This article details how to add an additional decryption key (ADK) to a PGP key.
An additional decryption key (ADK) is a key generally used by security officers of an organization to decrypt messages that have been sent to or from employees within the organization.
Messages encrypted by a key with an ADK are encrypted to the public key of the recipient and to the ADK, which means the holder of the ADK can also decrypt the message.
|Note: ADKs are rarely used or needed outside of a PGP Universal Server-managed environment. Although your PGP administrator should not ordinarily need to use the additional decryption keys, there may be circumstances when it is necessary to recover someones email. For example, if someone is injured and out of work for some time, or if email records are subpoenaed by a law enforcement agency and the corporation must decrypt mail as evidence for a court case.|
You can only modify ADKs on your keypairs.
Adding an ADK to a Keypair
To add an ADK
- Open PGP Desktop, click the PGP Keys Control box, and then click My Private Keys in the Control box. The private keys on your keyring appear.
- Double-click the key to which you are adding an ADK. The Key Properties dialog box for the key you selected is displayed.
- Click the up-arrow to the left of ADK, if applicable (only those keys that already have at least one ADK already assigned will have the up-arrow). The ADK information for this key is displayed, if configured.
- Click the plus sign icon on the right side of the ADK section. The Select Key(s) dialog box is displayed.
- Select the key you want to use as the ADK, then click OK. A PGP Warning dialog box is displayed, asking if you are sure you would like to add the selected key as an ADK.
- Click Yes. The PGP Enter Passphrase for Key dialog box is displayed.
- Type the passphrase for the key to which you are adding the ADK, then click OK. A PGP Information dialog is displayed, telling you the ADK was added to the key.
- Click OK.
Note: If add an ADK to your key, then those who send you encrypted email must be able to access the public key portion of the ADK.