HOW TO: Reconstruct Your Private Key with PGP Encryption Desktop for Windows
search cancel

HOW TO: Reconstruct Your Private Key with PGP Encryption Desktop for Windows


Article ID: 180130


Updated On:


Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK


 This article provides step-by-step instructions for reconstructing a private key using PGP Encryption Desktop for Windows.



When managed by a PGP Encryption Server, PGP Encryption Desktop provides a secure recovery mechanism for private keys, called Key Reconstruction.

As its name suggests, Key Reconstruction can be used to reconstruct (or restore) your private key if you have forgotten its passphrase, or if you have deleted your private key.

To take advantage of Key Reconstruction, you send key reconstruction data to a reconstruction server (a PGP Encryption Server that is managing your PGP Encryption Desktop) while you still have your private key and remember its passphrase. The reconstruction data for your private key consists of five questions, that you may create, and five answers that only you know. After you have sent your reconstruction questions and answers to the server, you may reconstruct your private key at any time by answering 3 of the 5 questions correctly. If you have deleted your private key or forgotten its passphrase before sending reconstruction questions and answers to the server, you cannot regain your private key using Key Reconstruction.

Reconstruct Your Private Key

  1. Click the PGP Tray lock icon in your system tray and then click Open Symantec Encryption Desktop:
  2. Click the PGP Keys control box.
  3. Select the keyring that contains your key.
  4. Click the key that you wish to reconstruct.

    Note: To reconstruct a private key, you must have its associated public key on your keyring. If you don't have a copy of your public key, you might try downloading it from a key server, such as your PGP Universal Server or the PGP Global Directory. Otherwise, contact your administrator to obtain a copy of your public key.
  5. Now click the Keys menu and click Reconstruct:
  6. Answer 3 of the 5 key reconstruction questions correctly, then click OK:

    Note: The answers are case sensitive, and must be entered precisely as they were when you first sent them to the server. If you are certain that nobody can see your screen, you might want to check the box labeled Show Keystrokes, so that you can verify your answers.
  7. After you have answered 3 of the 5 key reconstruction questions correctly, you must enter and confirm a new passphrase for your private key, then click OK.
  8. When you are notified that key reconstruction was successful, click OK.

Additional Information

153196 - Backup/Export PGP Keypairs

180127 - HOW TO: Add Existing Keyrings to PGP Desktop for Windows

180129 - HOW TO: Access the Backup Keyrings Created Automatically by PGP Desktop for Windows

180128 - HOW TO: Import a Keypair into PGP Desktop (Windows)

153195 - "It is not possible to decrypt this message..." Unable to decrypt - Keyring does not contain usable private keys

153511 - Additional Decryption Key (ADK) Guidelines for Symantec Encryption Management Server

153477 - Import an ADK to Symantec Encryption Management Server (aka PGP Universal Server)

Symantec Encryption Products Current Version Available