Symantec PGP Command Line is often run by many different profiles on a single machine. Because information such as licensing is set per profile, each profile either needs to be licensed, or a PGP Home Directory can be configured to use the same preferences for each profile. This article describes how to specify a specific directory on a machine so that every time PGP is run, it uses a preference file from this specific location.
For additional information, including details on how to run PGP Command Line for Linux using a dedicated service account, please see article TECH148942.
Symantec PGP Command Line 10.4 and above.
Setting up a permanent PGP Home Directory in Windows for PGP Command Line
1. Decide which location is going to be best for all users to access. Since this directory must be accessible from all profiles, creating the folder off of the C: drive is probably the best thing to do. In this example, C:\PGP will be used.
2. Because PGP creates the home directory when the license is authorized, a PGPprefs.xml file may already exist on the system and may exist on multiple profiles already depending on what has been done. This preference file contains information on where the PGP Home Directory should be, where keyrings are stored, license information as well as other information and should be deleted before proceeding to the next steps. Search for PGPprefs.xml and delete any instances of it. There may also be variations of the file called PGPCommandLineprefs.xml, make sure you delete any of these PGP preference files. Make sure the name "PGP" appears in the filename.
3. Set your environment variable to point to the new location that has been chosen. In this example, a PGP folder was created for this purpose so the path is C:\PGP. If the directory that has been chosen for the PGP_HOME_DIR variable does not exist, these steps will not work.
To open the Environment Variables in Windows, open the Properties of My Computer, click on the Advanced tab, click on the Environment Variables button and choose New under System Variables rather than User Variables. Set the Variable Name to PGP_HOME_DIR. Then, set the Variable Value to the path that has been chosen. Make sure to put a backslash at the end of the Variable Value or unexpected behavior will be seen (C:\PGP\):
4. If keyrings already exist on the machine, copy them into the new directory that has been created (C:\PGP in this example). PGP Keyring files will end in .pkr and .skr extensions. Otherwise, these will be created once keys are created.
5. Once the PGP Home Directory has been set and all PGP Preferences have been removed, log off the system, then log back on. The PGP Command Line software must be re-licensed to complete this operation. Once this is completed, the new home directory will be set. To confirm the home directory configuration was successful, type: pgp --version -v. The section under files will be listed. Now when PGP is run from any profile, all the license information and keyrings will be used from C:\PGP or the location that was selected:
Using a Home Directory for individual PGP Commands
It may be desired to use a PGP Home Directory for a specific PGP Command. Using this method, a PGP Home Directory variable is specified each time a PGP command is run such as when encrypting or decrypting a file.
To enable PGP Command line to reference a specific directory to use as the home directory in an individual command, the --home-dir option is used and a path of where the home directory should reside is specified. In order to use --home-dir in a PGP command, the software must first be licensed with this option. Below is an example of this command. The location used as the PGP Home Directory in this example is C:\PGPHOME:
For PGP Command Line Prior to version 10.4.2, the following command should be used: pgp --license-authorize --license-name "Acme Corp" --license-organization "Acme Corp" --license-number "DTRE3-DFJK3-34D03-DJ23K-DK2LD-23D" --license-email "email@example.com" --home-dir C:\PGPHOME
Note: If a license number is already being used, and you want to use a new license number, add the --force option to the end of the command to overwrite the current license number with the new license number.
Once this command has been run a new PGPprefs.xml file will be created in this directory which contains the license information and settings. The next PGP command that is run should include --home-dir c:\PGPHOME at the end of the command so that it queries the same PGPprefs.xml file in this location.
To make sure the --home-dir option was used properly, type the following command:
pgp --version -v --home-dir c:\PGPHOME
This will return all the version information including the home directory just specified indicating the correct directory was used with --home-dir:
Each subsequent command that is entered such as encrypting or decrypting a file should be followed by the --home-dir [path of home directory] at the end of the command.
Using the --home-dir option will override any pre-existing Environment Variable for PGP_HOME_DIR that might have been configured as described above.
If keyrings already exist in a different directory, simply copy them into the home directory location that was chosen. If keyrings do not exist, they will be created once a PGP Key has been generated.
NOTE: Starting with PGP Command Line 10.2.1 and beyond, the PGPprefs.xml file is no longer created the Home Directory as specified with the above steps. This is a known issue and is being tracked separately. See KB TECH211561 for more information.
Imported Document ID: TECH149020
Subscribing will provide email updates when this Article is updated. Login is required.