PGP Whole Disk Encryption

Overview

Mobile computers are quickly emerging as the industry standard for increasing user productivity. However, the portable nature of these devices increases the possibility of loss or theft. Consequent exposure of sensitive data can result in financial loss, legal ramifications, and brand damage.

PGP® Whole Disk Encryption provides enterprises with comprehensive, nonstop disk encryption for Microsoft and Apple Mac OS X, enabling quick, cost-effective protection for data on desktops, laptops, and removable media. The encrypted data is continuously safeguarded from unauthorized access, providing strong security for intellectual property, customer and partner data, and corporate brand equity.

• Easy, automatic operation–Protects data without changing the user experience.
• Enforced security policies–Automatically enforce data protection with centrally managed policies.
• Accelerated deployment–Achieves full disk encryption using the existing infrastructure.
• Reduced operational costs–Result from centrally automating encryption policies.

As a PGP® Encryption Platform-enabled application, PGP Whole Disk Encryption can be used with PGP Universal™ Server to manage existing policies, users, keys, and configurations, expediting deployment and policy enforcement. PGP Whole Disk Encryption can also be used in combination with other PGP® encryption applications to provide multiple layers of security.

Technical Specifications

Supported Operating Systems

• Microsoft Windows Vista (all 32-bit and 64-bit versions, including Service Pack 1)
• Microsoft Windows XP Professional 32-bit (Service Pack 1, 2 and 3)
• Microsoft Windows XP Professional 64-bit (Service Pack 1 and 2)
• Microsoft Windows XP Tablet PC Edition 2005 (requires attached keyboard)
• Microosft Windows XP Home
• Microsoft Windows 2003 Server (Service Pack 1 and 2)*
• Microsoft Windows 2000 Professional (Service Pack 4)
• Mac OS X 10.4.10 and later (Intel-based Macs, system volumes only)
• Mac OS X 10.4.X and Mac OS X 10.5.X (Intel and PPC platforms, non-system volumes only)

* Full disk encryption functionality is not supported on Windows 2000 Server or 2003 Server.

Supported Disks

• Desktop or laptop disks (partitions in the case of Windows, or the entire disk for Windows and Mac OS X)
• External disks, excluding music devices and digital cameras
• USB flash disks
• Solid-state drives

Localization

• English
• German
• Japanese

Authentication Options

• OpenPGP RFC 4880 keys
• X.509 keys

Symmetric Key Algorithms-PGP® Whole Disk Encryption

• AES 256-bit keys

Centralized Management Requirements

• PGP Whole Disk Encryption is centrally managed by PGP Universal Server which requires a dedicated hardware server. For supported hardware and other information, please refer to the PGP Universal Server technical specifications.

Two-Factor Authentication(PGP Whole Disk Encryption for Windows Only)

Supported Pre-Boot Authentication Smart Cards and USB Tokens

The following smart card readers are supported for communicating to a smart card at pre-boot time. These readers can be used with any supported removable smart card (it is not necessary to use the same brand of smart card and reader). Any Chip/Smart Card Interface Device (CCID) smart card reader is supported. The following readers have been tested by PGP Corporation:

• OMNIKEY CardMan 3121 USB for desktop systems
• OMNIKEY CardMan 6121 USB for mobile systems
• ActivIdentity USB 2.0 reader
• Reiner SCT CyberJack pinpad
• Athena ASEDrive IIIe USB reader

PGP Whole Disk Encryption supports the following smart cards for pre-boot authentication:

• ActivIdentity ActivClient CAC cards, 2005 models
• Aladdin eToken 64K, 2048-bit RSA-capable¹
• Aladdin eToken PRO USB Key 32K, 2048-bit RSA-capable¹
• Aladdin eToken PRO without 2048-bit capability (older smart cards)¹
• Athena ASEKey Crypto USB Token for Microsoft ILM²
• Athena ASECard Crypto Smart Card for Microsoft ILM²
• EMC RSA SecurID SID800 Token³
• Charismathics CryptoIdentity plug ‘n’ crypt Smart Card only stick
• S-Trust StarCOS smart card⁴
• SafeNet iKey 3000

¹ Other Aladdin eTokens, such as tokens with flash, should work provided they are APDU compatible with the supported tokens. OEM versions of Aladdin eTokens, such as those issued by VeriSign, should work provided they are APDU compatible with the supported tokens.
² Athena tokens are supported only for credential storage.
³ This token is supported only for credential storage. SecurID is not supported.
⁴ S-Trust SECCOS cards are not supported.

Supported Smart Cards and USB Tokens-PGP® Virtual Disk and PGP Zip

PGP Whole Disk Encryption recognizes and works with the following:

• DoD Common Access Cards (CACs) with the ActivCard Gold 2.0 profile
• Athena Smart Card Solutions smart cards, including the ASEKey USB token
• AET SafeSign smart cards, including ASEKey 1.0
• Axalto (formerly Schlumberger) smart cards, including the Cryptoflex 32K
• SafeNet smart cards, including iKey 2032
• Aladdin smart cards, including eToken PRO USB 16K, 32K, and 64K
• GemPlus smart cards, including SafesITe and GemXpresso Pro, using GemSafe Libraries 4.2.0-015 (Gold)

PGP Whole Disk Encryption also recognizes and works with smart cards from other vendors if the vendor includes a standards-based PKCS-11 library in its software drivers.