HOW TO: Enable AES-128 bit for PGP Whole Disk Encryption in a PGP Universal Server 2.12 Environment (EOL)
|Article:TECH149717|||||Created: 2010-01-28|||||Updated: 2013-04-08|||||Article URL http://www.symantec.com/docs/TECH149717|
This article details how to configure PGP Desktop 10 clients to use AES 128 for PGP Whole Disk Encryption in a PGP Universal 2.12 server managed environment.
Notice: PGP Universal Server is now End Of Life as of April 1st 2012. This document is left around for historical purposes.
PGP Universal Server 2.x
PGP Desktop 10.x or newer
Beginning with PGP Desktop 10, administrators can configure PGP Desktop clients to use AES-128 as the encryption algorithm for PGP Whole Disk Encryption (PGP WDE). This can be done to improve performance of the drive where an lesser encryption algorithm is not a concern. This is accomplished by editing the advanced preferences of PGP Desktop for the client policy.
By default the encryption algorithm used by PGP WDE is AES-256. The hashing algorithm is SHA-1.
To update the clients to use AES-128
- Log in to the PGP Universal Server administrative interface.
- Click Policy > Internal User Policy then select the desired user policy.
- On the Policy Options: screen for the policy select the Advanced tab.
- Click Edit Preferences.
- In the Pref Name field, type wdePreferredCipher.
- For Type, select Integer.
- In the Value field, type 7.
|Note: The following Integer encryption algorithm values used by PGP Whole Disk Encryption. If you want to reset the client encryption algorithm to use AES 256, set the value for wdePreferredCipher to 9 and click Save.
- Click Save to update the client preferences.
Article URL http://www.symantec.com/docs/TECH149717