Page is loading ...
PGP® Mobile 9.10
Administrator's Guide
Version Information
PGP Mobile Administrator's Guide. PGP Mobile Version 9.10.0. Released March 2010.
Copyright Information
Copyright © 1991-2010 by PGP Corporation. All Rights Reserved. No part of this document can be reproduced or transmitted in any form or by any
means, electronic or mechanical, for any purpose, without the express written permission of PGP Corporation.
Trademark Information
PGP, Pretty Good Privacy, and the PGP logo are registered trademarks of PGP Corporation in the US and other countries. IDEA is a trademark of Ascom
Tech AG. Windows and ActiveX are registered trademarks of Microsoft Corporation. AOL is a registered trademark, and AOL Instant Messenger is a
trademark, of America Online, Inc. Red Hat and Red Hat Linux are trademarks or registered trademarks of Red Hat, Inc. Linux is a registered trademark
of Linus Torvalds. Solaris is a trademark or registered trademark of Sun Microsystems, Inc. AIX is a trademark or registered trademark of International
Business Machines Corporation. HP-UX is a trademark or registered trademark of Hewlett-Packard Company. SSH and Secure Shell are trademarks of
SSH Communications Security, Inc. Rendezvous and Mac OS X are trademarks or registered trademarks of Apple Computer, Inc. All other registered
and unregistered trademarks in this document are the sole property of their respective owners.
Licensing and Patent Information
The IDEA cryptographic cipher described in U.S. patent number 5,214,703 is licensed from Ascom Tech AG. The CAST-128 encryption algorithm,
implemented from RFC 2144, is available worldwide on a royalty-free basis for commercial and non-commercial uses. PGP Corporation has secured a
license to the patent rights contained in the patent application Serial Number 10/655,563 by The Regents of the University of California, entitled Block
Cipher Mode of Operation for Constructing a Wide-blocksize block Cipher from a Conventional Block Cipher. Some third-party software included in PGP
Universal Server is licensed under the GNU General Public License (GPL). PGP Universal Server as a whole is not licensed under the GPL. If you would
like a copy of the source code for the GPL software included in PGP Universal Server, contact PGP Support (
https://support.pgp.com). PGP Corporation
may have patents and/or pending patent applications covering subject matter in this software or its documentation; the furnishing of this software or
documentation does not give you any license to these patents.
Acknowledgments
This product includes or may include:
-- The Zip and ZLib compression code, created by Mark Adler and Jean-Loup Gailly, is used with permission from the free Info-ZIP implementation,
developed by zlib (
http://www.zlib.net). -- Libxml2, the XML C parser and toolkit developed for the Gnome project and distributed and copyrighted under
the MIT License found at
http://www.opensource.org/licenses/mit-license.html. Copyright © 2007 by the Open Source Initiative. -- bzip2 1.0, a freely
available high-quality data compressor, is copyrighted by Julian Seward, © 1996-2005. -- Application server (
http://jakarta.apache.org/), web server
(
http://www.apache.org/), Jakarta Commons (http://jakarta.apache.org/commons/license.html) and log4j, a Java-based library used to parse HTML,
developed by the Apache Software Foundation. The license is at
www.apache.org/licenses/LICENSE-2.0.txt. -- Castor, an open-source, data-binding
framework for moving data from XML to Java programming language objects and from Java to databases, is released by the ExoLab Group under an
Apache 2.0-style license, available at
http://www.castor.org/license.html. -- Xalan, an open-source software library from the Apache Software
Foundation that implements the XSLT XML transformation language and the XPath XML query language, is released under the Apache Software
License, version 1.1, available at
http://xml.apache.org/xalan-j/#license1.1. -- Apache Axis is an implementation of the SOAP ("Simple Object Access
Protocol") used for communications between various PGP products is provided under the Apache license found at
http://www.apache.org/licenses/LICENSE-2.0.txt. -- mx4j, an open-source implementation of the Java Management Extensions (JMX), is released under
an Apache-style license, available at
http://mx4j.sourceforge.net/docs/ch01s06.html. -- jpeglib version 6a is based in part on the work of the
Independent JPEG Group. (
http://www.ijg.org/) -- libxslt the XSLT C library developed for the GNOME project and used for XML transformations is
distributed under the MIT License
http://www.opensource.org/licenses/mit-license.html. -- PCRE Perl regular expression compiler, copyrighted and
distributed by University of Cambridge. ©1997-2006. The license agreement is at
http://www.pcre.org/license.txt. -- BIND Balanced Binary Tree Library
and Domain Name System (DNS) protocols developed and copyrighted by Internet Systems Consortium, Inc. (
http://www.isc.org) -- Free BSD
implementation of daemon developed by The FreeBSD Project, © 1994-2006. -- Simple Network Management Protocol Library developed and
copyrighted by Carnegie Mellon University © 1989, 1991, 1992, Networks Associates Technology, Inc, © 2001- 2003, Cambridge Broadband Ltd. ©
2001- 2003, Sun Microsystems, Inc., © 2003, Sparta, Inc, © 2003-2006, Cisco, Inc and Information Network Center of Beijing University of Posts and
Telecommunications, © 2004. The license agreement for these is at
http://net-snmp.sourceforge.net/about/license.html. -- NTP version 4.2 developed
by Network Time Protocol and copyrighted to various contributors. -- Lightweight Directory Access Protocol developed and copyrighted by OpenLDAP
Foundation. OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol (LDAP). Copyright © 1999-2003, The
OpenLDAP Foundation. The license agreement is at
http://www.openldap.org/software/release/license.html. Secure shell OpenSSH developed by
OpenBSD project is released by the OpenBSD Project under a BSD-style license, available at
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/LICENCE?rev=HEAD. -- PC/SC Lite is a free implementation of PC/SC, a specification for
SmartCard integration is released under the BSD license. -- Postfix, an open source mail transfer agent (MTA), is released under the IBM Public License
1.0, available at
http://www.opensource.org/licenses/ibmpl.php. -- PostgreSQL, a free software object-relational database management system, is
released under a BSD-style license, available at
http://www.postgresql.org/about/licence. -- PostgreSQL JDBC driver, a free Java program used to
connect to a PostgreSQL database using standard, database independent Java code, (c) 1997-2005, PostgreSQL Global Development Group, is
released under a BSD-style license, available at
http://jdbc.postgresql.org/license.html. -- PostgreSQL Regular Expression Library, a free software
object-relational database management system, is released under a BSD-style license, available at
http://www.postgresql.org/about/licence. --
21.vixie-cron is the Vixie version of cron, a standard UNIX daemon that runs specified programs at scheduled times. Copyright © 1993, 1994 by Paul
Vixie; used by permission. -- JacORB, a Java object used to facilitate communication between processes written in Java and the data layer, is open
source licensed under the GNU Library General Public License (LGPL) available at
http://www.jacorb.org/lgpl.html. Copyright © 2006 The JacORB
Project. -- TAO (The ACE ORB) is an open-source implementation of a CORBA Object Request Broker (ORB), and is used for communication between
processes written in C/C++ and the data layer. Copyright (c) 1993-2006 by Douglas C. Schmidt and his research group at Washington University,
University of California, Irvine, and Vanderbilt University. The open source software license is available at
http://www.cs.wustl.edu/~schmidt/ACE-copying.html. -- libcURL, a library for downloading files via common network services, is open source software
provided under a MIT/X derivate license available at
http://curl.haxx.se/docs/copyright.html. Copyright (c) 1996 - 2007, Daniel Stenberg. -- libuuid, a
library used to generate unique identifiers, is released under a BSD-style license, available at
http://thunk.org/hg/e2fsprogs/?file/fe55db3e508c/lib/uuid/COPYING. Copyright (C) 1996, 1997 Theodore Ts'o. -- libpopt, a library that parses command
line options, is released under the terms of the GNU Free Documentation License available at
http://directory.fsf.org/libs/COPYING.DOC. Copyright ©
2000-2003 Free Software Foundation, Inc. -- gSOAP, a development tool for Windows clients to communicate with the Intel Corporation AMT chipset
on a motherboard, is distributed under the gSOAP Public License version 1.3b, available at http://www.cs.fsu.edu/~engelen/license.html. -- Windows
Template Library (WTL) is used for developing user interface components and is distributed under the Common Public License v1.0 found at
http://opensource.org/licenses/cpl1.0.php. -- The Perl Kit provides several independent utilities used to automate a variety of maintenance functions and
is provided under the Perl Artistic License, found at
http://www.perl.com/pub/a/language/misc/Artistic.html. -- rEFIt - libeg, provides a graphical interface
library for EFI, including image rendering, text rendering, and alpha blending, and is distributed under the license found at
http://refit.svn.sourceforge.net/viewvc/*checkout*/refit/trunk/refit/LICENSE.txt?revision=288. Copyright (c) 2006 Christoph Pfisterer. All rights reserved.
-- Java Radius Client, used to authenticate PGP Universal Web Messenger users via Radius, is distributed under the Lesser General Public License
(LGPL) found at
http://www.gnu.org/licenses/lgpl.html. -- Yahoo! User Interface (YUI) library version 2.5.2, a Web UI interface library for AJAX.
Copyright (c) 2009, Yahoo! Inc. All rights reserved. Released under a BSD-style license, available at
http://developer.yahoo.com/yui/license.html. --
JSON-lib version 2.2.1, a Java library used to convert Java objects to JSON (JavaScript Object Notation) objects for AJAX. Distributed under the Apache
2.0 license, available at
http://json-lib.sourceforge.net/license.html. -- EZMorph, used by JSON-lib, is distributed under the Apache 2.0 license, available
at
http://ezmorph.sourceforge.net/license.html. -- Apache Commons Lang, used by JSON-lib, is distributed under the Apache 2.0 license, available at
http://commons.apache.org/license.html. -- Apache Commons BeanUtils, used by JSON-lib, is distributed under the Apache 2.0 license, available at
http://commons.apache.org/license.html. -- SimpleIni is an .ini format file parser and provides the ability to read and write .ini files, a common
configuration file format used on Windows, on other platforms. Distributed under the MIT License found at
http://www.opensource.org/licenses/mit-license.html. Copyright 2006-2008, Brodie Thiesfield. -- uSTL provides a small fast implementation of common
Standard Template Library functions and data structures and is distributed under the MIT License found at
http://www.opensource.org/licenses/mit-license.html. Copyright (c) 2005-2009 by Mike Sharov <[email protected]>. -- Protocol Buffers
(protobuf), Google's data interchange format, are used to serialize structure data in the PGP SDK. Distributed under the BSD license found at
http://www.opensource.org/licenses/bsd-license.php. Copyright 2008 Google Inc. All rights reserved.
Additional acknowledgements and legal notices are included as part of the PGP Universal Server.
Export Information
Export of this software and documentation may be subject to compliance with the rules and regulations promulgated from time to time by the Bureau
of Export Administration, United States Department of Commerce, which restricts the export and re-export of certain products and technical data.
Limitations
The software provided with this documentation is licensed to you for your individual use under the terms of the End User License Agreement provided
with the software. The information in this document is subject to change without notice. PGP Corporation does not warrant that the information meets
your requirements or that the information is free of errors. The information may include technical inaccuracies or typographical errors. Changes may be
made to the information and incorporated in new editions of this document, if and when made available by PGP Corporation.
Unsupported Third Party Products
By utilizing third party products, software, drivers, or other components ("Unsupported Third Party Product") to interact with the PGP software and/or by
utilizing any associated PGP command or code provided by to you by PGP at its sole discretion to interact with the Unsupported Third Party Product
("PGP Third Party Commands"), you acknowledge that the PGP software has not been designed for or formally tested with the Unsupported Third Party
Product, and therefore PGP provides no support or warranties with respect to the PGP Third Party Commands or the PGP software's compatibility with
Unsupported Third Party Products. THE PGP THIRD PARTY COMMANDS ARE PROVIDED "AS IS," WITH ALL FAULTS, AND THE ENTIRE RISK AS TO
SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH YOU. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE
LAW, PGP DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS, WHETHER EXPRESS OR IMPLIED, INCLUDING ANY
WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NONINFRINGEMENT, QUIET
ENJOYMENT, AND ACCURACY WITH RESPECT TO THE PGP THIRD PARTY COMMANDS OR THE PGP SOFTWARE'S COMPATIBILITY WITH THE
UNSUPPORTED THIRD PARTY PRODUCT.
4
1
Contents
About PGP Mobile
Overview 2
Important Terms 2
PGP Mobile and the PGP Universal Server 2
Who Should Read This Guide 3
System Requirements 3
Getting Assistance 4
Available Documentation 4
Contact Information 4
Configuration and Installation
7
The PGP Mobile Installation File 7
The PGP Mobile Configuration File 8
Messaging 9
Using PGP Mobile with PGP Universal Server Version 2.x 9
Mail Policies 10
Configuring Internal User Policies for PGP Mobile 10
Using PGP Mobile with PGP Universal Server Version 3.0 14
Mail Policies 15
Configuring Consumer Policy Options for PGP Mobile 15
i
1
About PGP Mobile
Mobile devices such as Windows Mobile smartphones are popular tools for
digital communications, both in the office and on the road. As more employees
and executives begin to carry these wireless devices, the amount of sensitive
and confidential information put at risk increases. Lacking the right protection,
sensitive email that is stored or transmitted on mobile devices may be
breached. The resulting damages can include lost revenue, regulatory penalties,
and brand damage.
PGP Mobile enables enterprises to extend market-leading PGP® encryption
security solutions for laptops and desktops to Windows Mobile devices,
allowing users to encrypt emails, files, and entire storage volumes.
Built on proven encryption and key management services, PGP Mobile provides
flexible encryption to meet the data protection and sharing needs of a mobile
enterprise. With PGP Mobile, entire data volumes, archives, directories, or
individual files can be encrypted. Incoming and outgoing email can be encrypted
or decrypted, signed or verified.
Ready for the mobile enterprise, PGP Mobile can be deployed over-the-air,
leveraging PGP Universal Server's trusted key management and provisioning
services to reduce administrator setup time. When needed, PGP Mobile
encrypted data can easily be shared with Windows users, even those without
encryption software.
PGP Mobile is a PGP Encryption Platform-enabled application. The PGP
Encryption Platform provides a strategic enterprise encryption framework for
shared user management, policy, and provisioning, automated across multiple,
integrated encryption applications. As a PGP Encryption Platform-enabled
application, PGP Mobile is managed with PGP Universal Server to manage
existing policies, users, keys, and configurations, expediting deployment and
policy enforcement.
In This Chapter
Overview....................................................................................................2
Important Terms ........................................................................................ 2
PGP Mobile and the PGP Universal Server................................................ 2
Who Should Read This Guide .................................................................... 3
System Requirements ...............................................................................3
Getting Assistance.....................................................................................4
1
PGP® Mobile 9.10 About PGP Mobile
Overview
PGP Mobile is a security tool that uses cryptography to protect your data against
unauthorized access.
PGP Mobile protects your data by encrypting email messages, individual files,
entire data volumes, archives, or directories. Use PGP Mobile to put any
combination of files and folders into an encrypted, compressed package for easy
distribution or backup. Finally, use PGP Mobile to shred (securely delete)
sensitive files—so that no one can retrieve them.
Important Terms
PGP Mobile: A software product from PGP Corporation that allows users to
secure emails, files, and entire storage volumes on their mobile devices.
PGP Universal Server: A software product from PGP Corporation used for
configuration and management of PGP Corporation encryption applications,
including PGP Mobile.
LDAP directory synchronization: An optional feature of PGP Universal Server
that lets your PGP Universal Server query your organization's LDAP directory
server (a Microsoft Active Directory server, for example), thus taking advantage
of existing information about configured users and their authentication
credentials.
enrollment: A process during installation of PGP Mobile where the PGP Mobile
client synchronizes with the PGP Universal Server. The enrollment process
establishes the relationship between the client and the server, binding the
managed client to the specific PGP Universal Server. During enrollment, and at
specific times afterwards, the PGP Mobile client receives policy and preference
updates from the PGP Universal Server. SKM and GKM keys are also
downloaded to PGP Mobile during enrollment (the private key portion of CKM
and SCKM keys must be downloaded and imported manually; see the PGP
Mobile User's Guide for more information).
PGP Mobile and the PGP Universal Server
PGP Mobile requires that users be in a PGP Universal Server-managed
environment where the LDAP Directory Synchronization feature is enabled. You
provide the information about which PGP Universal Server the PGP Mobile user
enrolls with through a separate configuration file provided during client
installation.
2
PGP® Mobile 9.10 About PGP Mobile
PGP Mobile users enroll with their PGP Universal Server using their LDAP
credentials. PGP Mobile uses keys that are stored on the PGP Universal Server
— PGP Mobile does not generate any keys on the device. This ensures that
users can use the same key with PGP Mobile and PGP Desktop.
All key types are supported: SKM, GKM, CKM, and SCKM. For SKM and GKM
keys, during setup and enrollment, the user's key is downloaded from the PGP
Universal Server. For CKM and SCKM keys, the private key can not be
downloaded from the PGP Universal Server; the user must perform a manual
step to import the private key.
For secure messaging, policies and preferences are downloaded from the PGP
Universal Server when the PGP Mobile user enrolls. Policies and preferences
are refreshed on a regular basis.
Note: This release of PGP Mobile is compatible with PGP Universal Server
versions 2.9, 2.10, 2.12, or 3.0 only. To use PGP Mobile with later versions of
PGP Universal Server, see PGP Support Home Page
(https://support.pgp.com).
Who Should Read This Guide
This Guide assumes you are a PGP administrator responsible for:
Getting mobile device users in your organization up and running with PGP
Mobile.
Setting up your PGP Mobile users so that they can secure their email
messaging per organizational policy.
This Guide assumes you are familiar with your organization's PGP Universal
Server and have read the PGP Universal Server Administrator's Guide.
System Requirements
To install PGP Mobile, you need:
PGP Universal Server 2.9, 2.10, 2.12, 3.0
Note: This release of PGP Mobile is compatible with PGP Universal Server
versions listed above only. To use PGP Mobile with later versions of PGP
Universal Server, see PGP Support Home Page (https://support.pgp.com).
LDAP authentication (for enrolling users to the PGP Universal Server)
Microsoft Exchange Server (required for messaging):
Microsoft Exchange Server 2003 SP 2
Microsoft Exchange Server 2007 SP 1
3
PGP® Mobile 9.10 About PGP Mobile
Note: Be sure you have applied the required service packs to your
Microsoft Exchange Server.
Getting Assistance
For additional resources, see these sections.
Available Documentation
PGP Mobile on-device help is installed onto your touchscreen mobile device
during the installation process.
To view the help file on your touchscreen device, do one of the following:
Launch PGP Mobile. To do this on your touchscreen device, select Start >
Programs, and then select PGP Mobile. Then select Start > Help.
You can also navigate to the PGP Mobile help from your mobile device's
main help. In the device's help Table of Contents, select Help for Added
Programs > PGP Mobile.
The PGP Mobile User's Guide is available in an Adobe Acrobat Portable
Document Format (PDF) files. You can view and print these files with Adobe
Acrobat Reader, available on the Adobe Web site (
http://www.adobe.com). The
PGP Mobile User's Guide can be obtained from your PGP Universal Server
administrator or from the PGP Corporation Knowledgebase.
Once PGP Mobile is released, additional information regarding the product is
entered into the online Knowledge Base available on the PGP Corporation
Support Portal (
https://support.pgp.com).
Contact Information
Contacting Technical Support
To learn about PGP support options and how to contact PGP Technical
Support, please visit the PGP Corporation Support Home Page
(
https://support.pgp.com).
To access the PGP Support Knowledge Base or request PGP Technical
Support, please visit PGP Support Portal Web Site
(
https://support.pgp.com). Note that you may access portions of the PGP
Support Knowledge Base without a support agreement; however, you
must have a valid support agreement to request Technical Support.
To access the PGP Support forums, please visit PGP Support
(
http://forum.pgp.com). These are user community support forums hosted
by PGP Corporation.
4
PGP® Mobile 9.10 About PGP Mobile
Contacting Customer Service
For help with orders, downloads, and licensing, please visit PGP
Corporation Customer Service (
https://pgp.custhelp.com/app/cshome).
Contacting Other Departments
For any other contacts at PGP Corporation, please visit the PGP Contacts
Page (
http://www.pgp.com/about_pgp_corporation/contact/index.html).
For general information about PGP Corporation, please visit the PGP Web
Site (
http://www.pgp.com).
5
2
Configuration and
Installation
For your users to be able to install PGP Mobile on a mobile device, you must
provide them with the .cab installation file as well as a .dat file that contains
information on the PGP Universal Server.
When PGP Mobile is installed on a user's touchscreen device, on-device help is
also installed (on-device help is not available on the non-touchscreen edition).
Additional information is available in the PGP Mobile User's Guide (available in
PDF format) as well as the release notes. You may decide you want to provide
this information (which was provided when you downloaded the program from
PGP Corporation) to your users. Be sure to distribute these files when you
distribute the installation and configuration file.
In This Chapter
The PGP Mobile Installation File ................................................................ 7
The PGP Mobile Configuration File............................................................ 8
The PGP Mobile Installation File
The PGP Mobile installation file is a Microsoft Windows .cab file. This file can
be transferred to your device using any of the following methods:
Desktop synchronization
Beaming (Bluetooth, infrared)
Storage card transfer
Email
Web download
Mobile Device Management (MDM) push
Be sure to provide the appropriate installation file for your users' devices:
For touchscreen devices, the file name should be *Pro.cab.
Once the installation file is on the device, user's can start the installation
process by selecting the .cab file.
7
PGP® Mobile 9.10 Configuration and Installation
The PGP Mobile Configuration File
In order to enroll, users will use their LDAP credentials and connect to the PGP
Universal Server in your organization. During enrollment, the user's GKM or
SKM key is downloaded to the mobile device. The configuration file, named
PGPConfigure.dat, is used during the installation of PGP Mobile to specify
the location of the PGP Universal Server.
This file must be located on the device before the user installs PGP Mobile. It
does not matter where the file is located, although it may be easier to place it in
the same location as the installation .cab file.
To create the .dat file
1 Create a new text file and name it PGPConfigure.dat.
2 Edit the file and add the following single line:
ovid=[UniversalServerName]
For example, if your PGP Universal Server is named
keys.mapi.example.com, the line in the .dat file would be
ovid=keys.mapi.example.com.
3 Save the file.
4 Distribute the file to your users when you distribute the installation (.cab)
file.
8
3
Messaging
Your PGP Mobile users can sign, encrypt, or sign and encrypt outgoing email
messages, and decrypt and verify incoming email messages.
PGP Mobile decodes all the encoding formats (Partitioned, PGP/MIME and
S/MIME) generated by various PGP clients (MAPI, Lotus Notes, IMAP/POP, PGP
Support Package for Blackberry).
As PGP Mobile administrator, you can:
configure the messaging policies downloaded to your PGP Mobile users
and how often they are updated.
establish settings for messaging preferences that apply to your PGP Mobile
users.
Refer to the following sections for information on how to configure policies and
establish preferences for your PGP Mobile users using the version of PGP
Universal Server you have deployed.
In This Chapter
Using PGP Mobile with PGP Universal Server Version 2.x ....................... 9
Using PGP Mobile with PGP Universal Server Version 3.0 .....................14
Using PGP Mobile with PGP Universal Server Version 2.x
Mail policies and preferences for your PGP Mobile users are automatically
downloaded during installation of PGP Mobile and are updated periodically
thereafter. If you add a preference or change an existing preference after PGP
Mobile is installed on a mobile device, the new settings are automatically
downloaded during the next update.
PGP Mobile users can force an update of preferences (and policies) by exiting
PGP Mobile and then restarting it.
Mail policies and preferences for your PGP Mobile users are stored on your PGP
Universal Server. To use the default settings for all PGP Mobile preferences, you
do not have to do anything; they will be downloaded and implemented
automatically.
To use settings for PGP Mobile preferences other than the default settings, you
must specify the setting you want to use. Any PGP Mobile preference not
specified will use the default setting.
9
PGP® Mobile 9.10 Messaging
Warning: Preferences should be edited with caution. A misconfiguration may
cause your PGP Mobile clients to stop functioning properly.
There are two kinds of preferences that apply to PGP Mobile:
Preferences that apply to PGP Mobile and to PGP Desktop.
Preferences that apply only to PGP Mobile.
Both kinds of preferences are described in this section.
Note: Some preferences on the PGP Universal Server apply only to PGP
Desktop. While these are downloaded to your PGP Mobile users (because
they are in the same file that gets downloaded to all PGP clients), they are
ignored by PGP Mobile.
Mail Policies
Mail policies for your PGP Mobile users are created on your PGP Universal
Server and then downloaded to your PGP Mobile users.
Refer to the PGP Universal Server Administrator's Guide for complete
information about configuring mail policies.
Note: Not everything in the mail policy chains downloaded to your PGP
Mobile users will apply to them; any mail policy settings that do not apply to
PGP Mobile will be ignored.
Mail policies are downloaded automatically to mobile devices when PGP Mobile
is installed and are updated at regular intervals thereafter based on preferences
settings. If a connection to the PGP Universal Server is not available when mail
policies are scheduled for updating, the update is postponed.
PGP Mobile users can force an update of mail policies (and preferences) by
exiting from PGP Mobile and then restarting it.
Note: Automatic updates of mail polices and preferences only happen when
PGP Mobile is running on the mobile device.
Configuring Internal User Policies for PGP Mobile
In PGP Universal Server version 2.x, use the Advanced Preferences Editor to
create and apply Internal User policies. For information on how to change these
preferences, see Changing the Default Values of Preferences (on page
13).
PGP Mobile Only Preferences
Some preferences on your PGP Universal Server apply only to PGP Mobile.
10
PGP® Mobile 9.10 Messaging
Integers take a numeric value; Booleans are true or false; Strings take a string of
text.
The following preferences apply only to PGP Mobile:
policyDownloadinterval (integer)—The default value is 10080 minutes
(one week, 168 hours). This preference controls when policy is
automatically downloaded to the mobile device from the PGP Universal
Server. The value is set in minutes. If the mobile device is suspended, that
time does not count towards reaching the timeout value.
policyWakeupFrequency (integer)—The default value is 56 times. This
preference controls how many times PGP Mobile will wake up to see if a
policy download is needed while the device is suspended (when a device is
suspended, the timer for policy download is also suspended).
policyDownloadGracePeriod (integer)—The default value is 43200
minutes (30 days, 720 hours). This preference controls the length of time
for which downloaded policy will be applied to outgoing messages. Before
applying policy, PGP Mobile will check to see if the current policy is valid. If
it is valid, the policy will be applied; if it has expired (the grace period is
over), the policy will not be applied and outgoing messages will be blocked.
expiredPolicyActionBlock (Boolean)—The default value is False. This
preference controls how PGP Mobile handles expired policies. When set to
False, the default, messages will use expired policies. When set to True,
messages will not use expired policies; instead, messages will be blocked.
policyDownloadRetryInterval (integer)—The default value is 1440
minutes (one day, 24 hours). This preference controls how long PGP Mobile
will wait before attempting again to download policies if a download was
missed because a connection to the PGP Universal Server was not
available.
mailKeyCacheSize (integer)—The default value is 50 keys. This preference
controls the number of keys PGP Mobile will cache (key caching speeds up
performance).
enablePolicyDownload (Boolean)—The default value is True. This
preference controls policy download. When set to True, the default, policy
downloads are initiated automatically per the setting of
policyDownloadInterval. If set to False, automatic policy downloads do not
occur. To reestablish automatic policy downloads if this value has been set
to False, the value in the preferences must be reset to True and the user
must be reenrolled from the mobile device.
mailKeyCacheTime (integer)—The default value is 20160 minutes (two
weeks, 336 hours). This preference controls how long a key will stay
cached on the mobile device for encoding outgoing messages. When the
timeout is reached, PGP Mobile will look up the key on the PGP Universal
Server and cached it again.
11
PGP® Mobile 9.10 Messaging
mailBounceOnUnsupported (Boolean)—The default value is False. This
preference controls how PGP Mobile handles unsupported policy rules.
When set to False, the default, PGP Mobile will ignore unsupported policy
rules and instead use the default policy. When set to True, PGP Mobile will
not send messages to which unsupported policy rules apply.
Preferences Shared with PGP Desktop
Some preferences on your PGP Universal Server apply both to PGP Mobile and
to PGP Desktop.
Note: If you are creating PGP Desktop clients on the same PGP Universal
Server hosting your PGP Mobile clients, make sure any preferences whose
settings you modify get appropriate settings for both PGP Mobile and PGP
Desktop.
Integers take a numeric value; a Boolean is true or false; a String takes a string
of text.
The following preferences are shared by PGP Mobile and PGP Desktop:
mobileAnnotateMessages (Boolean)—The default value is True. This
preference controls annotation of decoded messages. When set to True,
the default, decoded messages are annotated (refer to the PGP Mobile
User's Guide for more information about message annotation). When set to
False, decoded messages are not annotated.
mobileUseNotifier (Boolean)—The default value is False. This preference
whether controls PGP Mobile users will see messaging-related notifications
on their mobile device. When set to False, the default, they will not see
messaging-related notifications. When set to True, they will see
messaging-related notifications.
mobileSearchLocalKeyring (Boolean)—The default value is True. This
preference controls whether or not PGP Mobile will search the local keyring
for the right key to encrypt an outgoing message or to verify a signature.
When set to True, the default, the local keyring is searched. When set to
False, the local keyring is not searched. The local keyring is not the same as
the key cache; PGP Mobile will always search its key cache for an
appropriate key.
mobilePassphraseCacheType (Integer)—The default value is 1 (messaging
passphrases are cached for a specified number of seconds). This
preference controls how PGP Mobile handles messaging passphrases (PGP
Mobile handles messaging passphrases differently than it handles other
passphrases). This preference can be set to values of 0, 1, or 2 only. When
set to 0, messaging passphrases are not cached. When set the 1, the
default, messaging passphrases are cached for the number of seconds
specified in mobilePassphraseCacheSeconds. When set to 2, messaging
passphrases are cached until PGP Mobile is shut down.
12
PGP® Mobile 9.10 Messaging
mobilePassphraseCacheSeconds (Integer)—The default value is 300
seconds (five minutes). This preference controls how long message
passphrases are cached if mobilePassphraseCacheType is set to 1.
mobileDisableFeatureEmailMessaging (Boolean)—The default value is
False. This preference controls PGP Mobile messaging on a mobile device.
When set to False, the default, messaging works normally. When set to
True, PGP Mobile messaging is disabled for the device. If messaging had
been working on the mobile device prior to it being disabled via this
preference, messaging will be disabled when the preferences are next
downloaded. If Outlook was being used on the device, it will need to be
restarted to disable messaging.
Changing the Default Values of Preferences
If you want to use a setting for a PGP Mobile preference other than the default
setting, you must add the preference (using the XML Preferences Editor on your
PGP Universal Server) and then specify the desired setting.
Warning: Preferences should be edited with caution. A misconfiguration may
cause your PGP Mobile clients to stop functioning properly.
To add a PGP Mobile messaging preference and specify a setting
1 Log in to your PGP Universal Server.
2 Select Policy > Internal User Policy.
3 Select the policy you want to edit (the default policy is Internal Users:
Default).
4 Click the Advanced tab
13
PGP® Mobile 9.10 Messaging
5 Click Edit Preferences. The XML Preferences dialog box is displayed.
6 At the bottom of the dialog box, select Set.
7 Enter the Pref Name. Note that the name is case-sensitive.
8 Select the Type of preference: Boolean, String, Integer.
9 Enter the Value of the preference.
10 Click Save. The new messaging preference is added at the bottom of the
list of existing preferences.
Using PGP Mobile with PGP Universal Server Version 3.0
Mail policies and preferences for your PGP Mobile users are automatically
downloaded during installation of PGP Mobile and are updated periodically
thereafter. If you add a preference or change an existing preference after PGP
Mobile is installed on a mobile device, the new settings are automatically
downloaded during the next update.
PGP Mobile users can force an update of preferences (and policies) by exiting
PGP Mobile and then restarting it.
Mail policies and preferences for your PGP Mobile users are stored on your PGP
Universal Server. To use the default settings for all PGP Mobile preferences, you
do not have to do anything; they will be downloaded and implemented
automatically.
14
PGP® Mobile 9.10 Messaging
To use settings for PGP Mobile preferences other than the default settings, you
must specify the setting you want to use. Any PGP Mobile preference not
specified will use the default setting.
Warning: Preferences should be edited with caution. A misconfiguration may
cause your PGP Mobile clients to stop functioning properly.
Use PGP Universal Server to manage mail and consumer policy for PGP Mobile.
However, you cannot create the initial PGP Mobile installer from PGP Universal
Server.
Mail Policies
Mail policies for your PGP Mobile users are created on your PGP Universal
Server and then downloaded to your PGP Mobile users.
Refer to the PGP Universal Server Administrator's Guide for complete
information about configuring mail policies.
Note: Not everything in the mail policy chains downloaded to your PGP
Mobile users will apply to them; any mail policy settings that do not apply to
PGP Mobile will be ignored.
Mail policies are downloaded automatically to mobile devices when PGP Mobile
is installed and are updated at regular intervals thereafter based on preferences
settings. If a connection to the PGP Universal Server is not available when mail
policies are scheduled for updating, the update is postponed.
PGP Mobile users can force an update of mail policies (and preferences) by
exiting from PGP Mobile and then restarting it.
Note: Automatic updates of mail polices and preferences only happen when
PGP Mobile is running on the mobile device.
Included in PGP Universal Server v3.x is the Default: Mobile mail policy chain
from Mail > Mail Policy. This is the default mail policy that is downloaded to
user's devices. You can edit this policy or create new policies if desired.
Configuring Consumer Policy Options for PGP Mobile
To specify policy options, in PGP Universal Server, select Consumers >
Consumer Policy > Consumer Policy Options (select any policy) > Mobile.
The following tables describe these options.
General
Option Definition
Allow conventional
When selected, lets your PGP Mobile users
encryption and
conventionally encrypt files using a passphrase
15
/
