HOW TO: Decrypt a Partition using the pgpwde Command-line Utility

Article:TECH149110  |  Created: 2008-01-29  |  Updated: 2012-10-03  |  Article URL http://www.symantec.com/docs/TECH149110
Article Type
Technical Solution


Issue




The pgpwde command-line program gives you access to PGP Whole Disk Encryption functionality using a command-line interface.

Accessing PGP Whole Disk Encryption functions from the command line is useful for troubleshooting problems, or if the graphical user interface is not available. This article details how to decrypt a partition using the pgpwde command-line program.

 


Solution



Section 1 will discuss some symptoms that users with Whole Disk Encrypted disk problems may encounter. Section 2 gives procedures for using the PGPWDE command line interface. The third section details use of the PGP Whole Disk Recovery Disk.

Note: If a system hard disk has been "fully" decrypted, and will not boot, users should run the fixmbr command from the Windows Recovery Console from a Windows XP installation CD.

 
SECTION 1 - Symptoms
On rare occasions internal or external disks that are PGP Whole Disk Encrypted may experience the following issues:
  • Inability to decrypt or read the contents of a secondary or non-system disk.
  • System displays "Error loading operating system_" after entering the passphrase at the PGP BootGuard login screen.
  • Master Boot Record (MBR) corruption causing the system to no longer boot.
  • After starting the system with the hard disk encrypted to a passphrase and an eToken, valid passphrases are not accepted.
1. Users able to access their PGP WDE disk from Windows should proceed to Section 2.

2. Users unable to access their disk from Windows or who are unable to boot should see Section 3.
 
SECTION 2 - PGPWDE Command Line 
The following commands will help diagnose and decrypt the disk. Other commands can be listed by typing pgpwde --help.

1. To begin working with the PGPWDE interface open a command prompt and change to the PGP installation directory (default directory shown) C:\Program Files\PGP Corporation\PGP Desktop.

2. To list all installed hard disks in the system type: pgpwde --enum. Entering this command will give us a list of disks with numbers we will use in the next few steps.

3. Now type pgpwde --status --disk 1. Substitute the PGP WDE disk number listed in the previous step for the number 1 in the command if different. The output of this command will tell us whether the disk is still encrypted.
  • If the disk is not encrypted, "Disk 1 is not instrumented by bootguard" will be the output.
  • If the disk is encrypted, the output will display:
   "Disk 1 is instrumented by Bootguard."
   The total number of sectors.
   A Highwater value (number of sectors encrypted).
   Whether the current key is valid.
4. Type pgpwde --list-user --disk 1. This will tell us the user information contained on the disk. This will help in multi-user environments to determine which user passphrase was used to implement WDE.

5. Type pgpwde --decrypt --disk 1 --passphrase {MYPASSWORDHERE.EN_US}. This will start the decryption process. To view progress, type the status command listed in step 3 and note the Highwater number, this number will get smaller and smaller as the number of sectors encrypted decreases.
 
SECTION 3 - Using the PGP Recovery Disks (bootg.iso or bootg.img)

Warning: Use of the PGP Recovery Disks should be used as the last step when attempting recovery. Should there be a power loss while decrypting with the recovery disk, the result to the disk could be fatal and non-recoverable. It is also highly recommended to use the latest PGP Recovery Disk available for the version of PGP Desktop you are running..

 

Caution: Users with extended partitions on their hard disks that were Whole Disk encrypted should ONLY use the latest available Recovery disk. Prior versions could cause these partitions to no longer be visible to Windows after fully decrypting the disk.

Once you have started to decrypt a disk or partition using a recovery disc or diskette, do not stop the decryption process. Depending on the size of the disk being decrypted, this process can take a long time. A faster way to decrypt the drive is to use another system that has the same version of PGP Desktop installed on it.


Use the Recovery Disk with the following instructions if experiencing blue screen failures at boot up:

1. Boot with PGP Recovery Disk.

2. Do not continue with the normal sequence of entering a passphrase.

3. Go to the "Advanced" panel.

4. This message "PGPWDE record inconsistency on 1 disk(s) was found and fixed" might be displayed. If this message is seen, the BSOD (blue screen failure) will be fixed.

5. Return back to the previous screen and continue boot from recovery CD. Rebooting without the Recovery Disk in the drive is also okay.

Use the Recovery Disk with the following instructions should the system not boot into Windows for any other reasons:
  • The PGP Desktop for Windows User's Guide provides instructions for creating recovery disks.
  • Booting from the recovery disk will give the option to either decrypt the PGP Whole Disk or to continue loading Windows, provided the necessary information (one of the session keys used to encrypt the drive) can be found.
1. Enter a passphrase when prompted, and hit any key to continue booting Windows.

2. If this is not possible, reboot the machine, enter the passphrase when prompted and select D to decrypt the drive. The Decryption process, when executed from the Recovery disk, takes considerably longer than it does from within Windows.

To decrypt a disk via the command-line which is partition encrypted, use the following steps:

 

  1. On your PC, click Start>Run
  2. Type cmd in the text field and click OK
  3. Change to the following directory: C:\Program Files\PGP Corporation\PGP Desktop
  4. To begin to decrypt the disk, type the following at the command prompt:

    pgpwde --decrypt --passphrase "passphrase" --disk 0 --partition 1

 

The partition number can be determined by typing the following at the command prompt: pgpwde --enum
 

Note: To decrypt all partitions on the disk use the following command:

pgpwde  --decrypt  --passphrase "passphrase"  --disk 0  --all-partitions

 


After executing the command, open PGP Desktop and the graphical user interface will display the decrypting status of the disk.

 

 



Legacy ID



887


Article URL http://www.symantec.com/docs/TECH149110


Terms of use for this information are found in Legal Notices