PGP Whole Disk Encryption

The goal of this page is to provide you with all the information and resources necessary to get started using PGP Whole Disk Encryption at IU. That said, this may require a certain amount of technical expertise — especially if you are encrypting an existing system that contains necessary working data.

Consulting with your LSP or other IT support personnel before proceeding is highly recommended. Your campus Support Center can assist you in determining who your LSP is if you are unsure.

Download PGP Whole Disk Encryption


What is PGP Whole Disk Encryption?

PGP Whole Disk Encryption (WDE) is a component of the PGP Desktop application. In addition to providing whole disk encryption, the default PGP Desktop installation available at Indiana University includes PGP Zip, PGP Virtual Disk, PGP Shredder, and management of PGP/GPG keys.

WDE encrypts the entire hard disk of your computer, requiring a password before the operating system can boot. This layer of security prevents a third party from being able to read the contents of the disk when using methods to bypass booting the disk (e.g., booting from a Linux Live CD or Windows PE CD).

If you work with sensitive data, strongly recommends that you use a whole disk encryption product, such as PGP WDE. If your computer containing sensitive data is ever lost or stolen, this prevents the data from being accessed by an unauthorized third party. In some cases, an encrypted drive also alleviates the need for a breach notification to the public.

Once PGP Desktop is installed, you will need to provide your ADSallvisible credentials to get a valid license from IU's PGP server (pgpuniversal.iu.edu).

Note: The computer does not need to be joined to the ADS domainallvisible, and the passphrase you use for encryption does not have to be your ADS passphrase. Providing your credentials simply allows you to get a valid license from the server, and to create a valid PGP key pair.

If you forget your PGP passphrase, or a file has been encrypted with a key that becomes lost or corrupted, or data has been encrypted by a user no longer with the university, the University Information Policy Office (UIPO) can assist with recovery. UIPO maintains the Whole Disk Encryption recovery tokens and an additional decryption key which can be used to decrypt data encrypted with the IU distribution of PGP Desktop. If this need arises, contact the UIPO at uipo@iu.edu . If your request meets the guidelines in IU policy IT-07 Privacy of Electronic Information and Information Technology Resources, as well as any other applicable IU policies, UIPO will contact you and explain how to proceed.

top

Why should I use PGP?

If you work with sensitive data, UITS strongly recommends that you use a whole disk encryption product, such as PGP WDE. If your computer containing sensitive data is ever lost or stolen, this prevents the data from being accessed by an unauthorized third party.

As of July 2006, unauthorized data disclosures/breaches can carry criminal penalties in the State of Indiana, including fines and jail time. In most cases, an encrypted drive alleviates the need for a breach notification to the public, or to the State Attorney General.

Other reasons to encrypt laptops with PGP:

  • the license is FREE to end users
  • it runs in the background — almost completely transparently
  • laptop performance is not impacted
  • no extra passwords/passphrases to remember

top

How do I install PGP?

The UITS Knowledge Base contains resources to help you install and use PGP Whole Disk Encryption.

Installing PGP WDE:

Using PGP WDE:

Additional Resources:

top

More information about data protection

From the University Information Policy Office:

top

Security & Policy Blog Posts

  • On March 24th 2014, Microsoft released an advisory describing a vulnerability in all supported versions of Microsoft Word.
  • Apple has released critical security updates to address a dangerous bug in Apple's implementation of SSL/TLS that affects multiple versions of iOS 6, iOS 7, Apple TV OS 6, OS X 10.9 (Maverics).
  • Older version of NTP with outdated configuration may allow servers to be used in a Denial of Service attack
  • This page includes the third party assessment workbook and instructions.

    Recent Security Bulletins

  • Vulnerability in OpenSSL versions 1.0.1 before 1.0.1g
  • New ransomware named CryptoLocker threatens to destroy data unless a payment is made.
  • Critical Java Vulnerability included in Exploit Kit