PGP Whole Disk Encryption
The goal of this page is to provide you with all the information and resources necessary to get started using PGP Whole Disk Encryption at IU. That said, this may require a certain amount of technical expertise — especially if you are encrypting an existing system that contains necessary working data.
Consulting with your LSP or other IT support personnel before proceeding is highly recommended. Your campus Support Center can assist you in determining who your LSP is if you are unsure.
Download PGP Whole Disk Encryption
- What is PGP Whole Disk Encryption?
- Why should I use PGP?
- How do I install PGP?
- More information about data protection and laws
PGP Whole Disk Encryption (WDE) is a component of the PGP Desktop application. In addition to providing whole disk encryption, the default PGP Desktop installation available at Indiana University includes PGP Zip, PGP Virtual Disk, PGP Shredder, and management of PGP/GPG keys.
WDE encrypts the entire hard disk of your computer, requiring a password before the operating system can boot. This layer of security prevents a third party from being able to read the contents of the disk when using methods to bypass booting the disk (e.g., booting from a Linux Live CD or Windows PE CD).
If you work with sensitive data, strongly recommends that you use a whole disk encryption product, such as PGP WDE. If your computer containing sensitive data is ever lost or stolen, this prevents the data from being accessed by an unauthorized third party. In some cases, an encrypted drive also alleviates the need for a breach notification to the public.
Once PGP Desktop is installed, you will need to provide your ADSallvisible credentials to get a valid license from IU's PGP server (pgpuniversal.iu.edu).
Note: The computer does not need to be joined to the ADS domainallvisible, and the passphrase you use for encryption does not have to be your ADS passphrase. Providing your credentials simply allows you to get a valid license from the server, and to create a valid PGP key pair.
If you forget your PGP passphrase, or a file has been encrypted with a key that becomes lost or corrupted, or data has been encrypted by a user no longer with the university, the University Information Policy Office (UIPO) can assist with recovery. UIPO maintains the Whole Disk Encryption recovery tokens and an additional decryption key which can be used to decrypt data encrypted with the IU distribution of PGP Desktop. If this need arises, contact the UIPO at firstname.lastname@example.org . If your request meets the guidelines in IU policy IT-07 Privacy of Electronic Information and Information Technology Resources, as well as any other applicable IU policies, UIPO will contact you and explain how to proceed.
If you work with sensitive data, UITS strongly recommends that you use a whole disk encryption product, such as PGP WDE. If your computer containing sensitive data is ever lost or stolen, this prevents the data from being accessed by an unauthorized third party.
As of July 2006, unauthorized data disclosures/breaches can carry criminal penalties in the State of Indiana, including fines and jail time. In most cases, an encrypted drive alleviates the need for a breach notification to the public, or to the State Attorney General.
Other reasons to encrypt laptops with PGP:
- the license is FREE to end users
- it runs in the background — almost completely transparently
- laptop performance is not impacted
- no extra passwords/passphrases to remember
The UITS Knowledge Base contains resources to help you install and use PGP Whole Disk Encryption.
Installing PGP WDE:
Using PGP WDE:
From the University Information Policy Office:
- Protection of Sensitive Institutional and Personal Data — including information regarding applicable data protection laws
- Policy on Privacy of Information and Information Technology Resources
- University Institutional Data Management