This article details precautions to take when re-enrolling a SCKM keymode user on a new or additional computer.
Enrollment is the binding of a computer with client software installed to a PGP Universal Server. After a client is bound it receives user and device policy, key management, and licensing information from the PGP Universal Server. When using Server Client Key Mode (SCKM), keys are generated on the client and private encryption subkeys are stored on both the client and PGP Universal Server. However, private signing subkeys are stored only on the client. As the private signing subkeys are stored on the client, prior to re-enrolling the user on a new or additional computer, backup and copy the user keyring files on the existing computer and then add them to the new computer.
Use the following steps to copy the existing SCKM keys
- Open Windows Explorer and browse to the PGP folder.
Windows Vista & Windows 7 C:\Users\%user name%\Documents\PGP
Windows XP C:\Documents and Settings\%user name%\My Documents\PGP
- In the PGP folder, copy the pubring-bak.pkr and secring-bak.skr files to a network or external disk.
- If a PGP folder does not exist on the new computer, create a PGP folder in the Documents/My Documents folder for the user and then paste the pubring-bak.pkr and secring-bak.skr files to the PGP folder.
- Right-click the pubring-bak.pkr file and select Rename and rename the file pubring.pkr.
- Right-click the secring-bak.skr file and select Rename and rename the file secring.skr.
- Install PGP Desktop and reboot the computer.
- When prompted on the PGP Enrollment Assistant, select the option that you have existing keys and browse to the My Documents\PGP directory.
- Complete the enrollment assistant.