PGP keys
PGP key basics
Download a PGP key from an LDAP certificate server
If you use the PGP® Universal Server, you might not be able to download PGP keys from an LDAP certificate server.
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click PGP keys.
5. Press the Menu key.
6. Click Fetch PGP Keys.
7. Specify the search criteria.
User Guide
Security
275
8. Press the Menu key.
9. Click Search.
10. Click a PGP key.
11. Click Add PGP Key to Key Store.
Download a personal PGP key from the PGP Universal Server
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click PGP.
4. Press the Menu key.
5. Click Download Keys.
Download an updated PGP key from an LDAP certificate server
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click PGP keys.
5. Highlight a PGP® key.
6. Press the Menu key.
7. Click Fetch Updated PGP Key.
Import a certificate or PGP key from the device memory
1.
On the Home screen or in a folder, click the Media icon or the Files icon.
2. Navigate to a certificate or PGP® key.
3. Highlight the certificate or PGP key.
4. Press the Menu key.
5. Click Import Certificate or Import PGP Key.
To view the certificate or PGP key, press the Menu key. Click Display Certificate or Display PGP Key.
Import a certificate or PGP key from a media card
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click Certificates or PGP Keys.
5. Press the Menu key.
6. Click Show Media Card Certificates or Show Media Card PGP Keys.
To view the certificate or PGP® key, press the Menu key. Click Display Certificate or Display PGP Key.
User Guide
Security
276
View properties for a PGP key
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click PGP keys.
5. Click a PGP® key.
6. Click View Subkey.
PGP key properties
Revocation Status:
This field displays the revocation status of the PGP® key at a specified date and time.
Trust Status:
This field displays the trust status of the PGP key. A PGP key can be explicitly trusted (the PGP key itself is trusted), implicitly trusted (the
PGP key is associated with a private key on your BlackBerry® device), or not trusted (the PGP key is not explicitly trusted and is not
associated with a trusted PGP key on your device, and a chain of digital signatures to a trusted key does not exist).
Creation Date:
This field displays the date that the PGP® Universal Server generated the PGP key.
Expiration Date:
This field displays the date that the PGP Universal Server specified as the expiration date of the PGP key.
Email Address:
This field displays the email address that is associated with the PGP key. Multiple Email Address fields might appear.
Public Key Type:
This field displays the standard to which the public key complies. Your device supports RSA®, DSA, and Diffie-Hellman keys.
Key Usage:
This field displays approved uses of the PGP key.
Fingerprint:
This field displays the PGP key fingerprint in hexadecimal format.
Send a PGP key
When you send a PGP® key, your BlackBerry® device sends the public key, but does not send the corresponding private key.
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click PGP Keys.
User Guide
Security
277
5. Highlight a PGP key.
6. Press the Menu key.
7. Click Send via Email or Send via PIN.
Delete a PGP key
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click PGP Keys.
5. Highlight a PGP® key.
6. Press the Menu key.
7. Click Delete.
Clear the PGP data cache
The PGP® data cache contains cached PGP public keys and the PGP® Universal Server policy that your BlackBerry® device downloads from
the PGP Universal Server.
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click PGP.
4. Press the Menu key.
5. Click Clear Universal Cache.
The next time that you send a PGP protected message, your device downloads an updated PGP Universal Server policy and updated PGP public
keys from the PGP Universal Server.
PGP key status
PGP key status indicators
:
The PGP® key has a corresponding private key that is stored on your BlackBerry® device.
:
The PGP key is trusted and valid, and the revocation status of the PGP key is good.
:
The revocation status of the PGP key is unknown or the key is weak.
:
The PGP key is untrusted, revoked, expired, not valid, or cannot be verified.
User Guide
Security
278
Check the revocation status of a PGP key
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click PGP Keys.
5. Highlight a PGP® key.
6. Press the Menu key.
7. Click Fetch Status.
Change the trust status of a PGP key
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click PGP Keys.
5. Highlight a PGP® key.
6. Press the Menu key.
7. Click Trust or Distrust.
Revoke a PGP key
If you revoke a PGP® key, the PGP key is revoked only in the key store on your BlackBerry® device. Your device does not update the revocation
status on the PGP® Universal Server.
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click PGP Keys.
5. Highlight a PGP® key.
6. Press the Menu key.
7. Click Revoke.
8. Click Yes.
9. Change the Reason field.
10. Click OK.
PGP key revocation reasons
Unknown:
The revocation reason does not match any of the predefined reasons.
Superseded:
A new PGP® key is replacing an existing PGP key.
Key Compromise:
User Guide
Security
279
A person who is not the key subject might have discovered the private key value.
Key Retired:
The PGP key is no longer used.
User ID Invalid:
The user information for the PGP key is not valid.
PGP key options
Change the display name for a PGP key
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click PGP keys.
5. Highlight a PGP® key.
6. Press the Menu key.
7. Click Change Label.
8. Type a display name for the PGP key.
9. Click OK.
Turn off the display name prompt that appears when you add a PGP key to the key store
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click PGP keys.
5. Press the Menu key.
6. Click Fetch PGP Keys.
7. Press the Menu key.
8. Click Options.
9. Change the Prompt for Label field to No.
10. Press the Menu key.
11. Click Save.
When you add a PGP® key, your BlackBerry® device uses the name that the PGP® Universal Server set for the key when it generated the key.
Turn off the fetch status prompt that appears when you add a PGP key to the key store
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click PGP Keys.
User Guide
Security
280
5. Press the Menu key.
6. Click Fetch PGP Keys.
7. Press the Menu key.
8. Click Options.
9. Perform one of the following actions:
• To download the revocation status of a PGP® key when you add it to the key store, change the Fetch Status field to Yes.
• To add a PGP key to the key store without downloading the revocation status, change the Fetch Status field to No.
10. Press the Menu key.
11. Click Save.
PGP key shortcuts
•
To view the label of a PGP® key, press the Space key.
•
To view the properties of a PGP key, press the Enter key.
•
To view the security level of a PGP private key, press the Alt key and L.
•
To view personal PGP keys, press the Alt key and P.
•
To view PGP keys for other people, press the Alt key and O.
•
To view all PGP keys, press the Alt key and A.
Troubleshooting: PGP keys
I cannot download a PGP key from an LDAP certificate server
Try performing the following actions:
• Verify that your organization permits you to download PGP® keys from an LDAP certificate server. For more information, contact your
administrator.
• If you changed the connection type that your BlackBerry® device uses to connect to an LDAP certificate server, try using the default
connection type.