trust a key pair that i imported to an empty key ring, i couldn't do it as the command requires a pass phrase. How can we sign & trust the first key in the keyring when its imported (not generated)?

Alternatively, i can just copy paste the key ring from the original server to all the servers. But i just wanted to know if that is an ideal solution?

Any help is much appreciated. 

OS: Linux

PGP Version: 10.4

Regards,

-pn

0

command line decryption getting error of decrypt (1080:no private key could be found for decryption)

$
0
0
I need a solution

dear team,

i already export the public and private key, they i tried to encrypt its successful. while am teying to decrypt the file it getting below erroe, please help me to slove ASAP

C:\Program Files\PGP Corporation\PGP Command Line>pgp --decrypt --input C:\Temp1\29122016.txt.pgp --output C:\Temp1\150217.txt --passphrase "p@ssw0rd"   --overwrite remove  --temp-cleanup remove  --input-cleanup remove
pgp:decrypt (2710:days left in current license, 22)
C:\Temp1\29122016.txt.pgp:decrypt (1080:no private key could be found for decryption)

C:\Program Files\PGP Corporation\PGP Command Line>pgp --decrypt --input "C:\Temp1\29122016.txt.pgp" --passphrase "p@ssw0rd"
pgp:decrypt (2710:days left in current license, 22)
C:\Temp1\29122016.txt.pgp:decrypt (1080:no private key could be found for decryption)

C:\Program Files\PGP Corporation\PGP Command Line>

C:\Program Files\PGP Corporation\PGP Command Line>pgp.exe --decrypt --input "C:\Temp1\29122016.txt.pgp" --passphrase "p@ssw0rd" --output "C:\Temp1\150217.txt"
pgp:decrypt (2710:days left in current license, 26)
C:\Temp1\29122016.txt.pgp:decrypt (1080:no private key could be found for decryption)

0

What is the minimum and maximum passphrase length for PGP Command line

$
0
0
I need a solution

Hi,

We would just like to inquire what is the minimum and maximum passphrase length for PGP Command line. Currently we have the PGP Command Line 10.3. This is only for our documentation

Please advise.

Thank you.

0

PGP Command Line licensing on Backup (Contingency) Server

$
0
0
I need a solution

Hi,

could I install the same PGP Command Line licence on both production and contingency server? Both servers never work in the same time. Contingency Server works only in production disaster case.

Thanks,

0

PGP Command Line licensing for cross platforms

$
0
0
I do not need a solution (just sharing information)

Currently using PGP Command Line 10.3 on Windows 7 with a 12 months maintenance subscription (SYMC PGP COMMAND LINE 10.3 XPLAT 8 CPU RENEWAL ESSENTIAL 12 MONTHS GOV BAND S) expiring this Sep 2017.  In planning for migrating to the AIX platform, do I need to acquire a new license or simply renew my existing one? Is license valid across platforms?

Thanks!

0

Error in Installation PGP ebusiness server 7.1

$
0
0
I need a solution

Hi Team,

We are installing PGP ebusiness server of version 7.1 in our server.

While installing it says one error like "PGPSDK service not running,will run after reboot" and "PGPSDK driver nor running,will run after reboot" and ask for reboot for completing of installtion.

After reboot installation gets completed,PGP e-business server also opening,but one message is coming:

"unable initialize SDK service,running in local mode"

When we check ,the PGPsdk service is not started.While we try to start it gives error.

Error screenshots are attached below.

Please help to check.

Regards

Ankit

0

PGPprefs.xml:1: parser error : Document is empty for all commands

$
0
0
I need a solution

Hi 

PGP Command Line 10.0 build 674 . Migrating from Server 1 to Server 2  

From Rhel 6.8 to Rhel 7.3 

Installed PGP .  Any command gives the below error

-bash-4.2$ pgp --version

/home/informac/.pgp/PGPprefs.xml:1: parser error : Document is empty

/home/informac/.pgp/PGPprefs.xml:version (1009:unable to open preferences file)

I removed the PGPPrefs.xml  & run  the same command pgp --version. It works. The next time i run any other command it errors out. 

-bash-4.2$ rm PGPprefs.xml

rm: remove regular file ‘PGPprefs.xml’? y

-bash-4.2$ pgp --version

PGP Command Line 10.0 build 674

Copyright (C) 2010 PGP Corporation

All rights reserved.

-bash-4.2$ pgp --version

/home/informac/.pgp/PGPprefs.xml:1: parser error : Document is empty

/home/informac/.pgp/PGPprefs.xml:version (1009:unable to open preferences file)

-bash-4.2$

Any ideas? The only link I saw related to this message indicated somthing with Libxml2.  

libxml2-2.7.6-21.el6_8.1.x86_64 on Server 1
libxml2-2.9.1-6.el7_2.3.x86_64 on Server 2    --- Tried Yum install libxml2-2.7.6-21.el6_8.1.x86_64 which said "No package" 

Not sure if it is related to the library version OR if it can be fixed otherwise. Permissions on the folders are right. There is no issue with that. 

- Any ideas ? Please let me know any suggestions. Need this fixed 

Note:  I do not want to upgrade as this is non-prod & should match our prod which is in Version 10.0 build 674.  If I have to upgrade , how can I get the download link?

Thanks

0

Pgp command line -PGPprefs.xml:1: parser error : Document is empty

$
0
0
I need a solution

Hi 

PGP Command Line 10.0 build 674 . Migrating from Server 1 to Server 2  

From Rhel 6.8 to Rhel 7.3 

Installed PGP .  Any command gives the below error

-bash-4.2$ pgp --version



/home/informac/.pgp/PGPprefs.xml:1: parser error : Document is empty



/home/informac/.pgp/PGPprefs.xml:version (1009:unable to open preferences file)

I removed the PGPPrefs.xml  & run  the same command pgp --version. It works. The next time i run any other command it errors out. 

-bash-4.2$ rm PGPprefs.xml



rm: remove regular file ‘PGPprefs.xml’? y



-bash-4.2$ pgp --version



PGP Command Line 10.0 build 674



Copyright (C) 2010 PGP Corporation



All rights reserved.

-bash-4.2$ pgp --version



/home/informac/.pgp/PGPprefs.xml:1: parser error : Document is empty



/home/informac/.pgp/PGPprefs.xml:version (1009:unable to open preferences file)



-bash-4.2$

Any ideas? The only link I saw related to this message indicated somthing with Libxml2.  

libxml2-2.7.6-21.el6_8.1.x86_64 on Server 1

libxml2-2.9.1-6.el7_2.3.x86_64 on Server 2    --- Tried Yum install libxml2-2.7.6-21.el6_8.1.x86_64 which said "No package" 

Not sure if it is related to the library version OR if it can be fixed otherwise. Permissions on the folders are right. There is no issue with that. 

- Any ideas ? Please let me know any suggestions. Need this fixed 

Note:  I do not want to upgrade as this is non-prod & should match our prod which is in Version 10.0 build 674.  If I have to upgrade , how can I get the download link?

Thanks

0

Bypass Bootguard with SCCM?

$
0
0
I need a solution

Hi All,

We are in the process of upgrading to W10.

We are using an SCCM Task Sequence.

This is the command line I am running:

pgpwde --add-bypass --disk 0 --count 5 --admin-passphrase "MyPassword"

I'm running this as a specific account; SCCM.PGP. I have given this account SuperUser privileges and also added the wdeMaximumRestarts preference to the policy for this account.

If I run this on a machine where SCCM.PGP has previously logged in, then the command works fine. If I run it on a machine where that account has never logged in then I get the following error:

Error Code -12450: administrative preferences file not found.

We have nearly 3000 machines which we need to perform this on, so can not possibly log in on all of them with this account.

​I spoke to tech support who told me to add the --aa switch to the command but this either ends up resulting in "bad passphrase" even though its correct or, "Not permitted by your administrator"

Anyone have any ideas?

Peter

0

A way to install multiple pgp keys on multiple servers

$
0
0
I need a solution

We have to, every quarter install private keys right as they expire on multiple servers by the 1000's. Is there any way to automate this through command line or through a gui tool. Currently its a manual tedious process to login to a server and open up command prompt and install and trust our private key. Though the install is pretty simple to install and trust the key, its time intensive when doing this on 100+ serevers.

Any way to install one key and trust to dozens of servers through a gui or powershell/cmd script ?

Anyway to install multiple keys and trust them on dozens of servers.?

THeres got to be an automated way to do this..either through powershell or a gui api tool..

0

PGPfsfd.sys In Crash Dump

$
0
0
I do not need a solution (just sharing information)

We have had one of our servers crash at least twice with the root cause tracked to PGPfsfd.sys. We are looking at upgrading to 10.4.1 to resolve the problem, and would like to know if this file has been updated from  version 10.3.0 to version 10.4.1.

0

Ran bootrec /fixmbr and lost PGP bootguard....please help!

$
0
0
I need a solution

Please help.....I am running PGP 10.3.2 MP8 on Windows 7.  I was stuck in a startup repair reboot loop and foolishly ran bootrec /fixmbr, thereby wiping out my PGP MBR and making a bad problem worse.  After that, the result upon booting was a black screen with a blinking cursor in the top left corner.

I pulled out my HDD and put in another HDD where I installed Win7 and PGP from scratch so that I could use pgpwde as I read it will be faster than running from recovery CD.  Question - do I have to encrypt the local drive to properly use pgpwde, or can I leave it decrypted?  I want to leave it decrypted as I am worried new keys will be generated and sent to my employer's server where they will wipe out the old ones for the original drive.  I don't really understand how the keys work but want to avoid clobbering anything remotely stored under my SSO company ID.

First thing I did my my MBR damaged HDD was attempt to clone it using Clonezilla since I didn't want to do anything that may destroy it further.  That failed initially due to bad sectors.  Then I ran Clonezilla with --rescue parm, skipping bad sectors, and it succeeded.  Subsequently, I read that DDRescue would have been a better choice as it will recover more data.  So, using yet another different drive, I ran DDRescue and got what seems like good results to me - 131K total error size and 16 errors.   I have the hex map of exactly where the errors are on the drive and their sizes.  Note that I am using 2TB external Seagate drives as the targets when doing this cloning - my originally drive is a 500GB SATA 6.0 2.5" with about 248GB used.

I played with pgpwde on the Clonezilla clone with the skipped sectors while waiting for the DDRescue to complete.  The good news is that pgpwde --recovery was successful.  It said it found the backup BGFS record on sector 3.  Then it reported "Recovery successful".  However, I tried booting off the cloned drive, and it said BootGuard loading stage 2... in the top left corner and hung.  I am looking at this tech article - https://support.symantec.com/en_US/article.TECH149631.html​  Should I have run PGP's --fixmbr before the --recover?  I ran pgpwde --status, and it showed the disk as offline and uninstrumented.  Shouldn't it have been online and instrumented after successsful recovery?

In any case, I have abandoned the Clonezilla drive for DDRescue - I am making a copy of the DDRescue clone right now so that I don't destroy that one and will try the "pgpwde --recovery" on it when it's done.  But can you please tell me if I should run "pgpwde --fixmbr" first?

And, of course, I would appreciate any other advice you have.

Thank you!!

0

3064: Key invalid

$
0
0
I need a solution

I get an error message, when encrypting a file:

pgp --encrypt$filename--recipient$recipient--signer$signer--passphrase$passphrase--debug

             0x.......:encrypt (3064: key invalid)

pgp:encrypt (3157:current local time 2017-08-22T11:53:25+10:00)
C:\PGP\pubring.pkr:open keyrings (1006:public keyring)
C:\PGP\secring.skr:open keyrings (1007:private keyring)
 unhandled event 1
Checking signatures... 100%
 unhandled event 2
done
0xABC444E0:encrypt (3064:key invalid)
0xABC444E0:encrypt (1030:key added to recipient list)
 unhandled event 1
Checking signatures... 100%
 unhandled event 2
done
Encoding .\out\sample.txt...
.\out\sample.txt:encrypt (3048:data encrypted with cipher TripleDES)
Encoding .\out\sample.txt... 100% (⸥昱猥)
Encode complete
.\out\sample.txt:encrypt (0:output file .\out\sample.txt.pgp

​Output file created .pgp

             Recipient can decrypt the file.

I have Read the Following Document:

https://origin-symwisedownload.symantec.com/resour...

Page 283, Frequently Asked Questions > "Invalid" Keys

1. I have imported Recipient Public Key

pgp --import recipient.asc​​

.\recipient.asc:import key (0:key imported as 0xABC444E0 recipients@email.com)

2. Sign the Recipient Public Key

pgp --sign-key recipient@email.com --signer 0xABC444E0 --sign-type exportable --passphrase ABCDEF

0xABC444E0:sign key (0:certified user ID recipient@email.com)

Windows Server 2012 R2

PGP Command Line 10.4.1 build 41
Copyright (C) 2016 Symantec Corporation. All rights reserved.
All rights reserved.
Use of this product is subject to license terms.
This Symantec product may contain open source and other third party materials
that are subject to a separate license. Please see the applicable Third Party
Notice at http://www.symantec.com/about/profile/policies/eulas/.
0

Importing a PGP key

$
0
0
I need a solution

Hi guys, I'm in a bit of a pickle here.

I had numerous back ups of my PGP key and thanks to windows and my laptop needing to be reset (I clicked keep my files and folders) but it deleted half of my stuff anyway.

To cut to the point, I tried to import my PGP key, and I can see there is only a public key so I cant sign and decrypt, not a problem I thought? I also have the public key and secret key stored away but I cant for the life of me work out how to import my key using my public and secret key? I've tried to create ASC files the lot!

When I go to import my key using my backups it either only has a public key or it says "key expired"

Help on this one is really appreciated :)

0

PGP Command Line using Batch Script

$
0
0
I need a solution

Hi,

I recently downloaded trial version of PGP command line to try encryption and if it is good will recommend my engineering team for implementing this. But i was successful in generating a key and also encrypting and decrypting the files in command prompt.

Command used for encryption

pgp --encrypt "C:\Users\sdhang00\Desktop\Sample.xlsx"  --recipient "SAMPLEKEY"

Command used for decryption

pgp --decrypt --input "C:\Users\sdhang00\Desktop\Sample.xlsx.pgp" --passphrase "sampletest123"

This works fine when executed from command prompt. If i have the same commands in batch script and i execute it would do anything.

Batch Script

pgp --encrypt "C:\Users\sdhang00\Desktop\Sample.xlsx"  --recipient "SAMPLEKEY"

move  "C:\Users\sdhang00\Desktop\Sample.xlsx"  "C:\Users\sdhang00\Desktop\Sample1.xlsx"

pgp --decrypt --input "C:\Users\sdhang00\Desktop\Sample.xlsx.pgp" --passphrase "sampletest123"

Can anyone help me with this

0

PGP Version 10.1

$
0
0
I need a solution

Gen-key and import have stopped working, Does not add the new key to the keyring.

encrypt and decrypt work fine.

Shows success on gen-key and import, but the keys are not added to key ring.

timestamp on key ring show 8/10/17 which is the last time it worked.

These files doe exist on our Net App Device, have for many years.

Moved keyrings to local drive and works.

0

Encrypting and singing key for transfer using IPswitch

$
0
0
I need a solution

Hello,

I am trying to encrypt a file an then send the file trough IPswitch to an outside vendor. I have been able to accomplish this with other vendorrs but one in particular doesn't work. I am trying to automated this process and the company uses adTempus for automation. The job runs but does not send the file. The only time I was able to send the file it had a double .pgp extension. I have tried the following commands listed below.

pgp --encrypt <file path> -r <receipent>

pgp --encrypt <file path> -r <receipent> --signer <key ID> --passphrase <passphrase>

pgp -es <file path> -r <receipent>--passphrase <passphrase>

The one that worked was a line code that resulted in a double .pgp extension.

pgp --encrypt <file path> -r <receipent>

pgp --sign <file path> --signer <key ID> --passphrase <passphrase>

I am not the best programmer nor am I that good with PGP as I have had to learn it on the fly. Any assistance would be greatly appreciated.

0

when try to decrypt File Signature invalid

$
0
0
I need a solution

Hi

we are using pgp command line to encrypt files and sending to bank when bank try to decrypt file they get signature invalid . the below it's our steps that are using 

1.pgp --gen-key "SAICO-Pub" --key-type RSA --bits 4096 --passphrase "my passphrase"

2.export our public key and send it to bank 

3.import bank public key 

  • pgp --import "Bank_public_key.asc" 
  • pgp --sign-key 0x4F28B7F4 --signer 0xED7E8048 --passphrase "my passphrase" 
  • pgp --set-trust 0x4F28B7F4 --trust complete

4.encrypt and sign file

  pgp --encrypt "E-PAYMENT-1.txt" --recipient "Bank_public_key" --sig "E-PAYMENT-1.txt" --signer "SAICO-Pub" private --passphrase "my passphrase"

0
Viewing all 203 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>