HOW TO: Decrypt Disk Using a Whole Disk Recovery Token (WDRT)

Article:HOWTO42116  |  Created: 2009-12-15  |  Updated: 2011-02-06  |  Article URL http://www.symantec.com/docs/HOWTO42116
Article Type
How To




This article details how to decrypt a disk using a Whole Disk Recovery Token (WDRT).



In PGP Universal Server managed environments, administrators can enable Whole Disk Recovery Tokens (WDRT) for PGP Desktop clients which allow users to authenticate encrypted hard disks if the user forgets their passphrase.

Whole disk recovery tokens are associated with encrypted devices, not single computers or single users. A single computer can be associated with multiple encrypted devices. If multiple users have accounts on the same device, they share the same whole disk recovery token. Whatever you do with the token affects all users sharing that device.

If necessary, you can use a Whole Disk Recovery Token (WDRT) to authenticate and decrypt the disk via the command line. Decrypting the disk via the command line is advantageous when connecting (slaving) a disk to another system in the event of a hardware failure.

Note: This feature is available in PGP Desktop 9.9 and above.

To use a WDRT via the command line to decrypt a slaved disk

Windows XP

  1. Click Start>Run.
  2. Type cmd in the Open field and click OK.
  3. Change to the following directory: C:\Program Files\PGP Corporation\PGP Desktop
  4. Determine the disk number by typing pgpwde --enum
  5. Press Enter.
  6. Verify the WDRT of the authorized user of the disk by typing pgpwde --disk <Disk #> --verify-user --rt <Whole Disk Recovery token>
  7. Decrypt the disk using a WDRT by typing pgpwde --disk <Disk #> --decrypt --rt <Whole Disk Recovery token>

    Example:

    pgpwde --disk 2 --decrypt --rt 91J56-ZGYE1-25F06-HUT4V-CQUK2-YJE

  8. Press Enter.
Windows Vista & Windows 7

  1. Click Start>Run.
  2. Type cmd in the Start Search field.
  3. Click cmd from the list of Programs.
  4. Change to the following directory: C:\Program Files\PGP Corporation\PGP Desktop
  5. Determine the disk number by typing pgpwde --enum
  6. Press Enter.
  7. Verify the WDRT of the authorized user of the disk by typing pgpwde --disk <Disk #> --verify-user --rt <Whole Disk Recovery token>
  8. Decrypt the disk using a WDRT by typing pgpwde --disk <Disk #> --decrypt --rt <Whole Disk Recovery token>

    Example:

    pgpwde --disk 2 --decrypt --rt 91J56-ZGYE1-25F06-HUT4V-CQUK2-YJE

  9. Press Enter.

Legacy ID



1829


Article URL http://www.symantec.com/docs/HOWTO42116


Terms of use for this information are found in Legal Notices