Import an ADK to PGP Universal Server 3.0

Article:TECH149449  |  Created: 2009-06-12  |  Updated: 2011-02-05  |  Article URL
Article Type
Technical Solution


This article details the Additional Decryption Key (ADK) and how to import the ADK to the PGP Universal Server.


An Additional Decryption Key (ADK) is a way to retrieve an email message or other encrypted data if the recipient is unable or unwilling to do so and if required by regulation or security policy. Every message sent by an internal user is also encrypted to the ADK. Messages encrypted to the ADK can be opened by the recipient and/or by the holder(s) of the ADK. The ADK is also added to disks encrypted with PGP Whole Disk Encryption.

If you have an Additional Decryption Key uploaded, all outbound email is encrypted to it when mail policy is applied. This setting appears in the Send (encrypted/signed) action and the setting cannot be disabled.

Note: S/MIME messages are not encrypted to the ADK.

If you use an ADK, PGP Universal Server adds the ADK to all new keys that it generates and all outbound email messages are automatically encrypted to it.

If you are going to use an ADK on your PGP Universal Server, you should import it prior to generating any user keys. You should also try to avoid changing to a different ADK later on, because doing so results in some keys being associated with the old ADK and some with the new ADK. If you add or change an ADK, it is only associated with the keys of new users. Existing users do not get that ADK added to their key. Only PGP keys can be used as ADKs. You can only have one ADK on the server.

Creating an ADK

You can create a new PGP Key using PGP Desktop or use an existing PGP key. After creating the key, export the key to a location you can access from the server.

Note: The ADK must be created on a stand alone PGP Desktop client and not a PGP Universal Server managed client.

Importing the ADK

To import an ADK to your PGP Universal Server

  1. Login to the PGP Universal Server administrative interface.
  2. Click the Organization card, then click Organization Keys.
  3. Click the Import icon in the Import column of the Additional Decryption Key row.
  4. You can import a key by browsing to an exported public key file or by pasting the key block of a public key.
  5. Click the Import button.
After importing the key, the name of your ADK is displayed on the Additional Decryption Key row.

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices