Skip Client PGP Key Creation During Enrollment - PGP Universal Server 3.0

Article:TECH149628  |  Created: 2009-11-16  |  Updated: 2012-01-31  |  Article URL
Article Type
Technical Solution


This article describes how to configure the PGP Universal Server so that users are not prompted to enter a passphrase for a PGP key during client enrollment.



Administrators can configure clients to use Server Key Mode (SKM) so that users are not prompted to create a key passphrase during client enrollment. In Server Key Mode (SKM), the PGP Universal Server generates and manages user keys and no passphrase is assigned to the key. The SKM key mode includes the following characteristics:


  • Users cannot manage their own keys.
  • PGP Universal Server administrators have access to private keys.
  • If a user has a PGP client installation, the users keys are downloaded to the client at each use.
  • SKM can also be used without client installations; if there is no client installation, you must use SKM.
  • Users with SKM keys cannot read email offline.
  • In PGP Universal Gateway Email environments, existing users with SKM key mode keys who install PGP Desktop for the first time will be prompted automatically to re-enroll and create a CKM, GKM, or SCKM key.

To enable Server Key Mode (SKM) for clients


  1. Login to the PGP Universal Server administrative interface.
  2. Click Consumers > Consumer Policy.
  3. Select the desired user policy then click Edit next to Keys.
  4. Click Management. The available key mode options are displayed.
  5. Place a checkmark next to Server Key Mode (SKM) and remove any other key modes checked.
  6. Click Save twice.

Clients of the internal user policy will not be prompted to enter a passphrase during enrollment.


Legacy ID


Article URL

Terms of use for this information are found in Legal Notices