The Wayback Machine - https://web.archive.org/web/20061224231228/http://www.pgp.com:80/products/wholediskencryption/faq.html
PGP Corporation Logo
select United States productsPurchasedownloadssupportpartnersnewsroomcompanycareerscontact
.
.
.
.

PGP Whole Disk Encryption: FAQ

General

Features

Technical

Interoperability

Management


General

What is PGP Whole Disk Encryption and why is it important?
PGP Whole Disk Encryption is a solution for protecting all data on an entire desktop, laptop, or removable disk drive. PGP Whole Disk Encryption transparently secures disk contents, including system and temporary files, automatically safeguarding sensitive data from unauthorized access. PGP Full Disk Encryption provides worry-free protection against unauthorized access of private and confidential data.

What business problem does PGP Whole Disk Encryption solve?
PGP Whole Disk Encryption enables individuals and organizations to secure sensitive data stored on systems or removable media, thereby meeting federal security mandates, partner requirements, and industry best practices for data protection.

How does PGP Whole Disk Encryption work?
The PGP Whole Disk Encryption engine operates at a system level between the operation system and the disk drive, providing user-transparent sector-by-sector disk encryption and decryption. A successful pre-boot authentication unlocks the decryption key, enabling users to work without any other changes to their experience.

What is the end-user experience?
The only change in the end-user experience with PGP Whole Disk Encryption is the addition of a pre-boot authentication screen. The pre-boot authentication screen protects the system from being accessed by unauthorized users by disabling their ability to attack operating system–level authentication mechanisms. Once the end user provides valid authentication, encryption and decryption of the disk are transparent to both the user and the operating system. The pre-boot authentication passphrase can be synchronized with the Windows logon, enabling Windows users to be automatically logged into their system without requiring additional passphrases or user actions.

What’s new in PGP Whole Disk Encryption 9.5?

  • Single Sign-On: Allows users to synchronize Windows passwords with their PGP Whole Disk Encryption passphrase without replacing Windows system files. This setup lets users authenticate in the pre-boot environment and have those credentials safely passed to Windows for an automated login. This synchronization functionality also enables organizations to extend their existing password security policies to PGP Whole Disk Encryption sign-on.
  • Partition encryption: Enables PGP Whole Disk Encryption to encrypt only select partitions of disks, instead of the entire disk, providing compatibility with multi-partition disks that use different operating systems on each partition. It also ensures that the laptop recovery partitions commonly used on recent laptops are not encrypted.
  • Enhanced performance & safeguards improvements: Improvements in overall performance, new controls to maximize CPU utilization, and power failure safeguards enable maximum performance and safety for power users. 
  • Resizable virtual disks: PGP Virtual Disks now automatically expand to fit its contents as files are added, up to the maximum size of the physical media on which the disk file resides. A PGP Virtual Disk can also be compacted down to the minimum size of the enclosed files.

How does PGP Whole Disk Encryption fit into the PGP Encryption Platform?
As a PGP Encryption Platform–enabled application, PGP Whole Disk Encryption leverages PGP Universal Server users, keys, and configurations. Deploying one enterprise encryption application, such as PGP Whole Disk Encryption, automatically delivers the PGP Encryption Platform, allowing organizations to quickly deploy new applications such as secure messaging or network file sharing security within the organization. PGP Encryption Platform–enabled applications can be used together to provide multiple layers of security, all administered from a single, consolidated management console using centralized policy and configurations.


Features

Does PGP Whole Disk Encryption provide automatic and transparent data encryption to the end user?
Yes. PGP Whole Disk Encryption automatically encrypts the entire contents of the hard disk in the background and is transparent to the end user. 

Does PGP Whole Disk Encryption provide complete disk and removable media encryption?
Yes. PGP Whole Disk Encryption provides complete disk and removable media encryption.

Does PGP Whole Disk Encryption provide encryption of individual partitions?
Yes. PGP Whole Disk Encryption 9.5 provides encryption for individual partitions on fixed or removable drives. This feature enables users to encrypt the entire contents of a disk or encrypt only selected partitions. PGP Virtual Disk can be used to create encrypted virtual volumes, providing an additional layer of security for powered-on systems.

Can PGP Whole Disk Encryption and PGP Virtual Disk encryption be used at the same time?
Yes. PGP Virtual Disk can be used with PGP Whole Disk Encryption when encrypted files/folders are needed to protect data. For example, PGP Virtual Disk can be used to secure confidential data on multi-user shared systems protected with PGP Whole Disk Encryption, allowing individuals to ensure the privacy of their work on shared systems.

What performance impact should be expected when PGP Whole Disk Encryption is in use?
Once the hard drive is encrypted, the performance impact of PGP Whole Disk Encryption is negligible. Some users may notice a performance impact during the initial encryption process; however, this is a one-time-only event during which all current-generation PCs will perform normally, although disk-intensive computing processes may take slightly longer. The initial encryption process can be suspended at any time to complete time-sensitive or disk-intensive tasks.

Does PGP Whole Disk Encryption allow encrypted data to be recovered if the key or passphrase is lost?
Yes. In a managed deployment, PGP Whole Disk Encryption allows users to regain access to their systems in the event the key stored on an Aladdin eToken Pro USB token or passphrase used for authentication is lost or forgotten. In such cases, PGP Whole Disk Encryption administrators issue users a one-time-use recovery passphrase that allows them to regain access. Once the recovery passphrase is used, it is no longer valid and a new recovery passphrase is created for future use.

Does PGP Whole Disk Encryption enable users to have separate accounts, regardless of the number of users?
Yes. PGP Whole Disk Encryption provides the capability to have up to 28 separate user accounts on a single system. 

Does PGP Whole Disk Encryption require authentication for access to all encrypted data?
Yes. PGP Whole Disk Encryption requires authentication via either a passphrase or USB token prior to granting access to the encrypted disks. 

Does PGP Whole Disk Encryption prevent unauthorized access to encrypted data?
Yes. Only users with either the proper hardware token and/or passphrase can access encrypted data. 


Technical

What operating systems are supported?
PGP Whole Disk Encryption supports the following operating systems:

  • Windows 2000 Professional SP4
  • Windows XP Professional SP1 & SP2
  • Mac OS X 10.4 (Non-boot disks only – Intel & PPC). 

Does PGP Whole Disk Encryption store keys and passphrases in an encrypted format?
Yes. PGP Whole Disk Encryption stores all keys and passwords in an encrypted format. 

Does PGP Whole Disk Encryption provide pre-boot authentication?
Yes. A PGP Whole Disk Encryption user will be prompted to enter either a passphrase or hardware token to unlock the encrypted disk.

Does PGP Whole Disk Encryption support screen saver functionality?
Yes. PGP Whole Disk Encryption is fully compatible with screen savers. 

Does PGP Whole Disk Encryption support standby and hibernation modes?
Yes. At any time, even during initial hard drive encryption, a user may shut down the system or place it into standby or hibernation mode. When the system is shut down or placed in hibernation mode, a user must re-authenticate to PGP Whole Disk Encryption to access the system. If an initial drive encryption was in progress, it will be immediately resumed following successful authentication.

Does PGP Whole Disk Encryption provide the ability to use logon tokens?
Yes. PGP Whole Disk Encryption provides the ability to use hardware-based tokens such as the Aladdin eToken Pro USB token. 

Does PGP Whole Disk Encryption provide the ability to use USB tokens for logon?
Yes. PGP Whole Disk Encryption currently provides support for the Aladdin eToken Pro USB token. 

Does PGP Whole Disk Encryption provide the ability to use smart cards for logon?
No. PGP Whole Disk Encryption currently does not support smart cards during the login process. However, PGP Whole Disk Encryption does provide the ability to use hardware-based tokens such as the Aladdin eToken Pro USB token.

Does PGP Whole Disk Encryption support certificates for pre-boot authentication?
Yes. PGP Whole Disk Encryption supports certificate-based pre-boot authentication certificates as long as the certificate used is on a supported USB token. Any key or certificate can be used for non-boot volumes or flash drives. When not used for boot-level security, a token is not required to use a key or certificate.


Interoperability

Does PGP Whole Disk Encryption interfere with other systems or application software?
No. Both PGP Whole Disk Encryption and PGP Virtual Disk encryption operate transparently and do not interfere with the operating system or other application software.

Is PGP Whole Disk Encryption compatible with dual-boot environments?
Yes. PGP Whole Disk Encryption provides partition-level encryption, making it compatible with dual-boot environments with multi-partition disks that use different operating systems on each partition.

Does PGP Whole Disk Encryption work in conjunction with single sign-on solutions?
Yes: PGP Whole Disk Encrypt can automatically synchronize with existing Windows account passwords, providing the user with a single sign-on solution for logging into Windows. 

Does PGP Whole Disk Encryption support the Advanced Encryption Standard (AES) algorithm?
Yes. PGP Whole Disk Encryption supports AES 256. 

Does PGP Whole Disk Encryption integrate with LDAP directories?
Yes. PGP Whole Disk Encryption is compatible with Microsoft Active Directory 2000 and Microsoft Active Directory 2003. 

Does PGP Whole Disk Encryption work with systems management tools?
Yes. PGP Whole Disk Encryption is compatible with system management tools such as Microsoft SMS that support Microsoft MSI installers. 


Management

How much administration does PGP Whole Disk Encryption require?
Very little. Once PGP Whole Disk Encryption is deployed, defined security policies are automatically enforced. User group management can be further automated by integrating PGP Whole Disk Encryption with Microsoft Active Directory.

Can encryption of disks and removable media be enforced by policy?
Yes. When deployed with PGP Universal Server, administrators can force encryption of disks and removable media by policy.

Can a rollout of PGP Whole Disk Encryption be automated?
Yes. Distribution and installation of PGP Whole Disk Encryption MSI installer can be performed using systems management tools such as Microsoft SMS. Initial enrollment of users into the system is automated using email or LDAP-based authentication. Once PGP Whole Disk Encryption is installed, policy updates are automatically distributed to installed end-user systems.

Can email encryption be added to PGP Whole Disk Encryption?
Yes. To add gateway-based or end-to-end email encryption, PGP Whole Disk Encryption customers can simply purchase the respective email encryption license. Please contact a PGP sales representative for more information.

.
.