Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Encryption Blog
Showing posts tagged with Ask the Expert
Showing posts in English
Tim_Matthews | 12 Nov 2009 | 0 comments

I'm pleased to announce that, as of today, we are starting a new blog entitled "Ask the Expert." The goal of this thread is to give customers, partners, and others a forum to discuss encryption technology,  solutions, and issues from a somewhat different perspective than we normally do on our current websites. While we will certainly discuss PGP products, this isn't meant to be a replacement for PGP's Customer Support portal which is designed to answer detailed product usage and implementation issues.

Instead we'll discuss questions like:

  • When would should you use PGP Whole Disk Encryption vs. File/Folder Encryption?
  • What exactly is a hash function and why is the industry working so hard to develop new ones?
  • How to PGP Portable and PGP Zip differ functionally and from a security perspective?

We'll also take up non-product related issues...

Doug McLean | 08 Apr 2009 | 0 comments

Q: I have a frustrating issue whereby I can open encrypted files that have been sent to me by another PGP user on email, but when that same user uploads files to an FTP site I cannot decrypt any of the files. Even though it's the same person encrypting them. What's going on here?

A: Whether or not you can decrypt an email or file has nothing to do with the senders key. It depends on whether or not the content is encrypted to your public key. The email  is being correctly encrypted to your public key because the sender is probably using the PGP Email Proxy in PGP Desktop which  automatically selects the key that has the email address to which the message is being sent.  When the sender is encrypting the file prior to placing it on the server s/he is very likely only encrypting to their own public key and not yours.  You'll need to ask the sender to add your public key when encrypting the files. This is...

Doug McLean | 01 Apr 2009 | 0 comments

Q: I want to do an audit of my IT environment to see which machines are encrypted.  I want to make sure the machine's encrypted, not just have PGP installed.

A: The best way to do this is to run a managed environment using PGP Universal. If, however, you're running an un-managed environment there are other ways to check. If you have physical access to the machine, go to the command line and type:  pgpwde --status --disk 0. The response will tell you if the disk is instrumented with bootguard or not which indicates whether or not the disk is encrypted.

If you don't have physical access to the machine in question, but you can access via the 'net, you'll need to use the schtasks.exe command with something like this:

@echo off

Doug McLean | 25 Mar 2009 | 0 comments

Q: After using various encryption solutions, we have chosen PGP as the best solution, but I have a couple of machines causing problems. These machines previously had  another vendor's full disk encryption product installed on them, but they have been decrypted and the software uninstalled. PGP installs fine on the machines, but when Whole Disk Encryption is chosen, they come up with the following error :

'Another whole disk encryption product is installed. Please remove it before trying to encrypt your drive.'

I know that the recommended solution would be to re-image them, but this is going to cause problems with legacy software installed on a few of them. Is there another way round this ?

A: The most common cause of this issue is that the previously installed product was not completely uninstalled. Specifically, unless the system registry entries are cleaned up, PGP Whole Disk Encryption will believe that the...

Doug McLean | 04 Mar 2009 | 0 comments

Q: I'm installing PGP Desktop 9.9 in a fairly large office this week. The boss is hardly ever in the office and the secretary needs to read his email and send email on his behalf. How do you configure PGP Desktop in this situation?

The only option I see is importing the boss's private key into the secretary's PGP desktop but this doesn't feel right. Private keys should be private right? Are there other solutions or is this one the only way to go?

A: This is one way of doing it, but is not recommended because letting someone else have your private key lets them  impersonate you (lets them make your digital signatures).  But, if you want the secretary to be able to sign the email as if she were the boss, there isn't much other choice.  If your concern is more that she be able to decrypt and read his email, you might want to consider making her key an ADK (Additional Decryption Key) for his key - you...