181
For Symantec Encryption Desktop users, Client Key Mode is the better choice because:
Many Symantec Encryption Desktop features require the user to have control of their private key. If the Symantec Encryption Server is managing that private key, those features will be unavailable to your Symantec Encryption Desktop users.
If you specify Server Key Mode, certain options you pre-configure for your Symantec Encryption Desktop users will not be available. For example, the automatic creation of PGP Virtual Disks is not possible.
Manually binding to a Symantec Encryption Server
If you manually bind to a Symantec Encryption Server using Symantec Encryption Desktop (when viewing a Messaging Service, click Server Settings) and enroll, you will download only the email policy and not the consumer policy. Your Symantec
Encryption Server administrator may have specified other options in the consumer policy (such as key modes, forcing the encryption of disks, and so on). To be fully managed and enforce consumer policy you need to use a Symantec Encryption Server "stamped" installation. Contact your administrator to obtain a stamped installation if you do not have one.
In addition, when you manually bind to a Symantec Encryption Server, the file orgkey.asc does not exist in C:\Documents and Settings\AllUsers\Application Data\PGPCorporation\PGP. If you want to manually bind to a Symantec Encryption Server, you will need to create this file and ensure that the user ID of the organization key in that file matches the server specified by the PGPSTAMP (the domain name and IP address must match).
.
.Mac, syncihronizing keys with • 165
A
Additional Decryption Keys (ADKs) • 63 AES, algorithm in PGP Virtual Disk • 147 alternate passphrases • 124, 142
authentication in Symantec Drive Encryption method used, determining • 119
Automatic mode • 168
B
basic steps for using • 12
binding, manually to a Symantec Encryption Server • 181
biometric word list • 51
boot disks, encrypting • 115, 116, 133 BootGuard • See PGP BootGuard screen
C
CAST, algorithm in PGP Virtual Disk • 147 changing
a key's passphrase • 55 your passphrase • 55 changing your passphrase • 54 characters, supported • 120
characters, supported in Whole Disk Encryption • 120
Clear Verification History • 158 Client Key Mode (CKM) • 98 compacting, PGP Virtual Disk • 140 conventional encryption • 32 creating • 39, 175
a messaging policy • 84 a messaging service • 78
a new PGP Virtual Disk volume • 136 passphrases, strong • 175
D
decrypt and verify in Finder • 34 decrypting • 131 default policies • 77, 89, 90 deleting digital signatures • 56 keys • 55
keys from your keyring • 56 subkeys • 63
user IDs • 55, 56 designated revoker • 65 digital signature deleting • 56
digital signatures • 43, 44, 46, 55, 61, 71 disabling public keys • 56
disk read/write error • 119 disks
adding users to encrypted • 124 encrypting • 119, 120
errors during encryption • 122 removable • 131
supported in Whole Disk Encryption • 116 using encrypted • 122
distributing virtual disks • 146 dock icon • See PGP Dock icon
E
email • 73
copying public keys from • 47 copying to your inbox • 109 exporting
key to a file • 45
exporting messages to your inbox • 109 including your public key in • 45 key modes • 98
multiple accounts • 81 notifiers • 28
opening in PGP Viewer • 108 securing • 73
services and policies • 77 email options • 168
enabling public keys • 56 encrypt • 116, 119
in Finder • 32 encrypt and sign in Finder • 32
encrypting IM sessions • 73, 103, See PGP Messaging encryption
adding users to • 124 algorithm used • 147
calculate duration of in Whole Disk Encryption • 118
deleting users from Whole Disk Encryption • 125 disk errors during • 122
disks or partitions • 120 pilot test • 119
re-encrypting disk or partition • 126
using Symantec Drive Encryption-encrypted disk • 127
encryption disk read/write error • 119 encryption options
conventional • 32 MacBinary • 32 Shred original • 32 text output • 32
Entourage 2004, integrating with • 19 evaluation licenses • 3
18
4 Index
exchanging virtual disks • 146
extract PGP Zip archives in Finder • 36
F
files
exporting public keys to • 45 importing public keys from • 52 Finder, accessing from • 27, 31 fingerprint, verifying digital • 56 flags, specifying usage on subkeys • 62 forensics, recovering data • 129 forgotten passphrases • 69
Free Space Wipe • See shredding free space
G
General preferences • 163 granting trust • 59
granting trust for key validations • 60 Guarded Key Mode (GKM) • 98
H
hibernation • See sleep, Mac OS X and Drive Encryption
I
importing
a PGP key in Finder • 35 public keys, from files • 52 incoming email • 74
installing • 20
installing Symantec Encryption Desktop • 15 instant messaging • 103
options • 169
K
key modes • 98
key reconstruction • 19, 69, See reconstructing your key
key size setting • 62 trade-offs • 62
keyboard, supported in Whole Disk Encryption • 117 keyboards, supported • 117
keychain, saving passphrase in • 176 keypair • 10
keyrings • 42, 55 keys • 37, 51
changing passphrase • 55
deleting from your keyring • 55, 56 disabling • 56
distributing, public • 43 email addresses, adding to • 53 email, including in • 45 enabling • 56
exporting • 45 Finder, adding in • 35
granting trust for validations • 59, 60 keyserver, uploading to • 45
lost • 68, 69
multiple user names and email addresses • 53 names, adding to • 53
preferences • 165 protecting • 71 reconstructing • 69
rejoining a split key • 66, 67 replacing a photo ID • 52 revoking • 65
saving public to file • 45 setting size of • 62 signing • 57 splitting • 66 subkeys • 60
synchronizing, Keys Preferences • 165 verifying public • 56
keyserver
getting someone's public key from • 46 searching • 46
sending your public key to • 44 using to circulate revoke keys • 65 keyservers • 10
getting someone's public key from • 46 searching • 46
sending your public key to • 44
L
licensing • 3, 19, 115
local policy • See offline policy log, messaging • 100
logging in, PGP BootGuard screen • 123 lost key or passphrase • 68
M
mail servers, see messaging services • See messaging mailing list policies • 89, 90
managed users • 2 Menu Bar icon • 25 messaging • 77 multiple • 81 notifiers • 28 troubleshooting • 82 Messaging Log • 100 Messaging preferences • 166
Index 18 5
mounting PGP Virtual Disk volumes • 139 moving Symantec Encryption Desktop to another
computer • 20
multiple messaging services • 81
N
NetShare • See Symantec File Share Encryption Notifier feature
described • 28
for incoming messages • 28 for instant messaging • 30 for outgoing messages • 29
O
offline policy • 29, 76, 78 options • See preferences outgoing email • 76
overview, of Symantec Encryption Desktop • 1
P
partitions, encrypting • 124 passphrase
adding alternate for PGP Virtual Disk • 124 changing • 55
changing on a key • 55 forgotten • 176
saving in keychain • 176 passphrase quality bar • 174 Passphrase Quality bar • 174 passphrases • 147, 173
changing • 54, 126, 152 forgotten • 68, 69 strong, creating • 175
supported characters in Whole Disk Encryption • 120
password • 119, 120
passwords • See passphrases perpetual licenses • 3 PGP BootGuard screen • 120, 123 PGP Disk preferences • 169 PGP Dock icon • 26 PGP Global Directory • 9 PGP Keys • See keys
add to keyring in Finder • 35 creating a keypair • 39 expert mode key settings • 40 import in Finder • 35
viewing • 37
PGP Keyservers List • See keyservers PGP Log • 100
PGP Messaging • 9, 73
creating a policy • 84 creating a service • 78 log • 100
services and policies • 77 services described • 77 PGP Shred • 9, 159 PGP Shredder
described • 159
PGP Universal Services Protocol (USP) • 47 PGP Viewer • 107, 108, 109, 110 email messages • 108, 109 overview of • 107 PGP Virtual Disk • 9, 135, 147 alternate users • 142 backing up • 145 creating • 136
creating a new volume • 136 deleting • 144 encryption algorithms • 147 exchanging • 146 maintaining • 145 mount in Finder • 34 mounting • 139 properties • 138 re-encrypting • 141 security precautions • 147 unmounting • 138
volume mount in Finder • 34 PGP Zip • 9, 155
PGP Zip archives
Clear Verification History • 158 creating • 156 described • 155 extract in Finder • 36 opening • 157 verify signed • 158 photo ID • 52 adding • 52 removing • 52
removing from a key • 52 policies • 77
creating • 84
creating messaging • 84
default policies • See default policies deleting • 95 editing • 92 examples • 84 examples of messaging • 89 viewing • 78 preferences • 110, 163
18 6 Index General • 163 instant messaging • 169 Keys • 165 Messaging • 166 PGP Disk • 169 PGP Viewer • 110 primary name, on key • 53 private keys • 10, 41 protecting keys • 71 public keys • 10
advantages of sending to key server • 44 copying from email messages • 47 distributing to others • 43 email message, including in • 45 enabling and disabling • 56 exporting to files • 45 getting from a keyserver • 46 getting others • 46
importing from files • 52 saving to file • 45 searching keyserver • 46 sending to keyserver • 44 signing • 57 trust • 60 verifying • 56, 57
R
read/write error • 119 reconstructing keys • 69 reconstructing your key • 43, 69recovering data from an encrypted drive • 129 recovery tokens • 128
re-encrypting • 126
re-encrypting a disk • 126, 141 rejoining split keys • 66, 67 removable disks • 131
removable drives in Whole Disk Encryption • 131 removing
a photo ID from a key • 52 subkeys • 63
resetting key mode • 98 revokers, key • 65 revoking
keys • 65
signature, from a key • 59 subkeys • 63
S
S/MIME email, importing certificates in • 54 searching keyserver • 46
secure instant messaging (IM) • 103 security precautions • 132, 147 separate signing subkey • 9
Server Client Key Mode (SCKM) • 98 Server Key Mode (SKM) • 98
services • 77 creating • 78 deleting • 81 disabling • 81 enabling • 81 viewing • 78 Services menu PGP functionality • 31 services, messaging • 77, 81 shredding described • 159 in Finder • 33 shredding free space • 9
signatures, deleting from keys • 55 signing • 55, 56
in Finder • 32 keys • 55, 57 public keys • 57
sleep, Mac OS X and Drive Encryption • 133 smart card • 10 splitting keys • 66 SSL/TLS support • 96 strong passphrases • 175 subkey usage • 62 subkeys • 60 creating new • 62 expiration • 60, 62 icons • 60 looking at • 61 properties • 60 removing • 63 revoking • 63 separate • 60 setting size of • 62 size • 60 symbols • 60 validity • 60 viewing • 60 working with • 60 subscription licenses • 3 support, contacting • 6 Symantec Drive Encryption • 9
Index 18 7
adding users • 124
authentication options • 119 automatic backup software • 127 backing up encrypted disks • 126 changing a passphrase • 126 decrypting a disk • 131
decrypting an encrypted disk • 131 deleting users • 125
disk read/write error • 119 disk types, supported • 116 disk, maintaining security of • 124 disk, using encrypted • 122 encrypting a disk • 116, 119
encryption duration, calculating • 118 licensing • 115
prepare disk for • 116 preparing to encrypt • 116 recovery disc • 130 recovery tokens • 128 re-encrypting • 126
re-encrypting an encrypted disk • 126 removable drives • 131
security precautions • 132 supported disk types • 116
Symantec Encryption Server, managed • 127 uninstalling • 127
users, working with • 124, 125, 126 viewing key information • 124 Symantec Encryption Desktop
accessing via Finder • 27 described • 9
icon in Menu Bar • 25
in Symantec Encryption Server-managed environment • 179 installation • 15 installing • 15 main screen • 23, 24 Notifier feature • 27 PGP Tray icon • 25 policies described • 77 Setup Assistant • 19 SSL/TLS support • 96 system requirements • 15 uninstalling • 20 upgrading • 17
Symantec Encryption Desktop Log • See PGP Log Symantec Encryption Management Server • 2, 9, 69,
127, 179, 180, 181
Symantec Encryption Management Server administrator • 127, 179
Symantec File Share Encryption • 9 system partition, modifying • 124 system requirements • 15
T
technical support • 6 terminology • 2, 9, 11, 77, 98 text output • 32 troubleshooting • 82 trustgranting for key validations • 60 public keys • 60
trust, granting for key validations • 59 Twofish, algorithm in PGP Virtual Disk • 147
U
uninstalling • 20, 127 unmanaged users • 2 unmounting • 153
PGP Portable Disks • 153 PGP Virtual Disk volumes • 138 update policy • 76
upgrading • 19
usage flags, on subkeys • 62 usage flags, specifying • 62 user names, on keys • 53 users • 141
Symantec Drive Encryption, adding or deleting from • 124, 125
USP • See PGP Universal Services Protocol (USP)
V
validating keys • 59 granting trust for • 60 validity • 51
verifying
a public key • 57
PGP Zip signed archives • 158 viewing subkeys • 60
virtual disks • See PGP Virtual Disk
W
wildcards, in policies • 87
wiping files • See shredding free space word list, biometric • 51
X
X.509 certificates • 54