On 2021-03-08 at 15:57 +0000, Call, Margaret wrote: > Good morning, > > We would like to migrate our Symantec PGP to GNU PGP.. We tested the > system last week with new PGP users and a user that migrated to GNU > from Symantec. We have fixed all bugs except one: > > Our legacy Symantec users (who have not yet transferred over to GNU) > are unable to decrypt/read GNU PGP emails. > > We work on a Windows System with Microsoft Office 16.. The version > of Outlook is: 16.0.11929.20776 > > We downloaded Gpg4win from this webpage: gpg4win.org > > Kleopatra version 3.1.15.0 > > Thanks for any insight as to why Symantec users are unable to > decrypt/read the GNU PGP emails. > > Margaret
Welcome Margaret Which Symantec PGP version are you using? What kind of keys are they using? Note that what once was Symantec PGP is now part of Broadcom. I find the problem a bit peculiar, since you shouldn't be having a problem at this point. Were the keys of the legacy users originally generated by Symantec PGP? OpenPGP keys describe their capabilities. Thus, an older version shouldn't be unable to decrypt the content that was sent by a newer software. It might be unable to verify the signature, or to reply back, but it should be able to decrypt what was written to its key. Or, if the new version had deprecated some algorithm needed by the old key, I would expect the problem to surface on encryption, not for decryption. Similarly, the old version could have issues encrypting to a key using newer algorithms (or just to import such key, Symantec PGP will misleadingly claim there is no key when the error is actually that it unable to import it for being too new for them). Another possibility would be some error not at actually decrypting the emails, but at *detecting* that the emails contain PGP data. I actually find that more likely. Integration with some mail clients is somewhat fragile, and moreover, certain servers are prone to helpfully "fix" PGP/MIME messages by corrupting them. My recommendation is to begin by testing encryption first, and then moving to encrypted emails. Encrypt on the GnuPG client with the key of a legacy user, copy that to their machine and have them attempt to decrypt it. Similarly, try to encrypt a file and send it back. That shouldn't be an issue either, assuming the GnuPG user had some conservative options. If it works by manually exchanging encrypted files, then the problem lies at the mail layer, although it's a bit hard to guess if it's a problem with the client sending the encrypted email, with the client receiving the email and not decryting it, with a mail server changing the message... or a mix of those. Kind regards _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
