PGP keys
About PGP keys
If your email account uses a BlackBerry® Enterprise Server that supports this feature, you can download PGP® keys over the
wireless network from a certificate server provided by your administrator. Depending on your organization, enrollment for a
certificate might be required and might also occur automatically.
PGP keys allow you to send and receive PGP messages using your BlackBerry® device if you are already sending and receiving
PGP messages on your computer.
PGP key basics
Download a PGP key from an LDAP-enabled server
If you use the PGP® Universal Server, you might not be able to download PGP keys from an LDAP-enabled server.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Advanced Security Settings > PGP Keys.
3. Press the
key > Fetch PGP Keys.
4. Specify the search criteria.
5. Press the
key > Search.
6. Click a PGP key.
User Guide
Security
265
7. Click Add PGP Key to Key Store.
Download a personal PGP key from the PGP Universal Server
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Press the
key > Download Keys.
Download an updated PGP key from an LDAP-enabled server
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Highlight a PGP® key.
4. Press the
key > Fetch Updated PGP Key.
Import a certificate or PGP key that is saved on your device
1. On the Home screen or in a folder, click the Media icon or Files icon.
2. Find and highlight a certificate or PGP® key.
3. Press the
key > Import Certificate or Import PGP Key.
To view the certificate or PGP key, press the
key > Display Certificate or Display PGP Key.
Import a certificate or PGP key from a media card
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Advanced Security Settings > Certificates or PGP.
3. Press the
key > Show Media Card Certificates or Show Media Card PGP Keys.
To view the certificate or PGP® key, press the
key > Display Certificate or Display PGP Key.
View properties for a PGP key
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Click a PGP® key.
4. Click View Subkey.
PGP key properties
Property
Description
Revocation Status
This field displays the revocation status of the PGP® key at a specified date and time.
User Guide
Security
266
Property
Description
Trust Status
This field displays the trust status of the PGP key. A PGP key can be explicitly trusted (the
PGP key itself is trusted), implicitly trusted (the PGP key is associated with a private key on
your BlackBerry® device), or not trusted (the PGP key is not explicitly trusted and is not
associated with a trusted PGP key on your device, and a chain of digital signatures to a
trusted key does not exist).
Creation Date
This field displays the date that the PGP® Universal Server generated the PGP key.
Expiration Date
This field displays the date that the PGP Universal Server specified as the expiration date
of the PGP key.
Email Address
This field displays the email address that is associated with the PGP key. Multiple Email
Address fields might appear.
Public Key Type
This field displays the standard to which the public key complies. Your device supports
RSA®, DSA, and Diffie-Hellman keys.
Key Usage
This field displays approved uses of the PGP key.
Fingerprint
This field displays the PGP key fingerprint in hexadecimal format.
Send a PGP key
When you send a PGP® key, your BlackBerry® device sends the public key, but does not send the corresponding private key.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Highlight a PGP key.
4. Press the
key > Send via Email or Send via PIN.
Delete a PGP key
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Highlight a PGP® key.
4. Press the
key > Delete.
Clear the PGP data cache
The PGP® data cache contains cached PGP public keys and the PGP® Universal Server policy that your BlackBerry® device
downloads from the PGP Universal Server.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
User Guide
Security
267
3. Press the
key > Clear Universal Cache.
The next time that you send a PGP protected message, your device downloads an updated PGP Universal Server policy and
updated PGP public keys from the PGP Universal Server.
PGP key status
PGP key status indicators
Indicator
Description
The PGP® key has a corresponding private key that is stored on your BlackBerry® device.
The PGP key is trusted and valid, and the revocation status of the PGP key is good.
The revocation status of the PGP key is unknown or the key is weak.
The PGP key is untrusted, revoked, expired, not valid, or cannot be verified.
Check the revocation status of a PGP key
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Highlight a PGP® key.
4. Press the
key > Fetch Status.
Change the trust status of a PGP key
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Highlight a PGP® key.
4. Press the
key > Trust or Distrust.
Revoke a PGP key
If you revoke a PGP® key, the PGP key is revoked only in the key store on your BlackBerry® device. Your device does not update
the revocation status on the PGP® Universal Server.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Highlight a PGP® key.
4. Press the
key > Revoke > Yes.
5. Change the Reason field.
6. Click OK.
User Guide
Security
268
PGP key revocation reasons
Reason
Description
Unknown
The revocation reason does not match any of the predefined reasons.
Superseded
A new PGP® key is replacing an existing PGP key.
Key Compromise
A person who is not the key subject might have discovered the private key value.
Key Retired
The PGP key is no longer used.
User ID Invalid
The user information for the PGP key is not valid.
PGP key options
Change the display name for a PGP key
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Highlight a PGP® key.
4. Press the
key > Change Label.
5. Type a display name for the PGP key.
6. Click OK.
Turn off the display name prompt that appears when you add a PGP key to the key store
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Press the
key > Fetch PGP Keys.
4. Press the
key > Options.
5. Change the Prompt for Label field to No.
6. Press the
key > Save.
When you add a PGP® key, your BlackBerry® device uses the name that the PGP® Universal Server set for the key when it
generated the key.
Turn off the fetch status prompt that appears when you add a PGP key to the key store
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > PGP.
3. Press the
key > Fetch PGP Keys.
4. Press the
key > Options.
• To download the revocation status of a PGP® key when you add it to the key store, change the Fetch Status field to Yes.
User Guide
Security
269
• To add a PGP key to the key store without downloading the revocation status, change the Fetch Status field to No.
5. Press the
key > Save.
PGP key shortcuts
View the label of a PGP® key
Press the Space key.
View the properties of a PGP key
Press the key.
View the security level of a PGP private key
Press the Alt key and L.
View personal PGP keys
Press the Alt key and P.
View PGP keys for other people
Press the Alt key and O.
View all PGP keys
Press the Alt key and A.
Troubleshooting: PGP keys
I cannot download a PGP key from an LDAP-enabled server
Try the following actions:
• Verify that your organization permits you to download PGP® keys from an LDAP-enabled server. For more information,
contact your administrator.
• If you changed the connection type that your BlackBerry® device uses to connect to an LDAP-enabled server, try using
the default connection type.