HOW TO: Enable AES-128 bit for PGP Whole Disk Encryption in a PGP Universal Server 2.12 Environment

Article:TECH149717  |  Created: 2010-01-28  |  Updated: 2013-06-11  |  Article URL
Article Type
Technical Solution


This article details how to configure PGP Desktop 10 clients to use AES 128 for PGP Whole Disk Encryption in a PGP Universal 2.12 server managed environment. 

Note: This article pertains to a version of PGP Universal Server that has reached an End of Life(EOL) and End of Support Life(EOSL). For more information on the End of Support Life dates for PGP Software products see the following article.


PGP Universal Server 2.x

PGP Desktop 10.x or newer


Beginning with PGP Desktop 10, administrators can configure PGP Desktop clients to use AES-128 as the encryption algorithm for PGP Whole Disk Encryption (PGP WDE).  This can be done to improve performance of the drive where an lesser encryption algorithm is not a concern. This is accomplished by editing the advanced preferences of PGP Desktop for the client policy.

By default the encryption algorithm used by PGP WDE is AES-256. The hashing algorithm is SHA-1.

To update the clients to use AES-128


  1. Log in to the PGP Universal Server administrative interface.
  2. Click Policy > Internal User Policy then select the desired user policy.
  3. On the Policy Options: screen for the policy select the Advanced tab.
  4. Click Edit Preferences.
  5. In the Pref Name field, type wdePreferredCipher.
  6. For Type, select Integer.
  7. In the Value field, type 7.

Note: The following Integer encryption algorithm values used by PGP Whole Disk Encryption. If you want to reset the client encryption algorithm to use AES 256, set the value for wdePreferredCipher to 9 and click Save.


  • 7 = AES-128
  • 9 = AES-256


  1. Click Save to update the client preferences.

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices