question - Gnupg compatibility with Symantec

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

question - Gnupg compatibility with Symantec

GnuPG - User mailing list

Good morning,

 

We would like to migrate our Symantec PGP to GNU PGP.  We tested the system last week with new PGP users and a user that migrated to GNU from Symantec.  We have fixed all bugs except one:

 

Our legacy Symantec users (who have not yet transferred over to GNU) are unable to decrypt/read GNU PGP emails. 

 

We work on a Windows System with Microsoft Office 16.  The version of Outlook is: 16.0.11929.20776

 

We downloaded Gpg4win from this webpage: gpg4win.org

 

Kleopatra version 3.1.15.0

 

Thanks for any insight as to why Symantec users are unable to decrypt/read the GNU PGP emails.

 

Margaret

 

 

Margaret M. Call

Program Manager, Government Solutions

Mobile 571.992.5764

 

dnb.com

 

 


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: question - Gnupg compatibility with Symantec

GnuPG - User mailing list


On 3/9/2021 at 4:46 AM, "Margaret via Gnupg-users Call" <[hidden email]> wrote:

We would like to migrate our Symantec PGP to GNU PGP.  We tested the system last week with new PGP users and a user that migrated to GNU from Symantec.  We have fixed all bugs except one:

 

Our legacy Symantec users (who have not yet transferred over to GNU) are unable to decrypt/read GNU PGP emails. 

 =====

What type of key, and what encryption algorithm do your Symantec users have?

What error messages do you get?


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: question - Gnupg compatibility with Symantec

GnuPG - User mailing list
In reply to this post by GnuPG - User mailing list
> Our legacy Symantec users (who have not yet transferred over to GNU) are
> unable to decrypt/read GNU PGP emails.

Symantec is unfortunately not keeping current with the latest iterations
of the OpenPGP specification.  Further, some features of current GnuPG
keys are not supported by Symantec PGP.

A good way to begin would be to find your gpg.conf file, and add "pgp8"
as the first line.  This will force GnuPG to use PGP 8 compatibility
mode, which should be a good lowest common denominator for both platforms.

Hope this helps!

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: question - Gnupg compatibility with Symantec

Ángel
In reply to this post by GnuPG - User mailing list
On 2021-03-08 at 15:57 +0000, Call, Margaret wrote:

> Good morning,
>  
> We would like to migrate our Symantec PGP to GNU PGP..  We tested the
> system last week with new PGP users and a user that migrated to GNU
> from Symantec.  We have fixed all bugs except one:
>  
> Our legacy Symantec users (who have not yet transferred over to GNU)
> are unable to decrypt/read GNU PGP emails.
>  
> We work on a Windows System with Microsoft Office 16..  The version
> of Outlook is: 16.0.11929.20776
>  
> We downloaded Gpg4win from this webpage: gpg4win.org
>  
> Kleopatra version 3.1.15.0
>  
> Thanks for any insight as to why Symantec users are unable to
> decrypt/read the GNU PGP emails.
>  
> Margaret

Welcome Margaret

Which Symantec PGP version are you using? What kind of keys are they
using? Note that what once was Symantec PGP is now part of Broadcom.

I find the problem a bit peculiar, since you shouldn't be having a
problem at this point. Were the keys of the legacy users originally
generated by Symantec PGP? OpenPGP keys describe their capabilities.
Thus, an older version shouldn't be unable to decrypt the content that
was sent by a newer software. It might be unable to verify the
signature, or to reply back, but it should be able to decrypt what was
written to its key.
Or, if the new version had deprecated some algorithm needed by the old
key, I would expect the problem to surface on encryption, not for
decryption.

Similarly, the old version could have issues encrypting to a key using
newer algorithms (or just to import such key, Symantec PGP will
misleadingly claim there is no key when the error is actually that it
unable to import it for being too new for them).

Another possibility would be some error not at actually decrypting the
emails, but at *detecting* that the emails contain PGP data. I actually
find that more likely. Integration with some mail clients is somewhat
fragile, and moreover, certain servers are prone to helpfully "fix"
PGP/MIME messages by corrupting them.

My recommendation is to begin by testing encryption first, and then
moving to encrypted emails. Encrypt on the GnuPG client with the key of
a legacy user, copy that to their machine and have them attempt to
decrypt it. Similarly, try to encrypt a file and send it back. That
shouldn't be an issue either, assuming the GnuPG user had some
conservative options.
If it works by manually exchanging encrypted files, then the problem
lies at the mail layer, although it's a bit hard to guess if it's a
problem with the client sending the encrypted email, with the client
receiving the email and not decryting it, with a mail server changing
the message... or a mix of those.

Kind regards



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users