This article details how to import a lost or missing PGP key to PGP Desktop in a PGP Encryption managed environment. This functionality is only available for users with a GKM key. Guarded Key Mode (GKM) allows users to be able to generate and manage their own keys, and maintain encrypted copies of users private keys stored on the PGP Encryption Server.

 

Because the PGP Encryption Server (Symantec Encryption Management Server) stores a copy of a GKM key, a user can download a new copy whenever needed. If the user loses their key (due, for example, to a hard disk failure or theft of the computer), they can download the backed-up copy of their key from Symantec Encryption Manager Server, and continue to use it as before.

The GKM key stored by PGP Encryption Server is encrypted using the user's passphrase. If the user has forgotten the passphrase, or is not available to provide the passphrase, it is not possible to recover the encryption key.

Export GKM Key
 

1. Open the Symantec Encryption Manager Server administrative interface.
2. Click the Users card then select Internal.
3. Search and click the Name of the user.
4. Click the PGP Keys tab and confirm the Mode is GKM.
5. Click the down arrow icon below Options. The Export Key dialog is displayed.
6. Select the Export Keypair radio button, then click the Export button. The keypair is exported as a .asc file.
7. Click Save.
8. Specify a location for file and click Save.

Import a key to Symantec Encryption Desktop

 

1. Copy the .asc file to the client system.
2. Browse to and double-click the file.
3. Click Import button when the Select key(s) dialog is displayed.
4. Click OK.
5. Open Symantec Encryption Desktop and select the PGP Keys Control box.
6. Double-click the imported key. The key properties are displayed.
7. Click Trust and change the option from None to Implicit.
8. Close the key properties. Your key now displays a green check in the Verified column.

PGP Encryption Management Server Key Modes (Symantec Encryption Management Server)