Skip to main content

PGP Whole Disk Encryption

PGP Whole Disk Encryption (WDE) software secures files stored on protected drives with transparent full disk encryption. If a protected system is lost or stolen while shut down or in hibernate mode, data stored on the protected drive is not readable without the proper credentials.

 

The data encryption software continuously safeguards data from unauthorized access, protecting sensitive information from misuse due to lost or stolen computers. PGP Whole Disk Encryption; locks down the entire contents of a laptop, desktop, external drive or USB flash drive, including boot sectors, system and swap files.

Full Disk Encryption is required on Windows and recommended on Mac/Linux laptop computers that store or process Personal Identifiable Information (PII) or Protected Health Information(PHI), according to the Information Security Policy (available at https://software.sites.unc.edu/wp-content/uploads/sites/8/2012/07/ccm1_033440.pdf).

Windows

– Microsoft Windows 7 (all 32- and 64-bit editions)

– Microsoft Windows Vista (all 32- and 64-bit editions)

– Microsoft Windows XP Tablet PC Edition 2005 (requires attached keyboard)

– Microsoft Windows XP Home Edition (Service Pack 2 or 3)

– Microsoft Windows XP Professional 64-bit (Service Pack 2)

– Microsoft Windows XP Professional 32-bit (Service Pack 2 or 3)

Note: The above operating systems are supported only when all of the latest hot fixes and security patches from Microsoft have been applied.

Mac OS X

– Apple Mac OS X 10.5.x or 10.6.x (Intel-based Macs only)

Linux

– Ubuntu 8.04 and 9.04 (32- and 64-bit versions)

– Red Hat Enterprise Linux/CentOS 5.2 and 5.3 (32-bit versions)

– Red Hat Enterprise Linux 5.2 and 5.3 (64-bit versions)

Note: PGP Whole Disk Encryption for Linux is command line only

Schools and Centers interested in deploying PGP on laptops that store or process sensitive information should contact their departmental IT support staff, who will work with ITS Security on a deployment.
The PGP software will always try to synchronize with the user’s login password. However, if that is forgotten, users can call their departmental support or contact the ITS Service desk at 919-962-HELP (962-4357) or 1-866-962-4457 (U.S. and Puerto Rico) and identify themselves by answering a set of questions. They may be given a pass phrase that can bypass the PGP protection, at which point most standard password reset procedures could be used to reset the Windows password, and then the PGP password.

Keys stored on USB hardware tokens are also available to departmental support personnel which provide access to their users’ systems which are PGP Whole Disk Encrypted.

 

The PGP software supports password-based and key-based file encryption. This may or may not be available based on your departmental IT policy.

Public keys for some University members are published to PGP clients.

No, the University will not use PGP for email security.
Users continue to work as usual. However, when PGP is first installed, users will experience slow response while the entire disk is encrypted. After the initial encryption of the disk PGP WDE automatically encrypts and decrypts data on the fly, without impacting user productivity*. On startup, the PGP Boot-Guard screen will appear, requiring appropriate authentication before allowing access to data on the system.

* Performance may suffer on solid-state disks.

No. PGP cannot be installed on smart phones. For more information on how to best encrypt smartphones including iPhones, Android devices and Blackberries, see Encrypting Cell Phones.