Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Creating secondary keys in PGP Desktop

Created: 20 Apr 2011 | 2 comments

I have a PGP Universal/Desktop setup and I am allowing set users of Desktop to create additional PGP keys.  However I have two problems:-

1) When creating the new keys in Desktop, they are not being automatically uploaded to Universal.  This is not a major issue, but I was under the impression that was how it was supposed to work.

2) When trying to manually send the keys (Right Click | Send To | Universal Server) I get a communications  failure (all other Universal comms work fine however).

As a result of this, even though I am using SCKM keys, by uploading them through the web interface they are being converted into GKM/CKM keys - dependant on if I supply the private key passphrase during import).

Also (and this may be the related, who knows), we are using keys.domain.com as an alias against a cluster of servers.  The default keyserver of new keys is being set as the local server name (pgp_1.domain.com), is there any way to forcing new keys to be created with the keys address as their default keyserver?

Comments 2 CommentsJump to latest comment

Flechabus's picture

Well, actually there are some menus to play with on the PGPtray icon, over the KEYS tab, you should have configured there the KEYSERVER, for example

   ·Type: PGP Global Directory LDAP
   ·Address: keyserver.pgp.com
   ·Port: click Default (389)

   ·Then go to Syncronization tab, and check if it is available.

Hope it helps.

Will be keeping track on you.

Regards.

paulhen's picture

For 1) you will want to check in the relevant consumer policy. If the check box for "Automatically synchronize keys with servers" is not checked, they will not automatically send new keys to the server.

For 2) the preferred keyserver is set/configured by the "PGP Universal Server:" value when you downloaded your customized/bound client. This does default to the hotname of the server from which you downloaded the client, but you can set it as you desire. This is also the address the client will use to obtain policy and upload log files.

 Governments keep a lot of secrets from their people . . . Why aren't the people in return allowed to keep secrets from the government? --Philip Zimmerman, Der Spiegel