Video Screencast Help
Encryption Blog
Showing posts tagged with Product Q & A
Showing posts in English
Doug McLean | 08 Apr 2009 | 0 comments

Q: I have a frustrating issue whereby I can open encrypted files that have been sent to me by another PGP user on email, but when that same user uploads files to an FTP site I cannot decrypt any of the files. Even though it's the same person encrypting them. What's going on here?

A: Whether or not you can decrypt an email or file has nothing to do with the senders key. It depends on whether or not the content is encrypted to your public key. The email  is being correctly encrypted to your public key because the sender is probably using the PGP Email Proxy in PGP Desktop which  automatically selects the key that has the email address to which the message is being sent.  When the sender is encrypting the file prior to placing it on the server s/he is very likely only encrypting to their own public key and not yours.  You'll need to ask the sender to add your public key when encrypting the files. This is...

Doug McLean | 01 Apr 2009 | 0 comments

Q: I want to do an audit of my IT environment to see which machines are encrypted.  I want to make sure the machine's encrypted, not just have PGP installed.

A: The best way to do this is to run a managed environment using PGP Universal. If, however, you're running an un-managed environment there are other ways to check. If you have physical access to the machine, go to the command line and type:  pgpwde --status --disk 0. The response will tell you if the disk is instrumented with bootguard or not which indicates whether or not the disk is encrypted.

If you don't have physical access to the machine in question, but you can access via the 'net, you'll need to use the schtasks.exe command with something like this:

@echo off
...

Doug McLean | 25 Mar 2009 | 0 comments

Q: After using various encryption solutions, we have chosen PGP as the best solution, but I have a couple of machines causing problems. These machines previously had  another vendor's full disk encryption product installed on them, but they have been decrypted and the software uninstalled. PGP installs fine on the machines, but when Whole Disk Encryption is chosen, they come up with the following error :

'Another whole disk encryption product is installed. Please remove it before trying to encrypt your drive.'

I know that the recommended solution would be to re-image them, but this is going to cause problems with legacy software installed on a few of them. Is there another way round this ?

A: The most common cause of this issue is that the previously installed product was not completely uninstalled. Specifically, unless the system registry entries are cleaned up, PGP Whole Disk Encryption will believe that the...

Bryan Gillson | 11 Mar 2009 | 0 comments

Q: I need to check the encryption status for all attached disk in an shell script.  I thought that pgpwde --enum would give me a current status, but it always appears to say "wde enabled" if the disk is encrypted or not.  Do I also need to use pgpwde --disk-status on each disk?  If so, does the phrase "not instrumented by bootguard" indicate that the disk is not encrypted?

A: In a word, yes, to all of your questions.

--enum only indicates disks that are available

--disk-status has more detail not instrumented is indeed not encrypted.

There are several general states that the disk can be in:

  • not instrumented
  • instrumented
  • encrypting
  • encrypted
  • decrypting

Instrumented is not a state that is evident from the GUI, but is from the command line. It is a state where the disk can have users and state information put onto the disk. You...

Doug McLean | 04 Mar 2009 | 0 comments

Q: I'm installing PGP Desktop 9.9 in a fairly large office this week. The boss is hardly ever in the office and the secretary needs to read his email and send email on his behalf. How do you configure PGP Desktop in this situation?

The only option I see is importing the boss's private key into the secretary's PGP desktop but this doesn't feel right. Private keys should be private right? Are there other solutions or is this one the only way to go?

A: This is one way of doing it, but is not recommended because letting someone else have your private key lets them  impersonate you (lets them make your digital signatures).  But, if you want the secretary to be able to sign the email as if she were the boss, there isn't much other choice.  If your concern is more that she be able to decrypt and read his email, you might want to consider making her key an ADK (Additional Decryption Key) for his key - you...

Doug McLean | 04 Oct 2008 | 0 comments

As a lifelong resident of California I’d be the first to admit that state politics on the left coast can sometimes be a little peculiar.

Last month with the Governor and the Legislature at their traditional impasse over the state budget, the Governor was threatening to veto the budget AND more than 900 other bills if the Legislature voted to over-ride his budget veto. Finally, on September 18 the governor and the legislature agreed on a budget (80 days late). With this piece of business out of the way, Governor Schwarzenegger turned his attention to processing the 896 bills passed by the legislature in the wake of the budget deal.

Unfortunately, this didn’t leave the governor enough time to do the standard due diligence on which bills to sign or veto. In California the governor must do one or other as we have a sort of “reverse pocket veto” law that...