In certain situations, it may not be possible to decrypt PGP-encrypted attachments on the BlackBerry device with the PGP Support Package
PGP Desktop has the ability to secure an entire email, including attachments to offer full encryption protection. The PGP Support Package can be
used to decrypt these types of messages. PGP Desktop will typically default to using PGP Partitioned encoding for encryption. When this happens,
and attachments are part of the email, the PGP Support Package for BlackBerry will not be able to decrypt the content.
When using PGP Partitioned encoding, attachments cannot be decrypted by the PGP Support Package. When PGP/MIME encoding is used, the PGP Support
package can decrypt these attachments on the BlackBerry device.
If using a PGP Universal Server, there is a setting for Exchange/MAPI clients using PGP Desktop called "Allow outbound PGP/MIME from Windows MAPI
account". This can be accessed via the Consumer Policy in the Desktop Settings on the Messaging & Keys tab of the consumer policy.
Once this setting is enabled in the policy on the PGP Universal Server and the PGP Desktop clients receive this policy, future emails should be
forced to use PGP/MIME, enabling decryption of attachments on BlackBerry devices.
If using the standalone client of PGP Desktop, or a PGP Desktop client that is not managed by a PGP Universal Server, the PGP Desktop client will
typically default to using PGP Partitioned, unless otherwise told.
There is a setting that can be configured in the PGPprefs.xml file manually to force using PGP/MIME encoding for MAPI clients.
The PGPprefs.xml file can be found in %appdata%\PGP Corporation\PGP\
C:\Documents and Settings\user profile\Application Data\PGP Corporation\PGP
C:\Users\user profile\AppData\Roaming\PGP Corporation\PGP
Use a third-party text editor, such as Notepadd++, or Wordpad to edit the PGPprefs.xml. Using Notepad or MS Word will not format the file
Find the following tags:
Once this is configured, exit the PGP Services and restart. To do so, close PGP Desktop completey, then click the PGP Desktop padlock icon by the
time, then click Exit PGP Services. Wait a few moments to ensure the servies stop. Re-launch PGP Desktop and send the message.
In the logs, it is possible to confirm PGP/MIME is being used for the message that was just sent:
Encrypting PGP/MIME message to firstname.lastname@example.org with key(s):
Encrypting PGP Partitioned message to email@example.com with key(s):
Once the PGP Desktop client encrypts the message that contains the attachment and uses PGP/MIME, the attachment can then be decrypted on the
Once the attachments are decrypted, these cannot be forwarded on. This functionality is to simply decrypt the attachments and view on the device.
Encrypting of email attachments on the BlackBerry Device is not currently supported.
This article applies to PGP Desktop 10.x Standalone clients, or PGP Universal Server 3.x managing PGP Desktop 10.x clients.
Prerequisites: Using Microsoft's MAPI/Exchange email protocol.