Your private key, however, should never be given to others, and its passphrase should be kept totally secret. Your public key should be given to anyone who wishes to send you encrypted data. In order to use PGP you must create a PGP keypair, which consists of a public key and a private key. Let us know if the above will work for you, but we are not allowed to post anything related to security items in a forum, it's just not the best place to do it to protect the community.PGP encryption (Symantec Encryption Desktop) is based on public-key cryptography. SED clients 10.4.2 GA and older will not have this. I understand the predicament-we still can't post the information related to this as it is a security configuration and we do all that through our support organization.Īlternatively, you can renew the support contract and then we could help you, which is really what we recommend so that we can help you troubleshoot and also provide the latest versions of the software.įailing that, you can uninstall the client that you have and install the older client, which will effectively remove this security configuration. So I am now an owner of a product that no longer works for about half my messages, that DOES in fact seem to have an option to fix it, but that I can't turn on because you guys won't document it publicly. I don't have a current support contract (it expired last year), and your support people won't even talk to us if we don't have one. No I can't - that is exactly the problem. > We are sorry, but we cannot post this information in the public forum, but if you submit a support case with our team, Otherwise reach out to the community admin. You would probably need a support call to be raised and resolved and then post here. We are sorry, but we cannot post this information in the public forum, but if you submit a support case with our team, we would be happy to assist you!Ĭan somebody with support actually get instructions on how to disable EFAIL blocks, and post them here?īroadcom is refusing to tell people with expired service agreements how to make their existing product work with certain emails.Īnd I must say that I am not inclined to spend money on purchasing from them again if this is how they treat customers :(Ĭonnect is community-based and not staffed by Symantec employees for the most part. Subject: How do I turn off efail protection on 10.4.2 HF1 or higher? a PGP client running a veersion prior to 10.4.2 HF1, should be decrypt a file produced by 10.4.2 HF1 and later). This suggests there wouldn't be any backwards compatibility issues (i.e. It's worth noting that as older version of PGP are fully capable of producing efail protection compliant ZIPs, that they should also be capable of decrypting them. That should then produce encrypted files using their older version of PGP, that can be decrypted by 10.4.2 HF1 or later. Your alternative, is to ask your customer to upgrade their keys to v4 keys, and to use the AES cpher with the Modification Detection flag set. If your organization understands these risks, and still needs to have access to those older PGP zip files, please contact Technical Support, and ask that your case be advanced to Backline (Tier 2) support for assistance in setting these options." Using these options will allow the SE packet Integrity Protection to be bypassed, which will disable the effectiveness of the security features we put in place to protect you from the Efail vulnerability. "In Symantec Encryption Desktop HF1 or above, additional options have been made available to allow these PGP zips to be decrypted that used the deprecated SE Packets. According to those articles you linked, turning off EFAIL protection requires contacting Tech Support:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |