When you regenerate the Organization Key on the PGP Universal Server that is using Key Management Server and then try to create a new mak (managed key) or consumer using an existing user for authentication with USP (Universal Server protocol) using a PGP Command Line client you encounter an error.
PGP command line client error:
pgp:create consumer (3090:operation failed, unknown error)
PGP Universal Server client logs show:
USP-00026: error: item not found
USP-00026: Couldn't generate user key: item not found
When regenerating the Organization Key on the PGP Universal Server this changes the signature of the Org Key. The existing keys generated on the server are no longer signed by the new Organization Key and so it rejects the authentication request.
Access the PGP Universal Server through SSH using PuTTY. If you do not have this setup you can contact Symantec Technical Support and request assistance in this process or follow the instructions in the references below for instructions on how to do this:
1) Login to the PGP Universal Server via SSH using PuTTY as root
2) Run the following command from a bash prompt:
# pgpkeymaint --update-sigs
This will update the existing signatures on all the existing keys in the database to be signed by the new Org Key.
Now test the functions again with the PGP Command Line client to verify that they work correctly
PGP Universal Server 3.2.1 (version tested - other versions will likely be affected)
PGP Command Line 10.2.1 (version tested - other versions will likely be affected)
Redhat Enterprise Linux 5 (version tested - other versions will likely be affected)