PGP Sure® provides a unique feature not provided by any other PGP competitor. This feature gives user the ability to create unique PGP keys themselves and protect them with their own private passphrases. This feature gives the control into the hands of the users and enable them to master the encryption and decryption of their emails.
The Server Key Mode stores your keys out there on a server without any protection. It may surprise most of the people that many BlackBerry PGP providers use SKM and setup the devices and key stores without any protection of a passphrase.
This situation makes your communications vulnerable and at the mercy of your PGP service provider. Your provider can feel free to toy with your emails at any time for any reason because it has the access to your unprotected key store. You are handcuffed in such situation because you don’t have any password or passphrase to restrict access to your key store. Therefore, SKM is effectively synonymous with unprotected keys and insecure private communications.
In Guarded Key Mode, the key is stored on a server, but is also protected by a passphrase. Your key store is stored and guarded on the server, and hence the name Guarded Key Mode. As the owner of the PGP device, you are the only one who knows the passphrase which is required every time you want to encrypt/decrypt a message, or send/read a message.
Added value users get from GKM is that they can recover their device in case of accidental wipe off due to multiple entries of wrong password. Because a copy of your key is stored on the server, there is no need to change the email address and create a new account. That copy can be used to resuscitate the same account for the client.
Client Key Mode gives the control into the hands of the user as the name suggests. It is the phone itself where keys are stored. Since users are the controllers, they are responsible for their devices in CKM. The biggest downside of this mode is that you can never recover your phone if you enter a wrong password multiple times, as you will lose your keys as well which were stored on the device. In such case, not only your device is gone, but also your subscription. You have to buy a new device and purchase a new subscription of 6 months using a new email address.
A comparison of the two modes shows that Guarded Key Mode is better than Client Key Mode, and we recommend users to go for GKM. GKM is preferable on two counts. It gives you the ability to protect your PGP keys with a private passwords to restrict unauthorized access to your confidential data. Besides, it gives you the added benefit of recovering your device in case of accidental wipe off.