In a PGP Universal Server managed environment, PGP Desktop clients are prompted to enter a passphrase for a PGP key even though the Internal User Policy for the Key Settings is set to allow clients to use only the Server Key Mode (SKM).
This issue occurs when the Key Settings management is configured to use only the SKM key mode and the PGP Desktop Options permission is set to Allow user-initiated key generation
for the user policy. The Allow user-initiated key generation
option is enabled by default on the General
card in the PGP Desktop Policy Options of the user policy.
When these options for the policy are enabled, the user will be prompted to enter a passphrase for a PGP key during the enrollment process. Thereby, a SKM key is generated for the user on the PGP Universal Server and a separate CKM key is generated locally for the user. The SKM key generated on the PGP Universal Server is used for user mail encryption and decryption.
If these options are set, the user will have 2 separate keypairs, one on the PGP Universal Server and one on the local PGP Desktop.
|Note: This article applies to versions of PGP Desktop 9.5 and above managed by PGP Universal Server 2.5 and above.