Product Q & A
Ask the Expert,
Product Q & A
Q: I have a frustrating issue whereby I can open encrypted files that have been sent to me by another PGP user on email, but when that same user uploads files to an FTP site I cannot decrypt any of the files. Even though it’s the same person encrypting them. What’s going on here?
A: Whether or not you can decrypt an email or file has nothing to do with the senders key. It depends on whether or not the content is encrypted to your public key. The email is being correctly encrypted to your public key because the sender is probably using the PGP Email Proxy in PGP Desktop which automatically selects the key that has the email address to which the message is being sent. When the sender is encrypting the file prior to placing it on the server s/he is very likely only encrypting to their own public key and not yours. You’ll need to ask the sender to add your public key when encrypting the files. This is done in the PGP Recipients window that pops up after the file to be encrypted is selected.
Filed under: Ask the Expert, Product Q & A
Comments: No Comments
Ask the Expert,
Product Q & A
Q: I want to do an audit of my IT environment to see which machines are encrypted. I want to make sure the machine’s encrypted, not just have PGP installed.
A: The best way to do this is to run a managed environment using PGP Universal. If, however, you’re running an un-managed environment there are other ways to check. If you have physical access to the machine, go to the command line and type: pgpwde –status –disk 0. The response will tell you if the disk is instrumented with bootguard or not which indicates whether or not the disk is encrypted.
If you don’t have physical access to the machine in question, but you can access via the ‘net, you’ll need to use the schtasks.exe command with something like this:
@echo off
for /F “tokens=1,3,5,9 delims= ” %%A in (‘pgpwde –disk-status –disk 0′) do if “%%A”==”Total” (set /a WDEStatus=”((%%C+%%D)/%%B)*100″ )
echo Disk is %WDEStatus%%% encrypted.
(Note that there are only 3 lines: @echo off, for /F (until the line ends with *100″ ), and echo Disk…encrypted)
Filed under: Ask the Expert, Product Q & A
Tags: audit, WDE
Comments: No Comments
Ask the Expert,
Product Q & A
Q: After using various encryption solutions, we have chosen PGP as the best solution, but I have a couple of machines causing problems. These machines previously had another vendor’s full disk encryption product installed on them, but they have been decrypted and the software uninstalled.
PGP installs fine on the machines, but when Whole Disk Encryption is chosen, they come up with the following error :
‘Another whole disk encryption product is installed. Please remove it before trying to encrypt your drive.’
I know that the recommended solution would be to re-image them, but this is going to cause problems with legacy software installed on a few of them. Is there another way round this ?
A: The most common cause of this issue is that the previously installed product was not completely uninstalled. Specifically, unless the system registry entries are cleaned up, PGP Whole Disk Encryption will believe that the older product is still installed. If you know the product has been removed and you know how to manually delete the registry entries, WDE should work just fine.
Filed under: Ask the Expert, Product Q & A
Tags: disk encryption, system registry, WDE
Comments: No Comments
Ask the Expert,
Product Q & A
Q: I’m installing PGP Desktop 9.9 in a fairly large office this week. The boss is hardly ever in the office and the secretary needs to read his email and send email on his behalf. How do you configure PGP Desktop in this situation?
The only option I see is importing the boss’s private key into the secretary’s PGP desktop but this doesn’t feel right. Private keys should be private right? Are there other solutions or is this one the only way to go?
A: This is one way of doing it, but is not recommended because letting someone else have your private key lets them impersonate you (lets them make your digital signatures). But, if you want the secretary to be able to sign the email as if she were the boss, there isn’t much other choice. If your concern is more that she be able to decrypt and read his email, you might want to consider making her key an ADK (Additional Decryption Key) for his key – you can read more about ADKs by searching for ADK in the User’s Guide (page 76 in the current PGP Desktop User’s Guide).
Filed under: Ask the Expert, Product Q & A
Comments: No Comments
This blog represents the personal opinions of certain employees of PGP Corporation and do not necessarily reflect the positions or opinions of PGP Corporation. As such, these personal opinions are not endorsed by PGP Corporation and you should conduct independent assessments before basing any decision upon the statements made in this blog.
MANAGERS, HOSTS, PARTICIPANTS, MODERATORS AND OTHER THIRD PARTIES ARE NOT AUTHORIZED PGP CORPORATION SPOKESPERSONS, AND THEIR VIEWS DO NOT NECESSARILY REFLECT THOSE OF PGP CORPORATION, AND ARE NOT ENDORSED BY PGP CORPORATION. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PGP CORPORATION WILL HAVE NO LIABILITY RELATED TO USER CONTENT ARISING UNDER INTELLECTUAL PROPERTY RIGHTS, LIBEL, PRIVACY, PUBLICITY, OBSCENITY OR OTHER LAWS. PGP CORPORATION WILL ALSO NOT BE LIABLE FOR MISUSE, LOSS, MODIFICATION OR UNAVAILABILITY OF ANY USER CONTENT. PGP CORPORATION DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS, WHETHER EXPRESS OR IMPLIED WITH RESPECT TO THE BLOG OR BLOG CONTENT. YOUR USE OF THIS SITE AFFIRMS AGREEMENT TO THE FOREGOING.
