PGP Whole Disk Encryption

The goal of this page is to provide you with all the information and resources necessary to get started using PGP Whole Disk Encryption at IU. That said, this may require a certain amount of technical expertise — especially if you are encrypting an existing system that contains necessary working data.

Consulting with your LSP or other IT support personnel before proceeding is highly recommended. Your campus Support Center can assist you in determining who your LSP is if you are unsure.

Download PGP Whole Disk Encryption


What is PGP Whole Disk Encryption?

PGP Whole Disk Encryption (WDE) is a component of the PGP Desktop application. In addition to providing whole disk encryption, the default PGP Desktop installation available at Indiana University includes PGP Zip, PGP Virtual Disk, PGP Shredder, and management of PGP/GPG keys.

WDE encrypts the entire hard disk of your computer, requiring a password before the operating system can boot. This layer of security prevents a third party from being able to read the contents of the disk when using methods to bypass booting the disk (e.g., booting from a Linux Live CD or Windows PE CD).

If you work with sensitive data, strongly recommends that you use a whole disk encryption product, such as PGP WDE. If your computer containing sensitive data is ever lost or stolen, this prevents the data from being accessed by an unauthorized third party. In some cases, an encrypted drive also alleviates the need for a breach notification to the public.

Once PGP Desktop is installed, you will need to provide your ADSallvisible credentials to get a valid license from IU's PGP server (pgpuniversal.iu.edu).

Note: The computer does not need to be joined to the ADS domainallvisible, and the passphrase you use for encryption does not have to be your ADS passphrase. Providing your credentials simply allows you to get a valid license from the server, and to create a valid PGP key pair.

If you forget your PGP passphrase, or a file has been encrypted with a key that becomes lost or corrupted, or data has been encrypted by a user no longer with the university, the University Information Policy Office (UIPO) can assist with recovery. UIPO maintains the Whole Disk Encryption recovery tokens and an additional decryption key which can be used to decrypt data encrypted with the IU distribution of PGP Desktop. If this need arises, contact the UIPO at uipo@iu.edu . If your request meets the guidelines in IU policy IT-07 Privacy of Electronic Information and Information Technology Resources, as well as any other applicable IU policies, UIPO will contact you and explain how to proceed.

top

Why should I use PGP?

If you work with sensitive data, UITS strongly recommends that you use a whole disk encryption product, such as PGP WDE. If your computer containing sensitive data is ever lost or stolen, this prevents the data from being accessed by an unauthorized third party.

As of July 2006, unauthorized data disclosures/breaches can carry criminal penalties in the State of Indiana, including fines and jail time. In most cases, an encrypted drive alleviates the need for a breach notification to the public, or to the State Attorney General.

Other reasons to encrypt laptops with PGP:

  • the license is FREE to end users
  • it runs in the background — almost completely transparently
  • laptop performance is not impacted
  • no extra passwords/passphrases to remember

top

How do I install PGP?

The UITS Knowledge Base contains resources to help you install and use PGP Whole Disk Encryption.

Installing PGP WDE:

Using PGP WDE:

Additional Resources:

top

More information about data protection

From the University Information Policy Office:

top

Security & Policy Blog Posts

  • Drupal announced the availability of a patch to fix a critical SQL injection vulnerability in Drupal 7.
  • Creating and maintaining a disaster recovery plan for departments and thier critical services
  • How workplace culture affects information security and how that culture can be improved.
  • The FBI has issued a public service bulletin regarding recent cyber-crimes which target university employees and students. Criminal activities involve payroll and IRS filings.

    Recent Security Bulletins

  • Adobe Flash is vulnerable to exploit that could allow an attacker to take control of the affected system.
  • Vulnerability in SSL 3.0
  • Critical Bash Exploit: Shellshock
  • Vulnerability in OpenSSL versions 1.0.1 before 1.0.1g