Endpoint Encryption

 View Only
Expand all | Collapse all

Unable to select advanced key options when creating new PGP key

  • 1.  Unable to select advanced key options when creating new PGP key

    Posted Jan 27, 2014 10:24 AM

    I am using PGP Desktop 9.x and was trying to create a new PGP key. When trying to modify the key expiration under Advanced Settings, all the options were greyed out. I have admin access to the PGP Universal Server. Is there something that I need to look out under policies?

     



  • 2.  RE: Unable to select advanced key options when creating new PGP key

    Posted Jan 27, 2014 12:31 PM

    If your key is in SKM mode then the expriation is controlled by the server.  This would be under your policy Key, Edit and it's on the first tab at the bottom of the page to change expiration. 



  • 3.  RE: Unable to select advanced key options when creating new PGP key

    Posted Jan 27, 2014 09:27 PM


    Thanks for replying Anthony.

    I have 2 options under Key Renewal - Auto Renew Keys Every & Stop Renewing After. I changed the Auto Renew Keys Every to 2 years but it still shows that the expiration is set to never when I try to create a new PGP key.

    All the fields are still greyed out. I allowed all the clients to use all the key modes i.e. SKM, CKM, GKM and SCKM under the same policy but still having the same results.

    My goal is to be able to create a policy that will allow a certain group of users to specify the key generation settings.

     



  • 4.  RE: Unable to select advanced key options when creating new PGP key

    Posted Jan 28, 2014 04:21 AM

    Appreciate if anyone can point me in the right direction.



  • 5.  RE: Unable to select advanced key options when creating new PGP key

    Posted Jan 28, 2014 08:45 AM

    That would mean that the policy isnt being reflected in that user.  Try ticking this box:

     

    Consumers > Consumer Policy > PGP Desktop > Messaging & Keys > (right at the bottom) "Allow the user to locally manage keys"



  • 6.  RE: Unable to select advanced key options when creating new PGP key
    Best Answer

    Broadcom Employee
    Posted Jan 28, 2014 09:06 AM

    Hi Farid,

    You define this in the Consumer Policy > Keys (Edit) the Key Renewal settings, these will be used to generate the key.

    If you have the SKM mode enabled in the policy and if user selects this option, the user will not be able to control the expiration date.
    The same if they already have a key in this key mode, during re-enrollment they will get this SKM key from the server.

    In the other key modes, the user can go to the key properties and select the date desired for expiration Expires: (Never - by default, can be changed).

    Before generating a new key ensure you do the "Update policy".


    HTH,
    dcats



  • 7.  RE: Unable to select advanced key options when creating new PGP key
    Best Answer

    Posted Jan 28, 2014 09:59 AM

    Hi there,

    As already mentioned by dcats, you cannot change the expiration date if you have SKM mode. It can only be done for keymodes other than SKM. Let me also tell you the reason why during the key generation step, the advanced settings were grayed out. It is grayed out because your clients are managed by the SEMS server. This is something that can only be done for the standalone clients. Only the standalone clients are able to make the changes for the key advance settings during the key generation step.

    If you want to check it, please make your existing client a standalone client by changing the PGPSTAMP in the registry and then re-initialise the client by deleting / renaming the PGP Corporation folder from the application data.

    Please try and let us know if you have any further question.

    Thanks.

    Best Regards,

    Bipin



  • 8.  RE: Unable to select advanced key options when creating new PGP key

    Posted Jan 28, 2014 02:01 PM

    If you plan on making the client a stand-alone then here is the location in the Registry.

    Registry locations for PGP 32bit and 64 bit

    The PGP Stamp is located in HKLM\Software\PGP Corporation\PGP for Windows 32-bit

    The PGP Stamp is located in HKLM\Software\Wow6432Node\PGP Corporation\PGP for Win64.

    Change the Stamp to Default PGP Stamp.

     

    If you want clients to have control over their keys then use GKM mode.  The server will be a backup for the client keys. 

     

    Thanks

    Anthony

     



  • 9.  RE: Unable to select advanced key options when creating new PGP key

    Posted Jan 28, 2014 09:16 PM

    Thanks dcats!

    I had to make sure that there were no assigned SKM keys for that particular user. Once i removed the SKM keys, created a new policy to allow only GKM keys and assigned that user to this new policy, the user was able to select a date of expiry under key properties for his new key.

    Regards,

    Farid



  • 10.  RE: Unable to select advanced key options when creating new PGP key

    Posted Jan 28, 2014 09:18 PM

    Thanks everyone for the helpful comments! I have managed to get it tested and working for our users.

    Regards,
    Farid