In a PGP Universal Server managed environment, PGP Desktop clients are prompted to enter a passphrase for a PGP key even though the Internal User Policy for the Key Settings is set to allow clients to use only the Server Key Mode (SKM).
This issue occurs when the Key Settings management is configured to use only the SKM key mode and the PGP Desktop Options permission is set to
Allow user-initiated key generation for the user policy. The
Allow user-initiated key generation option is enabled by default on the
General card in the PGP Desktop Policy Options of the user policy.
When these options for the policy are enabled, the user will be prompted to enter a passphrase for a PGP key during the enrollment process. Thereby, a SKM key is generated for the user on the PGP Universal Server and a separate CKM key is generated locally for the user. The SKM key generated on the PGP Universal Server is used for user mail encryption and decryption.
If these options are set, the user will have 2 separate keypairs, one on the PGP Universal Server and one on the local PGP Desktop.
Note: This article applies to versions of PGP Desktop 9.5 and above managed by PGP Universal Server 2.5 and above.
To disable the user being prompted for a passphrase and generating a local CKM key, remove the checkmark next to
Allow user-initiated key generation for the user policy.
Access the PGP Universal Server administrative interface.
Click the Policy>Internal User Policy card.
Click the Edit... button next to PGP Desktop Settings.
On the General card, remove the checkmark next to Allow user-initiated key generation.
Click Save twice to update the client policy.
Imported Document ID: TECH149143
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.