Creating a Self Decrypting Archive with PGP Command Line (Self-Decrypting Archives - SDAs)
search cancel

Creating a Self Decrypting Archive with PGP Command Line (Self-Decrypting Archives - SDAs)

book

Article ID: 153243

calendar_today

Updated On:

Products

PGP Command Line PGP Encryption Suite PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption

Issue/Introduction


PGP Command Line allows encrypting a file with a passphrase and decryption using the same passphrase. This answer provides instructions for creating a Self Decrypting Archive.

 


 

Resolution

 

Creating Self Decrypting Archives (SDAs) with PGP Command Line

In order to create an SDA, use the following command:

pgp -e "file to encrypt" --sda --symmetric-passphrase "Enter Passphrase Here" -o "filename to output" --target-platform win32*

*Specify the target operating system: LINUX, SOLARIS, AIX, HPUX, OSX

When encrypting with platforms other than Win32, it will be necessary to specify the output without an extension as the default extension will be .exe and will only work with Windows Operating Systems.

For example, Mac OS will need to be specified without any extensions because decryption will occur using Terminal.

Important Note on SDAs: If you are encrypting files with the SDA functionality for Linux, the output of the file will always be in 32-bit form.  This means that if you would like to view the 32-bit SDA on a 64-bit version of Linux, you would need a third-party application to view it.  All SDAs created for Linux are in 32-bit form.  If you have a 32-bit version of Linux, then these files can be viewed just fine without any special applications.  If you would like to have 64-bit functionality, please reach out to Symantec Encryption Support to be added to a feature request to include 64-bit functionality (IMSFR-960/EPG-26110).
 

Caution: The PGP Self-Decrypting functionality is potentially less secure than encrypting with recipients' keys (although still highly secure) as the encryption is only as good as the passphrase being used and the method used to give the passphrase to the recipient. Email should not be used to send the passphrase to the recipient. Because only a passphrase is needed to decrypt, these types of files can be sent to those who do not have PGP installed.


 

 

Creating Self Decrypting Archives (SDAs) using an Additional Decryption Key (ADK)

PGP Command Line allows the use of Additional Decryption Keys when creating Self Decrypting Archives. This functionality is only available by using PGP Command Line so if the passphrase is lost or forgotten, the ADK can also decrypt the SDA.

To create a Self Decrypting Archive using the Additional Decryption Key, type the following command:

pgp -e sda.txt --sda --symmetric-passphrase "passphrase for SDA" -o sda.exe --adk "ADK Here"

To decrypt the file using the ADK type the following command:

pgp --decrypt sda.exe --passphrase "Passphrase of ADK here"

 

Note: To decrypt the Self Decrypting Archive with the Additional Decryption Key, PGP Command Line 9.0.x or above must be used.


By default, Self Decrypting Archives in PGP Command Line default to  using AES-256, unless the --cipher option is used in the command. Other ciphers such as --3des, --aes128, --aes192, --aes256 can be used, however keep in mind the encryption is only as good as the passphrase.

*PGP Desktop defaults to  using CAST5 which use 128-bits.

 

 

Additional Information

Powered by Wolken Software