Topics Map > Security > Encryption > PGP Desktop
What is PGP Desktop Encryption?
This article details PGP desktop encryption.
Your data deserves protection. The UIC license for PGP Desktop Encryption provides easy to use and secure encryption to protect sensitive data on your laptop or desktop computers. Laptops are easily lost, and even desktop computers can be stolen. PGP Desktop Encryption also includes a secure shredder, to really delete files you want to delete. A major motivation for using PGP WDE is to fulfill HIPAA requirements.
Why You Want to Use PGP Desktop Encryption
You may have heard of PGP -- Pretty Good Privacy -- in the context of encrypting electronic mail and email attachments, and digitally signing email messages. That is not what the UIC license for PGP Desktop is for. PGP Desktop provides easy to use and secure encryption to protect sensitive data on your laptop, PC, or removable media. Laptops and flash drives are easily lost, and even desktop computers can be stolen. PGP Desktop also includes a secure shredder, to really delete files you want to delete.
The UIC license for PGP centers on PGP Whole Disk Encryption, PGP WDE, which securely encrypts the entire contents of your laptop or desktop, including boot sectors, system, and swap files. After you install PGP Desktop on your computer, PGP Whole Disk Encryption will automatically run on its hard drive. After your hard disk is encrypted, you must login to PGP before you can boot the computer. Operating system login bypass tricks won't work.
After you authenticate and your computer boots, PGP's encryption is always on, automatically protecting your data. But it is also transparent. This "transparency" means that your computer works exactly as it always did after you boot, but it also means that the files you use are not protected when your computer is on, after you authenticate with PGP. So there are three additional things you need to do to protect your computer:
- Turn your computer off when you are transporting it, so that it will be protected from booting without logging into PGP.
- Make sure you turn password protection on for when your computer goes to sleep. This does not provide the protection that PGP Bootguard does, but it will keep casual intruders from accessing your computer while it is asleep. (Note that if you use Hibernate on Windows machines rather than Sleep, PGP WDE will protect your computer when it wakes. However, not all Windows computers support or are set up so that they can Hibernate. (You can tell see whether Hibernate is a Shutdown option in the Start menu; Search in Help and Support on Windows for "hibernate" for more information.)
- Use PGP Virtual Volumes to protect sensitive date on your disk. Use PGP Desktop to create PGP Virtual Volumes, and store your data these PGP-encrypted virtual volumes on your hard disk. These volumes will provide an added layer of security to protect sensitive data while your system is powered on.
The ACCC is running a PGP Universal Key Server, in which your PGP key is protected with your UIC Active Directory ID and password, which is your UIC NetID and your ACCC common password.
What Am I Installing?
The software that you install is called PGP Desktop, but the UIC license for PGP Desktop includes only the PGP Whole Disk Encryption (PGP WDE) parts of PGP Desktop. The PGP Corporation's PGP Whole Disk Encryption Quick Start Guides:
have instructions on how to use these parts of PGP Desktop:
PGP Whole Disk Encryption (PGP WDE) You can use PGP WDE to lock down the entire contents of your system or an external or USB flash drive. Boot sectors, system files, and swap files are all encrypted. Whole disk encrypting your boot drive means you do not have to worry if your computer is lost or stolen: to access your data, an attacker would need your PGP WDE "passphrase", provided that the computer is not already booted.
PGP Bootguard is the name of the part of PGP Desktop that allows you to login to your computer after PGP WDE has encrypted your computer's hard drive.
PGP Virtual Disk volumes allows you to define part of your hard drive space as an encrypted virtual disk volume that you mount with its own drive letter. When a PGP Virtual Disk is mounted -- open-- you can use it and the data in it like you would use any other drive. But when the volume is not mounted, all the data on the volume is protected with PGP Bootguard.
PGP Zip allows you to create an encrypted, compressed, portable archive from any combination of files and folders. PGP Desktop must be installed on a system to create or open a PGP Zip archive. You can use a PGP Zip archive to send data to other people securely or to back it up securely.
PGP Shredder completely destroys files and folders that you delete so that even file recovery software cannot recover them. When you delete a file using the Recycle Bin (on Windows systems) or Trash (on Mac OS X systems), it is not actually deleted; just the directory information pointing to it is deleted. PGP Shredder, however, immediately overwrites file's data multiple times.
The ACCC runs a PGP Universal Server for UIC. The PGP Universal Server provides central administration of PGP encryption applications, creation and delivery of configuration policy, reporting and logging, and management of PGP private and public keys.
The UIC license for PGP Desktop does not include PGP Desktop Email (which encrypts, signs, decrypts, and verifies email and Instant Messages) or, for Windows, PGP NetShare (for sharing protected files). PGP Viewer and PGP Zip, respectively, which we do have, can help with these tasks.
Because the ACCC PGP Universal Server manages the campus's public and private keys, our PGP Desktop does not come with PGP Key Management.
PGP Endpoint, which offered additional encryption of data on removable storage and portable devices, is no longer available. We are testing its replacement and will make it available as soon as possible.
Added Security is Necessary When the Computer is Running
The biggest problem with PGP WDE is even though the data on your hard drive is encrypted, after you log in with PGP Bootguard, your data is freely accessible. Making sure that everyone uses a login password and has that password activated when the computer wakes up from sleep or the screensaver can help with that problem.
However, on Windows, if you use Hibernate rather than Sleep, when your computer turns itself off, PGP WDE will protect your computer when it wakes. But not all Windows computers support or are set up so that they can Hibernate. To tell whether yours is, check to see whether Hibernate is a Shutdown option in the Start menu. Even if it isn't, you might be able to turn it on. Search in Window's Help and Support for "hibernate" for more information.
But the best/easiest solution to protect your laptop when you are transporting it or it is out of your control is to shut it down.
It is also a good idea to use PGP Virtual Disk volumes to protect the sensitive data on your computer, and only mount the virtual disk when you actually need to use that data. PGP Virtual Disk volumes will continue to protect your data even after you boot your computer if you only mount them when you are actually using the data.