Email is not decrypted by the server in gateway mode when using SCKM keys

Article:TECH149435  |  Created: 2009-05-28  |  Updated: 2012-02-02  |  Article URL
Article Type
Technical Solution


Email messages are not decrypted by the PGP Universal Server when SCKM key mode is used.



When the Server-Client Key Mode (SCKM) is used, the private key is stored on the client and the PGP Universal Server. However, the signing portion of the key resides only on the client. The SCKM mode allows PGP to meet regulations that exist that make it illegal to have the signing portion of a key managed by a server.

Because the private key exists on the PGP Universal Server, decryption of the message is possible. However, a default condition in a rule in the Inbound chain of the Mail Policy prevents the decryption of the message. This rule is in place due to the private key being available on the client and may be needed to decrypt messages on the client side only.

To enable decryption of messages on the server when using the SCKM key mode, you must edit the Inbound chain of the Mail Policy.

To edit the Inbound Chain


  1. Log in to the PGP Universal Server administrative interface.
  2. Click the Policy card and select Mail Policy.
  3. Click Inbound under the Policy Chain column.
  4. Click the Decrypt Message (SMTP) rule then select the Conditions tab.
  5. Select the triangle in the section where the rules states If none of the following are true and Recipient key mode - is Server Client Key Mode (SCKM). The condition group displays as green and you are able to edit the condition.
  6. Click the Delete button to remove the condition.
  7. Click Save to update the rule.

If this condition in the rule of Inbound chain is deleted, encrypted email messages will be decrypted on the PGP Universal Server.


Legacy ID


Article URL

Terms of use for this information are found in Legal Notices