File Share Encryption

 View Only

  • 1.  GKM and silent enrolment

    Posted Oct 24, 2011 06:08 PM

    Hello.

    I'm wonder it is normal behavior or I doing something wrong?

    I deploy PGP Desktop 10.2.0 MP1. US is version 3.2.0 MP1 (Build 1950) and synchronization with AD.

    On US in policy  I set up KEY\MANAGMENT as GKM. But when in DESKTOP\GENERAL check enable silent enrollment  it is still generate SKM despite of I choose GKM.

    But when I uncheck enable silent enrollment generate GKM but deploy it isn’t silent.

    It is possible choose GKM and silent enrolment ?



  • 2.  RE: GKM and silent enrolment

    Posted Oct 24, 2011 06:09 PM

    Any suggestion ?



  • 3.  RE: GKM and silent enrolment

    Posted Oct 25, 2011 01:00 PM

    As the Universal Administrator 3.2 guide states:

     

    Enrollment with SKM is completely silent.
    Using smart cards means that enrollment is not completely silent. Users are prompted to enter their smart card PINs during enrollment.

    So you can silent enroll using GKM



  • 4.  RE: GKM and silent enrolment

    Posted Nov 16, 2011 01:10 PM

    could you tell how to do ?

    Because I haven't idea . It easy option only checkbox general\enable silent enrolment.

    When I turn on this option and despite of I choose only GKM in key key is generate SKM. WHen i turn off this option key is GKM but isn't silent. in kkk



  • 5.  RE: GKM and silent enrolment

    Posted Nov 16, 2011 03:26 PM

    Go to universal, consumers policy, select policy, keys. ....there you configure key modes GKM.

    Then Desktop.. I think it is in the general tab,  enable Silent enrollment



  • 6.  RE: GKM and silent enrolment

    Posted Nov 17, 2011 05:27 PM

    I had done  it before wrote first post.

    General when set key SKM and silent work OK but when GKM and silent I can't generate GKM cert but stil SKM.



  • 7.  RE: GKM and silent enrolment

    Posted Nov 29, 2011 04:41 PM

    If I understand you correctly. You are saying that you ONLY have GKM mode enabled under Consumers ---> Consumers --> Default (or other policy if you are not using default) --> Keys --> Management and then you are enabling "Silent Enrollment" under Consumers ---> Consumer Policy ---> Default ---> Desktop where it says "enable silent enrollment".


    But with this option enabled it never generates a key for the user? The first issue that you described in the initial comments says that it generates the key, but SKM instead of GKM (which would imply that you may have both options enabled under key modes which is causing that). But your last comment makes it sound like it only GENERATES a key under SKM key mode.

    ---

    I would make sure that SKM key mode is turned off, if you dont want to generate SKM keys. Only have GKM key mode checked.  If its failing to generate key after enrolling even with GKM key mode enabled, I would check the PGP Desktop client logs and PGP universal server client logs as well to see if there are any errors indicating what the problem is.



  • 8.  RE: GKM and silent enrolment

    Posted Dec 09, 2011 06:16 PM

     

    I enable only GKM key.

    But when I set up \group\permision \ can modify openpgp key of all managed keys

    User has GKM mode key!!!.