File Share Encryption

 View Only

  • 1.  PGP Whole Disk Encryption - Password and key ONLY on USB stick?

    Posted Aug 10, 2012 03:53 AM

    Hi,

    I've installed the 30 days test-version of PGP Whole Disk Encryption. If the encryption is working the way our company wants it to work, we will buy the product for all of our laptops.

     

    So far, I was able to encrypt the whole harddrive of the laptop the test-installation is on. When I start the laptop, the user has to unlock the system with the password. So far, so good.

    What I want, on the other hand, is this: I want the key-file or something stored in a file on a USB-stick. The user has to plug in his USB-stick when he starts the laptop, and the laptop will search for the key-file. As soon as it finds the keyfile, the user has to unlock the laptop with his password. Only then should the user get access to the laptop. This means, the user should ONLY be able to use the laptop when he has got the USB-stick with him. Without the USB-stick, the laptop is encrypted and no one can unlock it.

    Of course, our IT department should be able to have copies of those keyfiles stored on our servers in case of loss of the USB-stick or password.

     

    I didn't find a way to encrypt the laptop the way I described. Is it possible to do it?

    thanks in advance for reading

     

    JN Eberle



  • 2.  RE: PGP Whole Disk Encryption - Password and key ONLY on USB stick?

    Posted Aug 10, 2012 04:21 AM

    You can't do it that way, BUT it looks like you want 2-factor authentication.  You can do 2-factor authentication but you'll need compatible smart cards.

    http://www.symantec.com/docs/TECH148839

    As far as I am aware these are models that have been certified to work, there are other models and brands that will work also, but not guaranteed.  I'd just get yourself one of those to test, it'll work a treat.



  • 3.  RE: PGP Whole Disk Encryption - Password and key ONLY on USB stick?

    Posted Aug 10, 2012 04:31 AM

    This Knowledgebase Article should help.



  • 4.  RE: PGP Whole Disk Encryption - Password and key ONLY on USB stick?

    Posted Aug 10, 2012 05:16 AM

    Thanks for the answers. The way I tried it is just the way that's described in the Knowledgebase Article. For some reason, though, the laptop only longs for the password before booting, and doesn't check if the USB-stick is inserted. It's booting with the right password, even if the USB-stick isn't plugged in ...



  • 5.  RE: PGP Whole Disk Encryption - Password and key ONLY on USB stick?

    Posted Aug 10, 2012 06:46 AM

    Hmm I see what you mean! I just tried it and it still lets me straight in with a passphrase... I don't have a spare machine to try it as an only passphrase either (my machine has my own passphrase set as well as the apparent dual-factor one - could make a difference).