Video Screencast Help
Security Community Blog

Symantec Encryption Desktop Howto - PGP Zip

Created: 30 Nov 2013 • Updated: 01 Dec 2013
InsentraCameronM's picture
+3 3 Votes
Login to vote

Symantec Encryption Desktop (SED) is a PGP client that runs on Windows. SED is a single client that has many functions including:

  • Key management
  • PGP Zip
    • File encryption using keys or passwords
    • Create self-extracting archive files for people who do not use SED
  • PGP Shredder
  • PGP Messaging
    • Email encryption
    • IM encryption
  • File Share Encryption
    • Automatic/seamless encryption of all files in a Windows file share
  • PGP Disk
    • Full disk encryption
    • Partition encryption

Note: SED is compatible with GPG.

In the enterprise you will normally install Symantec Encryption Desktop with a license. However, you can install SED without a license and use it to encrypt, decrypt and sign files as well as use PGP Shredder to securely erase files.

Using SED without a license is a good way to learn about encryption basics. Once you are comfortable with the product I would recommend contacting Symantec, buying some licenses and having a Symantec Encryption Management server stood up. Using Symantec Encryption Management server allows you to easily manage all of your user's keys and the functionality of the SED client on their workstations.

Installing Symantec Encryption Desktop

  1. Download the Symentec Encryption Desktop (SED) client:
  1. Unzip the downloaded file.
  2. Double click on the SED client.
  3. Click OK.
  4. Accept the EULA and click Next.
  5. Click next.
  6. Restart your computer by clicking Yes.
  7. When the computer reboots choose Yes and click Next.
  8. Enter your Name, Organization and email address and click Next.
  9. Choose to configure without a license and click Next.
  10. Click Next.

Note: You only have access to PGP Zip and PGP Shredder if no license is installed.

  1. Select I am a new user and click Next.
  2. On the PGP Key Generation Assistant page click Next.
  3. Enter your name and primary email address and click Next.
  4. Enter a strong passphrase and click Next.

Note: If the passphrase quality is 100% it is equal to 128-bits of entropy. It would take thousands of years to brute force.

  1. Click Next.
  2. Untick Automatically detect my email accounts and click Next.

NB: This functionality is cannot be enabled because no license is installed.

  1. Click Finish.

Reviewing Your Keys in SED

  1. Open SED by either:
  1. Right clicking on the lock icon in the quick launch bar and choosing Open Symantec Encryption Desktop.
  2. Clicking Start > All Programs > Symantec Encryption > Symantec Encryption Desktop.
  1. On the left side of the screen click PGP Keys and then select My Private Keys.
  2. Open your Key properties by:
  1. Expand the priave key.
  2. Right click the envelope and choose Key Properties.
  3. Note the:
    1. ID – Your private key’s unique fingerprint ID. The ID is used to verify a key when you do a key exchange.
    2. Trust – Because you created the key the trust will be Implicit.
    3. Verified – Your private key is signed by your own private key so it is automatically verified.
    4. Expires – Your private key is set to never expire.
  1. Note: That you can also change your private key’s password from this screen.
  2. Close the Key Properties screen by clicking the red X in the top right hand corner of the screen.
  1. Review the signature properties by:
  1. Expand the priave key.
  2. Right click the envelope and choose Key Properties.
  3. Note the:
    1. Signer Name – The name of the person who signed the private key.
    2. Signer KeyID – The ID of the private key that was used to sign this key.
    3. Exportable – Indicates that this private key can be exported.
  1. Click Close.

Export Your Public Key

  1. Open SED by either:
  1. Right clicking on the lock icon in the quick launch bar and choosing Open Symantec Encryption Desktop.
  2. Clicking Start > All Programs > Symantec Encryption > Symantec Encryption Desktop.
  1. On the left side of the screen click PGP Keys and then select My Private Keys.
  2. Right click on your private key and choose:
  1. Mail Recipient – Uses your mail client to send your public key to a recipient.
  2. Export… - To export a public key to disk.
  1. For the export option choose where to save a copy of your public key to.
  1. As a best practice append the key’s ID to the File Name. Using the ID will help you keep track of your keys since you can have different keys with the same names.
  2. Note: You can also export your private key at this stage as well by ticking the Include Private Keys tick box.
  3. Click save.

Note: You can now send/give the exported PUBLIC key to your recipient. The public key can be used by your recipient to encrypt files to you.

Import a Public Key

  1. Open SED by either:
  1. Right clicking on the lock icon in the quick launch bar and choosing Open Symantec Encryption Desktop.
  2. Clicking Start > All Programs > Symantec Encryption > Symantec Encryption Desktop.
  1. Click File > Open.
  2. Choose the public key and then click Open.
  3. Expand the public key.
  4. Click Import.
  5. In the SED client click All Keys and expand the imported public key.

Note: They key indicates that it is not yet verified so it should not be trusted.

  1. Right click the envelope and choose Key Properties.
  2. Confirm the ID with the person who supplied the key.
  3. If the ID they have is the same as the ID you have:
  1. Expand Trust and click Trusted.
  2. Close the Key Properties by clicking the red x in the top right hand corner.
  1. Right click the public key and choose Sign…
  2. Click OK

Note: You can choose to allow the signature to be exported. This helps others know which keys to trust.

  1. Choose the key you will sign with(Has to be private key that you have access to) and click OK.
  2. The key is now verified which means that you can trust it.

Encrypt a File

  1. Use Windows Explorer to find a file that you would like to encrypt.
  2. Right click on the file and choose Add “YourFileName.xxx” to new PGP Zip.

Note: Take a moment to review the other PGP options.

  1. Review the file that you want to encrypt and click Next.

Note: For extra security you can put a tick in the Shred originals tick box to shred the original document.

  1. Choose Recipient keys and click Next.

Note: You can also encrypt with a passphrase. Warning: Exchanging the passphrase has to be done over a secure channel.

Note: For people who do not use PGP you can create a PGP Self-Decrypting Archive.

  1. Find the public key that you would like to encrypt to and click Add and then click Next.

Note: You can encrypt to more than one public key. It

  1. Choose the key that you would like to sign the file with and click Next. The key that you sign with has to be a private key that you have access to. You may be asked to provide your private key’s password. If your password has been cached by SED you will be be asked for it.
  2. Click finish.

Decrpypt a File

  1. Find a file that you would like to decrypt, right click on it and choose Decrypt & Verify “YourEncryptedFile.xxx.pgp”.

Note: Take a moment to review the other PGP options.

  1. SED will open PGP Zip. You can see that the key that was used to sign this file has been verified. You may be asked for the password for the private key that this file was encrypted to. If the password has been cached by PGP you will not be asked.
  1. If you go back to the folder where you decrypted the file you will now see the decrypted file. If the signature could not be verified you should not trust this file as it may have been tampered with.