HOW TO: Use PGP Whole Disk Encryption

Article:HOWTO41896  |  Created: 2006-02-17  |  Updated: 2011-02-16  |  Article URL http://www.symantec.com/docs/HOWTO41896
Article Type
How To




This article describes how to encrypt a whole disk with PGP Desktop 9.x for Windows 2000, XP, and Windows Vista.


The following instructions demonstrate how to prepare and encrypt your disk drive(s).

 

Note: Prior to encrypting your disk drives, it is recommended that you perform disk maintenance to optimize your system for encryption. This may include scanning the disk for errors, or defragmenting the disk drive.


 

Encrypt Disk Drive(s) with a Passphrase User

To encrypt a disk with a passphrase, do the following:

 

  1. Open PGP Desktop.
  2. Pull down the View menu and click PGP Disk. You may also locate the PGP Disk Control box in the lower left and click Encrypt Whole Disk.
  3. After the PGP Disk work area appears to the right, begin by selecting the drive you wish to encrypt.
  4. Secure the disk with Passphrase User.
  5. Enter a Username.
  6. Enter and confirm a Passphrase.

    Caution: It is recommended that you select a passphrase difficult to guess, but easy for you to remember. If this is your boot disk, you will not be able to boot the system if you do not know the passphrase.

     
  7. Click Start to encrypt the drive.

Encrypt Disk Drive(s) with a Public/Token Key User

If you are whole disk encrypting a fixed drive on your system, only a PGP keypair on an Aladdin eToken Pro USB token can be used. If you are encrypting a non-fixed drive, you may select either a public key or a token key user.

To encrypt a fixed disk with a token key, do the following:

 

  1. Connect the eToken.
  2. Open PGP Desktop.
  3. Pull down the View menu and click PGP Disk. Locate the PGP Disk Control box on the left pane of the PGP Desktop main screen, and select Encrypt Whole Disk.
  4. Secure the disk with a Token Key User.
    NOTE: If the eToken is not connected, no suitable keys will be found.
  5. Once you have selected the key found on the token, click Start.
  6. Enter the passphrase of the private key stored on the token, and click OK.

    Caution: If this is your boot disk, you must enter the passphrase (PIN) of the token to boot the system. Be very certain you know the passphrase of the token before encrypting the boot drive.

     

To encrypt a non-fixed disk with a public/token key, do the following:

 

  1. Connect the eToken, if necessary.
  2. Open PGP Desktop.
  3. Pull down the View menu and click PGP Disk. Locate the PGP Disk Control box in the lower left and click Encrypt Whole Disk.
  4. Select the radio button to secure the disk with a Public Key User and select a key from the list of public keys available.
  5. Once you have selected the key, click Start.
  6. If this is a token, enter the passphrase of the private key and click OK.

    If this is a token key, you will need to enter the passphrase (PIN) of the token to access the encrypted drive.

Add a User to an Encrypted Whole Disk

You may add a public key, passphrase, or token key user to an encrypted PGP Whole Disk. If you are adding a user to an encrypted fixed drive, you may only add a passphrase or Aladdin eToken user. Public key users may only be added to non-fixed encrypted disks. Token Key User To add a token key user, do the following:

 

  1. Open PGP Desktop.
  2. Locate the PGP Disk Control box on the left pane of the PGP Desktop main screen.
  3. Select the encrypted whole disk you wish to add a user to.
  4. Under the "User Access" section within the work area, click Create User.
  5. Unlock the disk by entering your passphrase. Click OK.
  6. Select Token Key User and click Next. For a non-fixed drive, select Public Key User and you will find the token key among the other public keys in the list.
  7. Select a token key from the list and click Next.
  8. Enter the passphrase of the private key and click OK.
  9. Click Finish. The new token key user will then be added.

Public Key User To add a public key user, do the following:

 

  1. Follow steps 1-5 in the Token Key User section above.
  2. Select Public Key User and click Next.
  3. Select a key from the list and click Next.
  4. Click Finish. The new public key user will then be added.

Passphrase User To add a passphrase user, do the following:

 

  1. Follow steps 1-5 in the Token Key User section above.
  2. Select Passphrase User, enter a Username, and click Next.
  3. Enter and confirm the Passphrase and click Next.
  4. Click Finish. The passphrase user will then be added.

Delete a User from an Encrypted Whole Disk

To delete a user, do the following:

 

  1. Open PGP Desktop.
  2. Locate the PGP Disk Control box on the left pane of the PGP Desktop main screen.
  3. Select the encrypted whole disk you wish to delete a user from.
  4. Under the User Access section within the work area, select the user you wish to remove, and click Delete User.
  5. Enter the passphrase to unlock the disk.

    If only one passphrase user is present, you will not be able to delete the user.

Legacy ID



69


Article URL http://www.symantec.com/docs/HOWTO41896


Terms of use for this information are found in Legal Notices