Hi,

I am using PGP 10.3.2 command line on Windows-2008 and my client is using PGP 10.3.2 command line on Linux.

We shared public keys and at both sides key imported and signed with our private keys.

I am able to decrypt the file sent by my client and don't see any issues. But when my client tries to decrypt the file sent by me, he is able to decrypt but see a message 3079:signing key invalid. I initially suspected that this could be due to my client did not sign my public key and/or not trusted in his key-ring after import. But this was not the case. My client imported my public key, signed and trusted using his private key but still encounters same message while decrypt. 

Note: My client is using a trial version but I am using licensed version. ( I believe, this shouldn't be an issue)

I don't any issues with another client who is using PGP 10.3.2 command line on Windows-2008 but why the 3079 message prompts on Linux version of PGP.

Presently we are running PGP Keyserver 7.0 on a Windows 2008 server. We plan to update the server to 2012R2 and were wondering if this version of Keyserver is compatible? If not, what do we need to upgrade to?

Thanks!

Hi,

I tried to fire the pgp command in my asp.net application. But it is not working.
I is working when i enter manually in cmd or execute bat file by double click it.
Any solution ?

Regards,
Calvin

PGP Command Line 10.3.2 build 12316

Windows Server Preview build 10074

message.txt:

From: DEMO@GMAIL.COM
To: DEMO@GMAIL.COM
Subject: TEST

TEST

From PGP Command Line 10.3.2 User’s Guide ( https://support.symantec.com/en_US/article.DOC7066... ):

pgp --encrypt --email C:\data\message.txt --recipient jmedina@example.com --sign acameron@example.com --passphrase "a_cameron*1492sailedblue"
Encrypts the file message.txt to the public key associated with the email address jmedina@example.com and signs it with the private key associated with the email address acameron@example.com. The passphrase for the private key is supplied.

Butmy testfails, it seems encrypt is success, but sign is fail.

Microsoft Windows [Version 10.0.10074]
(c) 2015 Microsoft Corporation. All rights reserved.

D:\demo>pgp --list-keys
 Alg  Type Size/Type Flags   Key ID     User ID
----- ---- --------- ------- ---------- -------
*RSA4 pair 4096/4096 [VI---] 0x1234ABCD DEMO <DEMO@GMAIL.COM>
 RSA4 pub  2048      [VT---] 0xCA57AD7C PGP Global Directory Verification Key
2 keys found

D:\demo>pgp --encrypt --email message.txt --recipient DEMO@GMAIL.COM --sign DEMO@GMAIL.COM --passphrase "prEtr*kAbudaZafru7a4ramu5tufRASa"
message.txt:encrypt (0:output file message.txt.pgpmime)
DEMO@GMAIL.COM:encrypt (3104:could not read file, No such file or directory)
DEMO@GMAIL.COM:encrypt (3090:operation failed, file operation error)

MIME-Version: 1.0
From: DEMO@GMAIL.COM
To: DEMO@GMAIL.COM
Subject: TEST
X-PGP-Encoding-Format: MIME
X-PGP-Encoding-Version: 2.0.2
Content-Type: multipart/encrypted;
    boundary="PGP_Universal_15573F17_57097A5D_4B69C4F5_EF7C9739";
    protocol="application/pgp-encrypted"

--PGP_Universal_15573F17_57097A5D_4B69C4F5_EF7C9739
Content-Type: application/pgp-encrypted;
    x-mac-type=54455854;
    name=Version.txt
Content-Disposition: attachment; filename=Version.txt

Version: 1

--PGP_Universal_15573F17_57097A5D_4B69C4F5_EF7C9739
Content-Type: application/octet-stream;
    x-mac-type=70674546;
    name=Message.pgp
Content-Disposition: attachment; filename=Message.pgp

-----BEGIN PGP MESSAGE-----
Version: PGP SDK 4.2.1

qANQR1DBwUwDKiwXsXjmLeoBD/9f0tmohPvsYYduQj2g1ml6U3/Bdgt91OgSkMjT
bv0BiMWzx1AKTdvBPBu14SqdLjoej4iQAuoo7HkJXga9UAFLHa2SCFExWVBK6jbo
mPdw0wsGCNwISidAeVxgtnDmkK753GDci3qsM9muNgBRfm4acwyN/IbX8IuNpppw
B2yvx+WGiwuV7FLeih5ASihEOKEa5MsNl/Q969t2a3G4RYQ1A007xpM0Sf/qdwlA
XStbCA/2Urc/G8Rb0yBTsHqvS/b2xmG7OYCrFb2fko+8ZPu2w+jvkD2lhZdtihaF
+o8TMhgDN/UFadGsP+44ctAZZNMF6xqkouht9A3Y+E0X1ZpfJ/+x+9WhzpMcFmBc
bTLxcKY6tz0ttJfbsXhP/WYc5gziaRTJkySYxg+yfBy2HN5HpyQlAyMza2dHf7+W
t2XyjLq9yWRWnVLB6wv867u1lb4DSM4pJh8RMv3B4xv3XnkuySanxWBWCyNOdos1
+vW5ObwspbtaYIEncQCcNTyhC356J0y1CYZUxrBSjP3yQUDwtUUrx8bqitoskg9X
VSIyj5PPdFurhHjZL1KzQ9ZZP5t8fpAoN99odQbWpqpY9UanzJ9UAQu1m6gu5tlf
Wlf3qD3JALnzv2m3Y1wWaZ04quNa+WNnRsfeoPGASEyu6APz6vuK8CdMBCF0n1JU
RDEa59LBngFSQT4yI33riDCbusurcGBlFbo7MzYQLyUd0THy8eYrkFjic6Ng5tCF
BY7H29h5aM3r0/SSHN3K3EJldXTpZQbW6Fe7JzCVF7hxOX1bH5E5ridRDYsJzYe3
PnPJae3XQ6ohYkXsiy0XNTads3to4Yc2kkg9W25+/+STpqZn/zOWohPI+HJWGu0I
V3ArrnJ8Ar8lrAC5n9Egvqykc/x1gCV7Kb22PuyxzErAt2I3dthcvZ7ook4pi5K2
oBoT1vvsPEwRJO+90pSQ6Fa8yf9xrEeXbNwuwS2S0Unusa+AEO1DJuMncJGL3HV1
J7kf7zCgtzqIVPkprbcKIwhQroMa6z+CIWORuyMjfhyTSfWatJqGBTaABo7bOU0W
jQaKevFyg/7NNKP2t5fdQv1lTDawJK3oC02y2B6yuJ/yqhkAPEDOLq+NmH/z2U8v
e1NZQy7yHsDkZ0ONO+0uMbpCExiv675ChN1ZksPztK9QTaB8dO5epufRpc+uxJ+E
7jHQAlo8HdrMxkublOlAJxxBg2LWZgkPRHsi28ui0EzMl5QQmCwIjQxme+abZc5W
YlXZkmBYCNjOKEzXWdyR1tUVriY9sKasyk8F9rUFePW+/V2vvvgobWqxOUxKPnd0
3yY7yRSYx3WkRqm6TcedOzbeFRuazOMoE3OfkJWLWdCItoheIepautkKG0qjntZ9
5j2/G9262P6ze4fVDJSGa48uNgPbTpJQyhPXEjGz167RXkTUhGp93FF/BaHWaisu
uJgKoML8DAm6FMlExRcZDuYf+SgENQWFZhEPLRB53ZPB97PVsg==
=88yv
-----END PGP MESSAGE-----

--PGP_Universal_15573F17_57097A5D_4B69C4F5_EF7C9739--

D:\demo>pgp --decrypt --email message.txt.pgpmime --annotate --passphrase "prEtr*kAbudaZafru7a4ramu5tufRASa" --output decrypted.message.txt
message.txt.pgpmime:decrypt (0:output file decrypted.message.txt)

From: DEMO@GMAIL.COM
To: DEMO@GMAIL.COM
Subject: TEST
X-PGP-Universal-Decrypted: TRUE

* PGP Signed: 06/02/15 at 13:43:13, Decrypted

TEST

* DEMO <DEMO@GMAIL.COM>
* 0x1234ABCD

D:\demo>pgp --verify --email message.txt.pgpmime --annotate --passphrase "prEtr*kAbudaZafru7a4ramu5tufRASa"
message.txt.pgpmime:verify (3093:data is encrypted to subkey ID 0xABCD1234)
message.txt.pgpmime:verify (3044:subkey ID 0xABCD1234 belongs to 0x1234ABCD DEMO <DEMO@GMAIL.COM>)
message.txt.pgpmime:verify (3090:operation failed, bad passphrase)

then i try sign only:

D:\demo>pgp --email message.txt --sign DEMO@GMAIL.COM --passphrase "prEtr*kAbudaZafru7a4ramu5tufRASa"
message.txt:sign (0:output file message.txt.pgpmime)
DEMO@GMAIL.COM:sign (3104:could not read file, No such file or directory)
DEMO@GMAIL.COM:sign (3090:operation failed, file operation error)

MIME-Version: 1.0
From: DEMO@GMAIL.COM
To: DEMO@GMAIL.COM
Subject: TEST
X-PGP-Encoding-Format: MIME
X-PGP-Encoding-Version: 2.0.2
Content-Type: multipart/signed;
    boundary="PGP_Universal_C9FBF196_EFA0BB41_0D611BC9_EF4B0B4D";
    protocol="application/pgp-signature";
    micalg="pgp-sha256"

--PGP_Universal_C9FBF196_EFA0BB41_0D611BC9_EF4B0B4D

TEST
--PGP_Universal_C9FBF196_EFA0BB41_0D611BC9_EF4B0B4D
Content-Type: application/pgp-signature;
    x-mac-type=70674453;
    name=PGP.sig
Content-Disposition: attachment; filename=PGP.sig

-----BEGIN PGP SIGNATURE-----
Version: PGP SDK 4.2.1

iQIVAwUBVW1Hp6hXpJo6KSYcAQg1QRAAmGraDJwo98105VOqWxHRX7rtodq5Iaqr
T5bsDtL9gcNRsqd/39D3YxeGkG1t2mPQM//AebbQ0dtx8LW4hQhiroIS1OP8u7aF
GInYvAD7yaK9RbRbn05TSt0zmaikemZbzl9CQdsX9s6J5s55XNrsOEb1QgCGtF+e
w3nOPcuQNf+zj+P418k1m+dZ17qVTKiuY7In/QydwjhQWKzE5nfFh/zwnAQBpJqQ
n1pLGgZ0QRnjysYpX6rnGWrIEqiyhtgncMQMpLpc3K1Qe+4VMBrc7baBLQf+oawu
e7zIyGMQnfWzkBhABlZwWQiDO/L0uv+dLQHGuiQjxY+6cWeU/F32D89XgMb45KHP
az68Cq8nX/mSkPTXOOhxSDJfTRXfkE1E55HHbHwXGj87gks0DNdz2habzR4Jue8y
ibnUio4OK4JGr1nVesXPTiWs8D5pzp8n+INxP0QiXYJnideexQbn8QAi5eDlHKtQ
TI6njy7OjjJCpSNLUc4dNFvzN0/nN7GRMSMG8R9coUSXAEKhAxGjDNkJZGegz2WU
n9yvYT8DJIeOi6H1BAn7NJWbc0HzdGHMrsKLe9VkXw8ghe6RVj1h6Rg0SH6BIubL
Z6ZDFF0TxyTI7QL9ptnSUpFkZQwzOXotKGexuv/tOOrMBHLp4gEqvWYoP6I2bInf
+6k9FevsX3I=
=abTd
-----END PGP SIGNATURE-----

--PGP_Universal_C9FBF196_EFA0BB41_0D611BC9_EF4B0B4D--

no output when verify:

D:\demo>pgp --verify --email message.txt.pgpmime --annotate --passphrase "prEtr*kAbudaZafru7a4ramu5tufRASa"

Am I doing something wrong?

We are not able to run any commands on commandline 10.3.2 with non root user. Where as we are able to perform operations with root user.

I tried using --version -- verbose as well. This gives no output(not even error) for app user. though we get expected o/p with root user.

Thanks

Hi Guys,

Im trying to run a batch file which consist of pgp encryption command by using windows services. When i trigger the batch file manually, the file can be encrypted but however when i try to to trigger the batch file using windows service it unable to encrypt the file. As far I know, windows services cant find the pgp keys(pubring.pkr & secring.skr) at its respective location/directory. Please advise. Thanks.

Regards,

Vijayan Selvam

Hi everyone. We are new to PGP Command Line.  Due to an unforeseen need, we must have this installed and working on our server very soon.

I installed the 64 bit version of the software on a Windows 2008 server.  We do not use any other Symantec encryption product on the server.

I checked the documentation and used the specified flags.

For example my statment looks like this (the exact parameters are changed but the flags are as-is):

pgp --license-authorize --license-name "Authorized User" --license-organization "Authorized Company" --license-number "xxx" --license-email "xxx@xxx.edu" 

This results in an error pgp:parser (9000:invalid flag "--license-name") .

I tried using different flags - I just removed "license" from them so this worked:

pgp --license-authorize --name "Authorized User" --organization "Authorized Company" --license-number "xxx"

Which actually registered a license apprently, but that is not what I wanted to do becuase i wanted to include an email address as well.  I received no warning about a missing email address.

I then tried use the --force option to pass the --license-email parameter - instead recieved an "invalid flag" error.  I changed it to --email and then it thought I was trying to open a file with the same name as the email address (??) and errored again.

I tried uninstalling but this requires a reboot and I cannot reboot our server now as it is being used for other purposes.

Please let me know if I am doing something wrong.  Just the fact that the common flags were not recognized, in spite of all the documentation/examples I have seen, leads me to believe someting is wrong and I canot move forwarduntil this is hashed out.

Any assistance would be greatly appreciated.  

I am attempting to decrypt files w/ PGP command line. When I do so via cmd.exe on the FTP server (where PGP Command Line is also installed), it works without issue. If I run the same code as a bat file, again no issue. However, when I use Tidal to connect to the FTP server and run the PGP decrypt script, it does nothing. I ensured permissions were set on all folders/ files, PGP_HOME_DIR is set along with the PGPprefs file.

Tidal says it completed normally but there is no decrypted file output. It's like it does nothing. I am at a loss at this point.

Hi Guru,

I got one weird situation. I used below command to encrypt file and it is successful.

/opt/freeware/pgp/bin/pgp --  encrypt $1 --  recipient ""

However, it failed when I changed command to below 2.

/opt/freeware/pgp/bin/pgp -- encrypt $1 -- recipient AllBureau

/opt/freeware/pgp/bin/pgp -- encrypt $1 -- recipient "AllBureau"

AllBureau is the vendor keyID we loaded. When we list the key, it showed as AllBureau <xxx@yyy.com>.  xxx@yyy.com is vendor's email address.

We are going to have another vendor's public key. So we need to be able to encrypt file using specific key. Could you help to let me know how to specific key in the command?

Thanks in advance!

Norman

We have PGP Command Line 10.3.2 installed on AIX 6.1

In the .profile file of the user, I have added the LIBPATH to reflect /<pgp_install_Location>/lib dir and I am able to run the regular Encryption and Decryption commands.

However, when I add the commands in a PERL Script, I am getting this error

FILE ENCRYPT ERROR : FILE MOVED TO xyz.txt.err
        exec(): 0509-036 Cannot load program /<pgp_install_dir>/bin/pgp because of the following errors:
        0509-150   Dependent module /usr/lib/libiconv.a(libiconv.so.2) could not be loaded.
        0509-152   Member libiconv.so.2 is not found in archive

I tried softlinking the pgp/lib directory in /usr/lib and export that as my LIBPATH within my .profile file.

PGP doesnt work altogether when I do that.

Definitely know I am missing something trivial. Any help is appreciated.

Hi Team,

A member of partner team shared me a PGP Public Key to encrypt a file, then when I encrypted the file I will send it again and they will decrypt  with their private key.

When they decrypt the file, they have an error: PGP 164 Error.

So, I want to know If I have to SIgn and Verify the Public key?

I look forward your response,

Hi Team,

I'm encripting a file with a shared public key, but when I encrypt I have Error 3064 Key Invalid.

C:\pgp --encrypt testFile.txt --recipient 0xB9548AA8
0xB9548AA8:encrypt (3064:key invalid)
testFile.txt:encrypt (0:output file testFile.txt.pgp)

So, the file is encrypted but that error is displaying, Why is showing the error?

Forgive me, but I am fairly inexperienced with PGP.  I successfully created a key pair and have been using it for nearly 3 years.  But I have run into an issue. I extended the expiration date about a year ago, but now our partner wants us to create a new one with a 2 yr expiration date.

So, I have a couple of questions regarding creating a new key before the current one expires.  We send multiple files to a bank many times a day.  When I installed PGP, I created the initial key pair, then extended the expiration date.  Now, it is set to expire in few weeks, and they do not want me to extend the expiration date any more.  I want to keep using the old key while creating a new one for use once the bank gets it loaded.  The bank said it could take a few days and we don't want to interrupt our transmissions.  

So, is it as simple as just doing a command --gen-key with a different user and passphrase than my initial key pair 2 years ago?  Keep in mind, again, I don't want to interfere with our current keys.  I would continue to send the bank files with our old key until they get it loaded.  Then a couple days before expiring, I would start using the new key.

Then, once the expiration date passes and the bank has loaded our other key, would I do a --remove-key-pair command to remove my initial key pair leaving only our new one?

Thank you in advance.

Maddux

Can I change the home directory multiple times?

Hi,

We use pgp command line v10.0.

The bank we deal with would need to validate signature when receiving our encryted file (e.g. test1.txt.pgp).

The file is rejected with message "Reason Description: The file was received without signature."

how do I to add signature when performing pgp --encrypt ?  (if you have samples)

the command I used:

pgp --encrypt "E:\temp\test1.txt" --recipient "Wells Fargo - PGP"  --home-dir "C:\Program Files\PGP Corporation\PGP Command Line"

please help,

thanks,

-Gene

I moved PGP Command Line to a new server, 2008 to 2012, also moved the keyrings to the PGP directory under Program Files. The software is looking to the My Documents folder instead of the installation folder so I need to change the path in PGP to look to the install folder instead of the My Documents folder.

Hi,

Originally I have a key pair with a public key from bank which is signed.

bank needs to renewed public key every x years.

what I did:

1) I removed old public key

2) import new public key

3) sign this new public key

4) tried to pgp encrypt, BUT getting this error "3049:key unsuitable for signing"

please HELP, need to make it work in 2 days.

thanks!!!!!

An old machine running 10.1 on a partitioned (C and D) drive died - it gets to the bootguard and I can enter the passphrase but then it wants to run the OS system recovery. 

We've all already upgraded to 10.3.2 on every other machine in the lab.

When we mount the bad drive externally the drive mounts, as RAW, and PGP Desktop (10.3.2) doesn't recognize it. Is this because of a version mismatch? Or are my suspicions that it’s a missing partition table most likely true? 

Is there a PGP Tool to just repair the partition table? 

If I wanted to try and decrypt the bad drive I assume I'd want to use the latest 10.1 ISO. Correct?

What would you suggest be the best way to recover the data?  

As a continuation of this thread (https://www-secure.symantec.com/connect/pt-br/foru...), I am having trouble with the command line syntax.

I am running this command:

./pgpwde --add-user --disk 0 --username test --passphrase testpass --admin-passphrase theadminpassphrase

However, it errors saying bad passphrase (I've verified that the admin passphrase is correct).

Am I using this command correctly?

Thanks.

Hi,

One of our partner sends us the PGP signed files. it has shared its public key with us and we have added it in out public keyrings. the key can be seen by "pgp --list-keys"commnad in the keyring. 

however when I see the details of the key using "pgp --list-key-details <keyID>", I suspect below is not correct with the key details:

 Type: RSA (v4) public key
       Size: 2048
   Validity: Invalid
      Trust: Never
    Created: 2015-12-03
    Expires: 2022-08-02
     Status: Active
     Cipher: CAST5 (Absent)
       Hash: SHA-1 (Absent)
   Compress: Zip (Absent)
      Photo: No
  Revocable: No
      Token: No
  Keyserver: Absent
    Default: No
    Wrapper: No
 Prop Flags: Absent
 Ksrv Flags: Absent
 Feat Flags: Absent
  Notations: None
      Usage: Sign user IDs
      Usage: Sign messages
      Usage: Encrypt communications
      Usage: Encrypt storage
      Usage: PGP NetShare
      Usage: PGP WDE
      Usage: PGP ZIP
      Usage: PGP Messaging

  Subkey ID: None

        ADK: None

    Revoker: None

when I verify the messages sent by the partner signed with this key, I get below error log:

[rt6000946:/apps/bfg/shared/pgp]> ./pgp --verify /tmp/RJCT_993642151c5036949node1

/tmp/RJCT_993642151c5036949node1:verify (3042:suggested output file name ********)

/tmp/RJCT_993642151c5036949node1:verify (3177:message signed by key ID *********)

/tmp/RJCT_993642151c5036949node1:verify (3038:signing key *************)

/tmp/RJCT_993642151c5036949node1:verify (3079:signing key invalid)

/tmp/RJCT_993642151c5036949node1:verify (3040:signature created 2015-12-21T14:48:53+00:00)

/tmp/RJCT_993642151c5036949node1:verify (3170:signature hash SHA-256)

/tmp/RJCT_993642151c5036949node1:verify (3036:bad signature)

/tmp/RJCT_993642151c5036949node1:verify (0:verify complete)

However the sender claims that he can verify these files usign PGP Studio software at his end. I have hidden the key information from the above logs deliberately, however it matches with the key which partner has provided us and is present in our PGP public keyrings.

Could you please suggest, what could be wrong in this case.

Can it be due to preffered cipher and hash setting missing from the client's private key?