This guide contains information related to the installation and usage of the PGP Desktop product at The University of Kansas. PGP Desktop is the foundation application for the PGP Whole Disk Encryption product as well as various complementary utilities. The first section contains information that should be read and understood before any installation is attempted. The next section walks the user through the process of installing the software and encrypting the hard drive. The final section describes how to use the other portions of the software package. Parts of this document are taken in whole or in part from the PGP Desktop 9.9 Quick Start Guide and PGP Desktop 9.9 User’s Guide; these parts have been customized for the basic environment within the University.
Installing the PGP Desktop product is a simple process. Users can initiate the process by executing the install package for their operating system. This package can be stored locally, on removable media or even via a network share. Be sure the computer you are attempting to install the software on meets the following requirements.
PGP Desktop Operating Systems:
Apple Mac OS X 10.4.x, 10.5.x (Intel or PowerPC)
PGP WDE Operating Systems:
Mac OS X 10.4.10 or later on Intel-based systems only
Memory (RAM):
512 MB RAM 64 MB hard drive space
Certain other disk protection software products are incompatible with PGP WDE and can cause serious disk problems, up to and including loss of data. Please note the following known interoperability issues, and please review the PGP Desktop Release Notes for the latest updates to this list.
Software that is not compatible:
The following programs will co-exist with PGP Desktop on the same system, but will block the PGP Whole Disk Encryption feature:
The PGP Desktop product contains a suite of encryption tools. Here is a quick list of the features added after the PGP product is installed.
You can use this feature to protect the entire contents of your system and/or an external hard drive or USB flash drive that you specify. Boot sectors, system files, and swap files are all encrypted. Encrypting your entire drive(s) means you do not have to worry if your computer is lost or stolen: to access your data, an attacker would need the appropriate passphrase to gain access to the data.
This feature uses part of your hard drive space as an encrypted virtual disk volume with its own drive letter. You can create additional users for a volume so that people you authorize can also access the volume. A PGP Virtual Disk is the perfect place for storing your sensitive files; it is as if you have stored them in a safe. When the door of the safe is open (when the volume is mounted), you can change files stored in it, take files out of it, and move files into it. When the door of the safe is closed (when the volume is unmounted), all the data on the volume is protected.
This feature allows you to create and manipulate encrypted Zip files. These archives can be constructed so that only the intended recipients can access the contents, so that anyone who knows the pass phrase can access the contents (optionally on a system that does not have PGP Desktop installed), or the contents can simply be “signed” to permit the recipients to validate that the contents have not been changed.
Completely destroys files and folders so that even file recovery software cannot recover them. Deleting a file using the Apple Trash Bin does not actually delete it; rather, the file remains on your drive and eventually gets overwritten. Until the file is overwritten, an attacker can easily recover the file sitting in the trash bin. PGP Shredder, in contrast, immediately overwrites files multiple times. This is so effective that even sophisticated disk recovery software cannot recover these files. This feature can also completely wipe free space on your drives so your deleted data is truly unrecoverable.
PGP Corporation recommends the following best practices for preparing to encrypt your disk with PGP WDE. Please follow the recommendations below to protect your data during and after encryption.
PGP WDE feature protects desktop or laptop disks (either partitions, or the entire disk), external disks, and USB flash disks. Writable CDs and DVDs are NOT supported.
Before you encrypt your disk, be sure to backup the disk and securely store it so that you won’t lose any data if your laptop or computer is lost, stolen, or you are unable to decrypt the disk.
If PGP WDE encounters disk errors during encryption, it will pause the encryption process so you can repair the disk errors. However, it is more efficient to repair errors before you initiate encryption.
PGP Corporation deliberately takes a conservative stance when encrypting drives, to prevent loss of data. It is not uncommon to encounter Cyclic Redundancy Check (CRC) errors while encrypting a hard disk. If PGP WDE encounters a hard drive or partition with bad sectors, PGP WDE will, by default, pause the encryption process. This pause allows you to remedy the problem before continuing with the encryption process, thus avoiding potential disk corruption and lost data. To avoid disruption during encryption, PGP Corporation recommends that you start with a healthy disk by correcting any disk errors prior to encrypting.
Before you attempt to use PGP WDE, use a third-party scan disk utility that has the ability to perform a low-level integrity check and repair any inconsistencies with the drive that could lead to CRC errors. These software applications can correct errors that would otherwise disrupt encryption.
****As a best practice, highly fragmented disks should be defragmented before you attempt to encrypt them.
Because encryption is a CPU-intensive process, encryption cannot begin on a laptop computer that is running on battery power. The computer must be on AC power. If a laptop computer goes on battery power during the initial encryption process (or a later decryption or re-encryption process) PGP WDE pauses its activity. When you restore AC power, the encryption or decryption process resumes automatically. Regardless of the type of computer you are working with, your system must not lose power, or otherwise shut down unexpectedly, during the encryption process.
Do not remove the power cord from the system before the encryption process is over.
The following sections show the installation process step by step. The instructions are arranged in a side-by-side presentation, with an image of what you should see next to written notes and the actions to perform during each step. Clicking on most images will present a larger version.
Originally adapted by the University of Kansas from "OSU Windows User Guide for PGP Desktop"(v1.2), with permission from The Ohio State University, Columbus, Ohio 43210