HOW TO: Whole Disk Encrypt using PGP Desktop 9.5 for Macintosh

Products

Symantec Products

Issue/Introduction

Resolution

PGP Whole Disk Encryption support for removable and non-boot fixed disks was added for Macintosh OS X in PGP Desktop 9.5. This article provides instructions for how to protect a disk with PGP Whole Disk Encryption.

HOW TO: Protect disks with PGP Whole Disk Encryption

Here are some things to consider before you begin using PGP Whole Disk Encryption:

1. The larger the disk or partition being encrypted, the longer the encryption process takes. Other factors that may affect encryption speed are, among others:

The size of the disk or partition.
The processor speed and number of processors.
The number of system processes running on the computer.
The number of other applications running on the system.
The amount of processor time those other applications require.

2. Generally, with an average system, an 80 GB boot disk or partition takes approximately three hours to encrypt using PGP Whole Disk Encryption (when no other applications are running). A very fast system, on the other hand, can easily encrypt such a disk or partition in less than an hour.

3.Your system is somewhat slower than usual during the encryption process, although it is fully usable. It returns to normal operation when the encryption process is complete. PGP Desktop automatically slows the encryption process if you are using the system.

4. The encryption process is faster if you avoid using your computer during the initial encryption. If you decide to run other applications during the encryption process, those applications will probably run slightly slower than normal until the encryption process is over.

5. You can hide PGP Desktop during encryption. This does not affect the process.

6. To stop the encryption process for a short time, use the Stop button, then click Pause in the dialog box. You need to authenticate after you click Resume.

7. To shut down the system before the encryption process is over, perform a normal shutdown. You do not need to pause the process. When you restart, the encryption process resumes where it left off.

8. Encryption cannot begin on removable disk connected to a laptop computer if the laptop is running on battery power. It must be running on AC power. If a laptop computer goes on battery power during the initial encryption process (or a later decryption or re-encryption process) the activity is paused. When AC power is restored, the encryption, decryption, or re-encryption process resumes automatically.

9. Regardless of the type of computer you are working with, your system must not lose power, or otherwise shut down unexpectedly, during the encryption process. Do not remove the power cord from the system before the encryption process is over.

Protecting a Disk with PGP Whole Disk Encryption:

To protect a disk or partition using the PGP Whole Disk Encryption feature:

Open PGP Desktop and click on the PGP Disk item. The PGP Disk screen appears.
Click Encrypt a Disk.
The Encrypt Whole Disk screen appears, showing a listing of disks on your system that can be protected.
From the Select an external disk list, click on the disk or partition you want to protect.
In the Secure with section, specify how you want to access your protected disk or partition:

A. Select Passphrase, then click Continue.

B. The Add PGP Whole Disk User screen appears. Type a Name (or accept the default name), then type the desired passphrase in the Enter your passphrase field, and then type it again in the Confirm your passphrase field. To see your passphrase as you type, select Show Keystrokes.

C. Click Continue.

D. The PGP Whole Disk Encryption Summary screen appears, showing you a summary of how your disk is going to be encrypted. Review the information, then click Encrypt.

E. The encryption process begins.

Public Key User -If you want to protect your disk or partition with a public key:

A. Select Public Key, then click Continue.

B. The Add PGP Whole Disk User screen appears. Select a key from the drop-down list, then click Continue.

C. The Enter Passphrase dialog appears. Type the passphrase for the key you selected, then click OK.

D. The PGP Whole Disk Encryption Summary screen displays, showing you a summary of how your disk is going to be encrypted. Review the information, then click Encrypt.

E. The encryption process begins.
Click Close. The PGP Desktop screen appears; the encryption process continues in the background.
You can click Stop during the encryption process to temporarily stop the process. The Encryption is not complete dialog appears.
You can Pause the encryption process, Decrypt the portion of the disk/partition that is already encrypted, or Cancel to close the dialog and continue with the encryption process.
When the encryption process completes, the disk properties for the encrypted disk/partition appear.

Note: The Passphrase Quality bar provides a basic guideline for the strength of the passphrase you are creating by comparing the estimated amount of entropy in the passphrase you enter against a true 128-bit random string (the same amount of entropy in an AES128 key). Filling the Passphrase Quality bar should give you a strong passphrase that could take billions of years to brute-force decrypt.

Normally, as an added level of security, the characters you type for the passphrase are not visible on the screen. However, if you are sure that no one is watching and you would like to see the characters of your passphrase as you type, select the Show Keystrokes checkbox.

If the encryption process stops and PGP Desktop indicates a disk read/write error, it means that PGP Desktop has encountered bad sectors on your disk or partition during the encryption process. Immediately reverse the encryption process by decrypting the portion of the disk or partition that has been encrypted, then use your disk verification tools to find and resolve the problem.