File Share Encryption

 View Only

  • 1.  PGP WDE desktop for key's login account stored in tpm

    Posted Dec 13, 2011 11:47 AM

    By the guide for the version 10.0.3 of PGP desktop, is possible to configure the volume encryption with passprhase ( or multifactorial ) authentication with support of TPM 1.2 ( intended that the TPM 1.2 store in encrypted way the key of volume encryption ).

    On page 166 and 179 is said that is possible also to configure the Windows 7 login account ( that lead to the desktop ) with Single Sign On, that,  with the only one volume authentication that replace the Windows 7 login account password.

    I want to configure besides the volume encryption-authentication ( that ask an authentication through a password that unseal the key stored encrypted on TPM 1.2 ) a windows login account through a password ( different by authentication's volume password ) stored in TPM 1.2 and encrypted by TPM 1.2.

    does it possible?

    regards



  • 2.  RE: PGP WDE desktop for key's login account stored in tpm

    Posted Dec 14, 2011 04:06 PM

    This may help you:

    http://www.symantec.com/business/support/index?page=answerlink&url=http%3A%2F%2Fwww.symantec.com%2Fbusiness%2Fsupport%2Findex%3Fpage%3Dcontent%26id%3DHOWTO42084%26actp%3Dsearch%26viewlocale%3Den_US&answerid=16777218&searchid=1323896581572

    http://www.symantec.com/business/support/index?page=answerlink&url=http%3A%2F%2Fwww.symantec.com%2Fbusiness%2Fsupport%2Findex%3Fpage%3Dcontent%26id%3DTECH149017%26actp%3Dsearch%26viewlocale%3Den_US&answerid=16777221&searchid=1323896581572

     

    Please mark post as solution if your questions were addressed.



  • 3.  RE: PGP WDE desktop for key's login account stored in tpm

    Posted Dec 15, 2011 12:12 PM

    Julian_M,

    i found your reply veru useful.

    For further clearness i explain again what i want to do.

    i want to configure two different authentication method with PGP WDE desktop/professional, without Single-Sign-On after the boot process in o.s. Windows Seven Ultimate.

    the first one, for volume encryption, where the volume is unsealed after that the user types the password or wipes own finger on fingerprint reader, that unseal the volume's key stored encrypted in tpm ( the tpm store the volume's key encrypted ).

    the second one method, for Windows login account ( with user right ) always with PGP WDE desktop/professional, where the user must to type a second password different by first one ( then without Single Sign-On ) or to wipe for second time the finger on the reader that unseal the login account's second key encrypted in tpm.

    In this way the tpm store encrypted two different key, the volume ecnryption's key and the login account's key, that will not be stored in sam system file ( protected by syskey ), that will be unsealed by two different password or two different finger wipes.

    does it possible?