Import a PGP WDE Administrator Key for PGP Whole Disk Encryption Workgroup Edition

Article:TECH149320  |  Created: 2009-03-11  |  Updated: 2011-02-06  |  Article URL http://www.symantec.com/docs/TECH149320
Article Type
Technical Solution


Issue




The PGP WDE administrator key has several purposes. During client installation, it is used to encrypt the WDRTs during the client installation process. After deployment, it is used for administrator access to the WDRTs, as well as providing an additional means of access (in combination with smart cards or tokens) to locked systems.


Solution




Importing a PGP WDE Administrator Key

Use this procedure to import a public key to use to access any whole disk encrypted systems. You may need to do this if a user is unable or unwilling to log in to the system.

If you want to add or change the administrator key post deployment, you must create a new .MSI file and re-deploy PGP Whole Disk Encryption. Therefore, PGP Corporation recommends importing the desired key before you begin creating .MSI files with PGP Whole Disk Encryption Controller.

Note: To import a administrator key, you must have a system with PGP Desktop installed to create the administrator key.

If you don't already have an existing installation of PGP Desktop to use to create the keypair, you can download a PGP Desktop 9.10 installer from the Licenses and Entitlement Manager System (LEMS) and install the software using your PGP Whole Disk Encryption license.

The PGP Desktop installer is posted with PGP Whole Disk Encryption Workgroup Edition in the PGP WDE Workgroup Edition section of the Download Center on LEMS.

To import a public key to use as an administrator key:

1. Create a key (for example, AdminSales) using PGP Desktop.

Do not specify a preferred keyserver for this key. If you do specify a keyserver on the key, you need to upload and publish the key to the specified keyserver.

2. Export the PGP public key.

3. Launch the PGP Whole Disk Encryption Controller executable, and then click Import, then do one of the following:

  • Select Import Public Key File, Browse to navigate to the file of the public key you are importing (use PGP Desktop to create this file if it does not already exist), select the file, click Open, then click Import.

  • Select Import Public Key Block, then paste the key block of the public key you are importing, then click Import.
4.Copy the key to a smart card or token using PGP Desktop. The same key can be copied to multiple tokens. Each token should have its own unique PIN.

Note: To access the whole disk encrypted drive via the token-based user, the key must be on a supported token/smart card. Use PGP Desktop to either create a keypair on or copy a keypair to a supported token/smart card.

The administrator key will also be used to encrypt users Whole Disk Recovery Tokens stored on the network share used by the PGP Whole Disk Encryption Controller.



Legacy ID



1249


Article URL http://www.symantec.com/docs/TECH149320


Terms of use for this information are found in Legal Notices