This article details how to add an additional decryption key (ADK) to a PGP key.

An additional decryption key (ADK) is a key generally used by security officers of an organization to decrypt messages that have been sent to or from employees within the organization.

Messages encrypted by a key with an ADK are encrypted to the public key of the recipient and to the ADK, which means the holder of the ADK can also decrypt the message.

 

You can only modify ADKs on your keypairs.


Adding an ADK to a Keypair

To add an ADK

 

1. Open PGP Desktop, click the PGP Keys Control box, and then click My Private Keys in the Control box. The private keys on your keyring appear.
2. Double-click the key to which you are adding an ADK. The Key Properties dialog box for the key you selected is displayed.
3. Click the up-arrow to the left of ADK, if applicable (only those keys that already have at least one ADK already assigned will have the up-arrow). The ADK information for this key is displayed, if configured.
4. Click the plus sign icon on the right side of the ADK section. The Select Key(s) dialog box is displayed.
5. Select the key you want to use as the ADK, then click OK. A PGP Warning dialog box is displayed, asking if you are sure you would like to add the selected key as an ADK.
6. Click Yes. The PGP Enter Passphrase for Key dialog box is displayed.
7. Type the passphrase for the key to which you are adding the ADK, then click OK. A PGP Information dialog is displayed, telling you the ADK was added to the key.
8. Click OK.

Note: If add an ADK to your key, then those who send you encrypted email must be able to access the public key portion of the ADK.