Troubleshooting: Encryption and Decryption with Symantec Drive Encryption

Article:TECH149343  |  Created: 2009-03-19  |  Updated: 2013-10-10  |  Article URL http://www.symantec.com/docs/TECH149343
Article Type
Technical Solution


Subject

Issue



This article details some general troubleshooting steps to use with Symantec Drive Encryption (previously PGP Whole Disk Encryption).


Solution



Symantec Drive Encryption locks down the entire content of a laptop, desktop, external drive, or USB flash drive.  This also includes boot sectors, system files, and swap files.  You can also use Drive Encryption to encrypt just the boot partition or other Windows partitions.  Encryption runs as a background process that is transparent to you, automatically protecting valuable data without requiring you to take additional steps.

General Troubleshooting

Encryption

  1. Incorrect Passphrase - Confirm the passphrase being entered by selecting the Show Keystrokes checkbox. Normally, as an added level of security, the characters you type for the passphrase are not visible on the screen.
     
  2. Internal User Policy - Check the policy for the user. Is the user allowed to perform User-Initiated Whole Disk Encryption? Examine the WDE tab for the user policy to determine user permissions for internal and removable disks.
     
  3. Server Availability - In a managed environment, is the Symantec Encryption Management Server (previously PGP Universal Server) available for the client to send the Whole Disk Recovery Token (WDRT)? Check proxy settings and network connectivity to Symantec Encryption Management Server. Try connecting to the server via Telnet over port 443.
     

Decryption

  1. Is the passphrase correct? Confirm the passphrase being entered by selecting the Show Keystrokes checkbox. Normally, as an added level of security, the characters you type for the passphrase are not visible on the screen.
     
  2. Internal User Policy - Check the policy for the user. Is the user allowed to perform user User-Initiated decryption of disks? Examine the WDE tab for the user policy to determine user permissions for internal and removable disks.
     
  3. Verify Passphrase - Verify the passphrase using the pgpwde command line tool.
     
  4. WDRT - Use the Whole Disk Recovery Token (WDRT) to decrypt the disk. Click here for more information on using a WDRT.
     
  5. PGP Whole Disk Encryption Recovery Disk - Use the recovery disk (bootg.iso) to boot the system and decrypt the disk.
     
  6. Decrypt the disk using another system - Remove the hard disk and slave the disk to another system with PGP Desktop installed to decrypt the disk.

 



Legacy ID



1281


Article URL http://www.symantec.com/docs/TECH149343


Terms of use for this information are found in Legal Notices