Manage External Users Keys on PGP Universal Server 2.x

book

Article ID: 153539

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction


This article describes how to store copies of external user keys on the PGP Universal Server.

 

Resolution


There are a number of options on the PGP Universal Server that you can use for management of external user PGP keys.

 

External Users

External users can run PGP Universal Satellite or PGP Desktop, or they can interact with the PGP Universal Server through PGP Universal Web Messenger.

Importing external users allows your internal users to easily send encrypted messages to them, because external users public keys are stored locally. This is similar to adding external domains and directories to the PGP Universal Server, except that you are adding information about specific individuals rather than domains. PGP Universal Server stores the key material for external users, rather than having to look for it on an external keyserver directory.

To add an External User key

 

  1. Login to the PGP Universal Server administrative interface.
  2. Select the User card then click the External card.
  3. Click Import Users. The Add Users dialog box appears.
  4. Click Import Keys.
  5. On the Import Users dialog box, import your external users by choosing their key file or pasting their key block.
  6. Click Import.

The external user key appears on the list of available External Users.

 

Verified Directory

The PGP Verified Directory gives you the option of hosting a Web-accessible keyserver for the public keys of your internal or external users. By enabling the Verified Directory feature on the PGP Universal Server you can allow external users to upload their keys to your server.

The PGP Verified Directory uses next-generation keyserver technology that lets users manage their own keys, including submitting and removing them.

 

Keyserver

If you know of a keyserver or directory outside your own network that can contain keys belonging to people receiving mail from inside your network, you can add that keyserver to the list of searchable keyservers. The PGP Universal Server searches the specified keyserver for recipient keys or certificates, if mail policy rules containing that keyserver apply to the message being sent.

To add/edit a keyserver

 

  1. Login to the PGP Universal Server administrative interface.
  2. Select the Policy card then click the Servers card.
  3. Click Add Keyservers. The Add Keyserver dialog box appears.
  4. Enter a Description, Hostname, and specify the keyserver Type for the external key server.
  5. Select Trust keys from this keyserver implicitly to automatically trust all keys from this keyserver.
  6. Select Include this keyserver in the default set to add the keyserver to the default set for client software signature verification requests.
  7. Click Save.

The external keyserver appears on the list of available keyservers.