Using PGP Desktop with IBM Lotus Notes. PGP Desktop 10.2.1 Windows
Add to My manuals307 Pages
PGP Desktop 10.2.1 Windows is an easy-to-use email encryption software that gives you the power to protect your privacy and keep your communications confidential. With PGP Desktop, you can send and receive encrypted emails, sign and verify digital signatures, and manage your PGP keys and certificates. PGP Desktop is a valuable tool for anyone who wants to protect their online privacy and keep their communications secure.
advertisement
![Using PGP Desktop with IBM Lotus Notes. PGP Desktop 10.2.1 Windows | Manualzz Using PGP Desktop with IBM Lotus Notes. PGP Desktop 10.2.1 Windows | Manualzz](http://s3.manualzz.com/store/data/032063249_1-3971ca0a63dfb4645fb826060c216db3-360x466.png)
D
Using PGP Desktop with IBM Lotus
Notes
This section describes use of PGP Desktop with Lotus Notes, including MAPI.
In This Chapter
About Lotus Notes and MAPI Compatibility
Once set up correctly, PGP Desktop messaging with Lotus Notes and MAPI email clients in a PGP Universal-protected environment works the same as with POP or IMAP email
clients, as described in Securing Email Messages (on page 75). The information in this
appendix supplements the information in that chapter.
Lotus Notes is a groupware application that provides messaging, calendaring, and scheduling capabilities. Refer to the PGP Desktop for Windows Release Notes for information on compatible Lotus Notes email clients.
MAPI (Messaging Application Programming Interface) is a messaging architecture and a client interface used in Microsoft Exchange environments.
Lotus Notes and MAPI compatibility in PGP Desktop means you get your messaging protected by PGP technology while using your existing email client, plus the other features Lotus Notes and MAPI make available to you.
PGP Desktop installation is compatible with both Lotus Notes Single-User and
Multi-User installation.
Using PGP Desktop with Lotus Notes
This section provides an overview of the interoperability of PGP Desktop and PGP
Universal in a Lotus Notes environment.
Sending email to recipients inside your Lotus Notes organization
Within the Lotus Notes environment PGP Desktop supports the use of both SMTP and
Notes addressing.
284 Using PGP Desktop with IBM Lotus Notes
Binding to a PGP Universal Server
Using Notes Addresses
Lotus Notes clients using PGP Desktop can use Notes addresses for key lookup. When a
Lotus Notes email client sends an email, the PGP Desktop client recognizes this and automatically adds the Notes address to the key. This key is then synchronized with
PGP Universal to facilitate the lookup of keys by Notes address.
All PGP Universal Server keys have an SMTP email address associated with them (for example, [email protected]
). The keys of internal Lotus Notes email client users have their Notes address on their key in addition to a SMTP email address:
CN=josem/O=notes6@notes6, for example. (External users will never have a Notes address on their key, as contact with external users is always using their SMTP email addresses.) The keys of internal Lotus Notes email client users have both addresses, the
SMTP email address and the Notes address, because requests for the key from PGP
Universal Satellite for Windows could specify either address.
Using SMTP Addresses to a recipient with PGP Desktop
Lotus Notes clients using PGP Desktop can use SMTP IDs for key lookup inside the organization. Some Lotus Notes enterprises utilize SMTP IDs for all internal communication, while others offer their employees a choice. PGP Desktop interoperates within both configurations. In this scenario Lotus Notes typically constructs the email in MIME and the PGP Desktop Proxy performs S/MIME.
Sending email to recipients outside your Lotus Notes organization
Lotus Notes clients using PGP Desktop will use SMTP IDs for email routing and key lookup outside the organization. PGP Desktop interoperates within both configurations.
In this scenario Notes constructs the email in MIME and the PGP Desktop proxy performs S/MIME or PGP/MIME. The recipient receives and decrypts the email.
Binding to a PGP Universal Server
When using Lotus Notes or MAPI email clients with PGP Desktop in a PGP
Universal-protected environment, there may be an extra setup step required because both Lotus Notes and MAPI email clients must directly connect to their Domino or
Exchange mail servers, respectively.
This section does not apply if you are using PGP Desktop standalone; that is, outside of a PGP Universal Server-managed environment.
In addition to communicating with you mail servers, you must also have a relationship with your PGP Universal Server. Both requirements are met by having a policy for the respective mail server and a second policy that includes both the mail server and the
PGP Universal Server.
This is called binding, and it allows your email client to access its mail server to send and receive mail and its PGP Universal Server to get keys and policies. As mentioned, binding is achieved through PGP Desktop messaging policies.
There are two ways the necessary PGP Desktop messaging policies can be created to support binding: pre-binding and manual binding.
Using PGP Desktop with IBM Lotus Notes
Notes Addresses
285
Pre-Binding
With pre-binding, the PGP administrator configures the PGP Desktop installer with the information needed to create the binding in the PGP Desktop messaging policies. So with pre-binding, the right policies come configured in PGP Desktop.
Manual Binding
With manual binding, the PGP administrator does not configure the PGP Desktop installer with the information needed to create the binding in the PGP Desktop messaging policies; you have to create these policies yourself.
To manually bind a mail server and a PGP Universal Server, you must first create a service for the PGP Universal Server and then create another service for the mail server that includes a reference to the PGP Universal Server.
To manually bind a mail server and a PGP Universal Server using PGP Desktop messaging policies
1 Open PGP Desktop.
2 Click the PGP Messaging Control Box.
3 Under existing standalone service, click Universal Server <none> and select
Create new.
4 In the New PGP Universal Service menu, type your Universal Server name and click OK.
5 Using your email client, send yourself a message. For MAPI users, doing this may not be necessary. If not, go to step 8.
6 Click OK on the Operation stopped by your request dialog box.
7 From your in-box, read the email from “PGP Universal.” The PGP Key Generation
Wizard dialog box is displayed.
8 Click Next.
9 Choose a Key Mode from the Key Management Selection, then click Next.
10 In Key Source Selection, choose PGP Desktop key, if you are using PGP Desktop as a standalone application. Otherwise, select New key or Import Key.
11 Click Next.
12 Select the key set and click Next.
13 Click Finish.
Notes Addresses
PGP Desktop keys generally have at least one SMTP email address associated with them: [email protected]
, for example.
286 Using PGP Desktop with IBM Lotus Notes
Notes Client Settings
The PGP Desktop keys of Lotus Notes email client users in a PGP Universal
Server-managed environment may have their Notes address on their key in addition to a SMTP email address: CN=josem/O=notes6@notes6, for example. (Standalone PGP
Desktop users do not have a Notes ID on their key; they always use their SMTP email addresses.)
If you are using PGP Desktop and a Lotus Notes email client in a PGP Universal
Server-managed environment and want to know more information, contact your PGP administrator.
Notes Client Settings
If you are using PGP Desktop with a Lotus Notes email client, you need to make sure that on the Home/Mail Server Setting field of your email client’s location record, the
Servers tab has the full Notes name (host/orgName), and not just the WINS host.
Symantec Corporation recommends that you fill in the Internet mail address field on the Basics tab of the current Location document. OCNOTES relies on this field to determine the user's SMTP email address. If the field is missing, PGP Desktop constructs an SMTP email address for the user based on the Domino Server's Global
Domain document.
If you are in "Island mode" and PGP Desktop fails to look up keys for some or all recipients, PGP Desktop tries to encrypt the message again by looking for keys when the replicator pushes the message to your home server.
If PGP Desktop fails to look up a key for some recipients and the Notes native encryption option is checked, PGP Desktop allows the Lotus Notes client to encrypt the message to the recipients which PGP failed to encrypt.
The Notes.ini Configuration File
PGP Desktop updates the notes.ini configuration and adds the following entry:
EXTMGR_ADDINS=nPGPNote.dll
Be sure that this entry is not modified or removed. PGP Desktop scans the notes.ini file every time it starts. If this entry is missing, it will add the entry again.
Using Lotus Notes Native Encryption
Lotus Notes Native Encryption enables Notes users to send internal email encrypted to the user's Notes key. When PGP Desktop is configured to use Notes native encryption, confidential information can be sent encrypted to internal users by selecting a checkbox when composing the message. All Lotus Notes users have a Notes key.
If the email address in the To: field matches the Lotus Notes format (CN=Alice
Cameron/O=Example Corp) and Notes native encryption is enabled, PGP Desktop allows the email to be sent encrypted using Lotus Notes. If the email address in the To: field is an SMTP address ( [email protected]
), PGP Desktop encrypts the email to your
PGP key.
Using PGP Desktop with IBM Lotus Notes
Using Lotus Notes Native Encryption
287
Notes Native Encryption is available for both PGP Universal Server-managed environments as well as standalone environments. For more information, go to the the
Symantec Knowledgebase
(http://www.symantec.com/business/support/index?page=home) and search for
TECH149530, "HOW TO: Enable Lotus Notes Native Encryption with PGP Desktop".
PGP Desktop applies the messaging policies for Sign and Encrypt Buttons to all outgoing Lotus Notes messages when the options to Sign and/or Encrypt have been selected. For information on these policies, see Security Policy Information and
Examples (on page 97). If the policies do not exist in your standalone environment, you
will need to create them.
To use Notes native encryption
1 Compose the message in Lotus Notes.
2 Select the boxes for Sign and/or Encrypt in the message toolbar (if available in the template). If not, choose Delivery Options and under the Security Options section, select the boxes for Sign and/or Encrypt.
Note: These boxes must be selected each time you want to send an email using
Notes native encryption.
3 Send the message.
ƒ If mail policy is set to encrypt and the email recipient is a Notes user, the message is sent encrypted using Notes native encryption. Click More on the notifier message to verify the message is processed and encrypted using
Lotus Notes. When the recipient opens the message, there is no PGP annotation included.
ƒ If mail policy is set to encrypt and the email recipient is an SMTP address,
PGP Desktop looks up the PGP key and the message is sent encrypted using
PGP Desktop. When the recipient opens the message, the standard PGP annotation is included.
ƒ If mail policy is set to encrypt and the email recipient is an SMTP address and you are connected to the Lotus Notes Domino server, Lotus Notes tries to resolve the SMTP address to the Lotus Notes address. If successful, the message is then sent using Notes native encryption. Click More on the notifier message to verify the message is processed and encrypted using
Lotus Notes. When the recipient opens the message, there is no PGP annotation included.
ƒ If mail policy is set to sign, Lotus Notes signs the message with the senders
Notes key. No encryption occurs using Lotus Notes or PGP Desktop. Note that if the box to Sign the message is not selected, PGP Desktop signs the message using the sender's PGP key.
Index
A
access lists, importing in PGP NetShare • 214
Active Directory groups in PGP NetShare • 214, 215,
216
Additional Decryption Keys (ADKs) • 64
Advanced Encryption Standard Instructions • See
AES-NI
AES, algorithm in PGP Virtual Disk • 186
AES-NI • 142, 167
Aladdin eToken Pro USB token • 134, 136, 139 alerts • See notifiers application window • 26 applications, force or bypass encryption from • 202 archives • 225 advanced options • 226 creating • 226 editing • 235 opening • 234, 235 self-decrypting • 231, 234 signing only • 232 verifying signed • 236 audible sounds, PGP WDE authentication • 148 authentication in PGP Whole Disk Encryption • 133,
148 audible sounds during • 148 method used, determining • 133 authorized users, in PGP NetShare • 195, 211 automatic backup software, using on PGP WDE disks
• 160 automatic mounting of PGP Virtual Disk volumes •
174
B
backing up keys • 40 backup software, using • 160, 220
BartPE, using with PGP WDE • 169 basic steps for using • 14 binding, manually to a PGP Universal Server • 281 biometric word list, explained • 49 blacklisted, in PGP NetShare • 201, 202
BootGuard • See PGP BootGuard screen bypass, PGP WDE SSO login • 154
C
CACs • 245
CAST, algorithm in PGP Virtual Disk • 186 changing your passphrase • 54 characters, supported in PGP WDE • 141
Client Key Mode (CKM) • 108
Common Access Cards (CACs) • 245 compacting, PGP Virtual Disk • 179 control box • 26 coordinator for PGP NetShare • 201
CPU usage, during encryption • 139 creating • 36, 85, 92, 174, 226, 277 keypair • 36, 249 messaging policy • 92 messaging service • 85 passphrases, strong • 277
PGP Virtual Disk volume • 174
PGP Zip archive • 226
D
data recovery • 165 decrypting • 167 default policies • 83, 97, 98, 99, 100 deleting files, deleting permanently • 240 keys • 55, 252 messaging policy • 105
PGP Virtual Disks • 184 signature from public key • 58 subkey • 64 user IDs • 55 users • 181, 213 designated revoker • 65 digital signatures • 40, 41, 43, 55, 61, 73, 228, 229,
232 disk notifiers • 32 disk read/write error • 142 disks adding users to encrypted • 155 encrypting • 140, 142 errors during encryption • 144 options • 267 recovery, creating • 165 removable • 160, 162 scheduled wiping • 242 supported in PGP WDE • 128 using encrypted • 145 distributing virtual disks • 185 drives, removable in PGP WDE • 162
E
email • 75 copying public keys from • 44 copying to your Inbox with PGP Viewer • 119 exporting email from PGP Viewer • 120 key from a smart card • 250 key to a file • 42
29 Index
0 including your public key in • 42 key modes • 108 messaging log • 110 multiple accounts • 90 notifiers • 30 options • 263 securing • 75 services and policies • 83 viewing encrypted with PGP Viewer • 118 encrypt and sign buttons in Microsoft Outlook • 81,
98, 99, 100 encrypting IM sessions • 75, 113, 118, See PGP
Messaging encryption adding users to • 155 algorithm used • 129, 186 calculate duration of in PGP WDE • 131 deleting users from PGP WDE • 156 disk errors during • 142, 144 disks or partitions • 140, 142 instant messaging sessions • 115
Maximum CPU Usage option • 131, 139 options in PGP WDE • 135 partitions in PGP WDE • 136 passphrase in PGP Zip • 229 pilot test • 132
Power Failure Safety option • 132, 139 recipient keys in PGP Zip • 228 reducing time of initial • 131, 139 re-encrypting disk or partition • 157 using PGP WDE-encrypted disk • 145, 162
exchanging virtual disks • 185 exporting email messages • 120
F
files blacklisted in PGP NetShare • 201 exporting public keys to • 42 files, deleting permanently • 240 properties of, PGP NetShare • 220 protecting outside of protected folder • 218 using in Protected Folders • 207, 208, 209 files, deleting permanently • 240 fingerprint, verifying digital • 56
FIPS • 272 flags, specifying usage on subkeys • 62 folder wiping • 240, 242 folders, protected in PGP NetShare • 195 forensics, recovering data • 165 forgotten passphrases • 70
Free Space Wipe • See shredding free space
G
generating keypairs • 36, 249 granting trust • 59 group key, PGP NetShare • 200 groups, Active Directory • 214
Guarded Key Mode (GKM) • 108
H
hibernation • 168, 187, See sleep, Mac OS X and PGP
WDE
I
IBM Lenovo Rescue and Recovery • 169 importing, private keys and certificates • 52 incoming email • 76 incoming email notifiers • 31 installing PGP Desktop • 17 instant messaging • 113 options • 264 sessions encrypting • 115
J
JavaCards • 245
K
key ID • 49 key modes • 108, 272 key reconstruction • 70, See reconstructing your key keyboard hot keys • 272 keyboard, supported in PGP WDE • 129, 150 keypair • 12 creating • 36 smart card • 249, 251 keyrings • 35, 39, 55 keys • 35, 49
creating • 36 deleting from your keyring • 55 disabling • 55 distributing, public • 40 email, including in • 42 enabling • 55 exporting • 42, 250 granting trust for validations • 59 group key in PGP NetShare • 200 importing • 52 keyserver, uploading to • 42 lost • 69, 70 master keys • 46 multiple user names and email addresses • 51 options • 258 properties • 49 protecting • 73 reconstructing • 70 rejoining a split key • 67, 68 replacing a photo ID • 50 revoking • 65, 66 saving public to file • 42 signing • 57, 58 splitting • 67 subkeys • 59 verifying public • 56 viewing • 35 keyserver sending your public key to • 41 keyservers • 12, 44 getting someone's public key from • 43 list of • 258 searching • 43 sending your public key to • 41 using to circulate revoke keys • 66
L
language support for PGP WDE • 150 licensing • 4, 5, 21, 125, 199 local policy • See offline policy local users • 152, 157 locked out, at PGP BootGuard screen • 149 log, messaging • 34, 110 logging in, PGP BootGuard screen • 145 lost key or passphrase • 69
Lotus Notes email client • 283, 286
M
mail servers, see messaging services • See messaging mailing list policies • 97, 98, 99, 100, 102
MAPI • 283 master keys options • 46, 47, 260
Index 29
messaging • 83 creating new • 85 deleting • 89 disabling and enabling • 89 editing existing • 88
Lotus Notes • 283
MAPI • 283 messaging log • 110 multiple • 90 notifiers • 30 options • 261 troubleshooting • 90
Microsoft Outlook, sign and encrypt buttons • 81, 98,
99, 100 mobile data • See PGP Portable mounting PGP Virtual Disk volumes • 178 moving PGP Desktop to another computer • 22 multiple messaging services • 90
N
NetShare • See PGP NetShare
Notes ID • See Lotus Notes email client
Notes Native Encryption • 286
Notifier feature described • 30 for instant messaging • 32 notifiers • 30, 270
O
offline policy • 31, 79, 82, 84 options • 255 advanced • 272 disk • 267 encryption • 135, 139
instant messaging • 261, 264 keys • 258 master keys • 260 messaging • 261 notifier • 266
PGP NetShare • 218, 266
PGP Viewer • 120, 121 proxy • 263 outgoing email • 79 outgoing email notifiers • 31
P
partitions, encrypting • 128, 136, 140, 155 passphrase forgotten • 278 passphrase quality bar • 276
Passphrase Quality bar • 276 passphrases • 38, 186, 275
29 Index
adding alternate ones for PGP Virtual Disk • 155 alternate, adding • 155, 181 authenticating with in PGP WDE • 133 changing • 54, 153, 156, 183, 193, 251 clearing cached • 218 encrypting with in PGP Zip • 229 forgotten • 69, 70
PGP Whole Disk Encryption • 133 setting • 36
Single Sign-On • 133 strong, creating • 277 supported characters in PGP WDE • 141 passwords • See passphrases
PGP administrator • 162, 279
PGP BootGuard screen • 141, 145, 148, 149, 150
PGP Desktop described • 11 in PGP Universal-managed environment • 279 installing • 19 main screen • 25, 26
PGP tray icon • 27 policies described • 83
Setup Assistant • 21
SSL/TLS support • 106 system requirements • 17 uninstalling • 22 upgrading • 19
PGP Desktop Log • 34
PGP Global Directory • 11, 44
PGP Keys • See keys creating a keypair • 36
PGP Keyservers List • See keyservers
PGP Log • 34
PGP Messaging • 11, 75, 110 services and policies • 83 services described • 83
PGP NetShare • 11, 195, See protected folders
Active Directory groups • 214, 215, 216 application-based encryption list • 202 backing up protected files • 220 blacklisted files • 201, 202 coordinator, establishing • 201 corrupted, deleted, or overwritten file usage of •
205 decryption bypass applications • 202
Edit menu options • 223
File menu options • 222 folder status, checking • 209 group keys • 200 groups, Active Directory • 214 importing access lists from another folder • 214 licensing • 199
Netshare menu options • 223 notifiers • 32 options • 218 passphrase, clearing • 218
PGP Universal-managed environment • 221
PGP Virtual Disk or PGP WDE, using with • 195 properties of file or folder • 220 roles • 197, 212 users • 211, 214 whitelisted folders • 202
PGP Portable • 189
PGP RDD • See PGP Remote Disable and Destroy
PGP Remote Disable and Destroy • 126
PGP Shred • 11, 239 files, deleting permanently • 240
PGP Zip, using with • 226 shredding free space • 241, 242
PGP tray icon • 27
PGP Universal • 70, 279
PGP Universal Server • 3, 11, 36, 44, 70, 162, 221,
272, 279, 280, 281, 283
PGP Universal Services Protocol (USP) • 44
PGP Viewer • 117, 118, 119, 120, 121 options • 120
PGP Virtual Disk • 11, 173, 186 alternate users • 181 backing up • 185 creating new • 174 encryption algorithms • 186 exchanging • 185 finding • 177 maintaining • 184 mounting • 174, 178 passphrases, changing • 183 re-encrypting • 180 security precautions • 186 unmounting • 178, 179
PGP Whole Disk Encryption • 11, 123
authentication options • 133 automatic backup software • 160 backing up encrypted disks • 159 compatibility with third-party applications • 132 decrypting an encrypted disk • 167 disk errors during encryption • 142, 144 disk types, supported • 128 disk, maintaining security of • 154 disk, using encrypted • 145 encrypting a disk • 142 encryption algorithm used • 129 encryption duration, calculating • 131 encryption options • 135, 139 keyboard layouts • 150 licensing • 125 notifiers • 32 options when encrypting disks • 132, 135, 139 partitions • 136 passphrase • 133, 141, 153, 156, 158
PGP BootGuard screen • 145, 148
PGP Universal Server, managed • 162 power, during encryption • 132 prepare disk for • 127 public key authentication • 134 recovery disks, creating • 165 recovery tokens • 164 re-encrypting an encrypted disk • 157 removable drives • 160, 162 security precautions • 168
Single Sign-On, using with • 133, 152, 153, 154 supported disk types • 128 token-based authentication • 134, 136 uninstalling • 160 users, working with • 155, 156
PGP Zip • 11, 225 adding a file or folder to • 235 advanced options, creating archive • 226 archive, creating • 226 deleting a file or folder • 235 editing an archive • 235 encrypting archives • 228, 229 extracting files from • 235 opening an archive • 234, 235 saving changes • 235 self-decrypting archives • 231, 234 shredding files after archiving • 226 signing only • 232 verifying signed archives • 236 photographic ID, on keys • 50
PKCS-11 library • 245
PKCS-12 X.509 certificates, importing • 52 policies • 83
Index 29
changing order of • 106 creating messaging • 92 default policies • See default policies deleting • 105 examples of messaging • 97 power failure safety option • 139 primary name, on key • 51, 52 private keys • 12, 36, 38, 52 properties • 49, 221, 248 protected folders • 203, 221, See protected folders access lists, importing • 214
Active Directory groups • 214 backing up files and folders • 220 blacklisted files in • 201 creating • 205 files, using in • 207, 209 files, using outside of • 218 licensing • 199 location, determining • 204 properties • 221 re-encrypting • 217 removing • 216 status of • 209 subfolders in • 209 unlocking • 208 users, in protected folders • 199, 200, 211, 214 viewing files in • 209 protecting keys • 73 public keys • 12 advantages of sending to key server • 41 authenticating with in PGP WDE • 134 copying from a smart card • 250 copying from email messages • 44 disabling and enabling • 55 distributing to others • 40 email message, including in • 42 exporting to files • 42 getting others • 43
PGP Whole Disk Encryption • 134 saving to file • 42 searching keyserver • 43 sending to keyserver • 41 signing • 57 verifying • 56
R
read/write error • 142 read-only disk or partition information • 154 reconstructing keys • 70 reconstructing your key • 40, 70, 158 recovering data from an encrypted drive • 165 recovery disks, creating in PGP WDE • 165 recovery tokens • 164 re-encrypting • 157, 217 reformatting encrypted removable disks • 162
29 Index
rejoining split keys • 67, 68
Remote Disable and Destroy • See PGP Remote
Disable and Destroy removable drives in PGP WDE • 160, 161, 162 removing • 50, 64, 252
Rescue and Recovery • See IBM Lenovo Rescue and
Recovery resetting key mode • 108, 272 revokers, key • 65 revoking keys and signatures • 58, 63, 66 roles, in PGP NetShare • 197, 212
S
S/MIME email, importing certificates in • 54 schedulihg free space shredding • 242 searching keyserver • 43 secure instant messaging (IM) • 113 security precautions • 168, 186 self-decrypting archives • 231, 234 separate signing subkey • 11
Server Client Key Mode (SCKM) • 108
Server Key Mode (SKM) • 108 services • 83 services, messaging • 83, 84, 85, 90 setup assistant • 21 shortcut menus, in PGP Netshare • 220 shredding files • 239 shredding free space • 11, 240, 241, 242 sign and encrypt buttons in Microsoft Outlook • 81,
98, 99, 100 signature verification • 77 signatures, deleting from keys • 55, 58 signing • 55 archives in PGP Zip • 232, 235 keys • 55, 57 public keys • 57
Single Sign-On • 133, 152 bypassing, in PGP WDE • 154 logging in with PGP WDE • 153 passphrase, changing • 153, 157 using with PGP WDE • 152, 153 sleep, Mac OS X and PGP WDE • 169 smart card • 12, 245 authenticating with, at PGP BootGuard • 137 cards, supported in PGP WDE • 138 changing passphrase • 251 copying keypair to • 251 copying your public key from • 250
JavaCards • 245 keypair, creating new on • 249 personalization • 245
PKCS-11 • 245 properties • 248 readers, supported in PGP WDE • 137 wiping keys from • 252 sounds, during PGP WDE authentication • 148 splitting keys • 67
SSL/TLS support • 106 standby, PGP WDE • 168
Start Menu • 29 strong passphrases • 277 subkeys • 59 creating new • 62 encryption • 62 encryption and signing • 62 expiration • 59, 62 icons • 59 looking at • 61 properties • 59 removing • 64 revoking • 63 separate • 59 setting size of • 62 signing • 62 size • 59 subkey usage • 62 symbols • 59 validity • 59 viewing • 59 working with • 59
system partition, modifying • 155 system requirements • 17, 128, 132, 136, 139
T
Tablet PC, using in PGP WDE • 147 tasks, scheduled freespace wiping • 242
terminology • 3, 11, 13, 83, 108, 195 third-party software, compatibility with • 132, 160 token • 136, 245 authenticating with in PGP WDE • 134 copying to or from • 250, 251 creating a new keypair on • 249
PGP Whole Disk Encryption, using with • 134, 136 properties • 248 supported tokens in PGP WDE • 138 wiping keys from • 252
TPM • See Trusted Platform Module (TPM)
Authentication tray icon • See PGP tray icon troubleshooting • 6, 90, 144 trust, granting for key validations • 59
Trusted Platform Module (TPM) Authentication • 134
Twofish, algorithm in PGP Virtual Disk • 186
U
uninstalling • 22, 160 unlocking Protected Folders • 208
unmounting • 194
PGP Portable Disks • 194
PGP Virtual Disk volumes • 178, 179
Unversal Server • See PGP Universal update policy • 27, 82 upgrading • 19, 21 usage flags, on subkeys • 62 usage flags, specifying • 62 user interface, main window • 26 user names, on keys • 51 users • 181, 211
PGP NetShare, importing access lists in • 214
PGP Whole Disk Encryption, adding or deleting from • 155, 156 protected folders, authorized in • 195, 211, 213
USP • See PGP Universal Services Protocol (USP)
V
validating keys • 59 verifying PGP Zip signed archives • 236 viewing subkeys • 59 virtual disks • See PGP Virtual Disk
W
whitelisted, in PGP NetShare • 202 wildcards, in policies • 96
Windows Explorer • 28
Windows Login dialog box, displaying • 154
Windows Preinstallation Environment, using with
PGP WDE • 169
WINS host • 286 wiping files • See shredding files, See shredding free space wiping, keys from your smart card • 252 word list, biometric • 49
X
X.509 certificates • 52, 54
Index 29
5
advertisement
Key Features
- Encrypts and decrypts emails to protect your privacy
- Signs and verifies digital signatures to ensure the authenticity of messages
- Manages PGP keys and certificates for secure key management
- Provides a user-friendly interface for easy setup and use
- Integrates with Microsoft Outlook for seamless email encryption and signing
- Supports multiple email accounts and services for comprehensive protection
- Offers advanced security features like key splitting and reconstruction for added protection
- Complies with industry standards for secure email communication
Related manuals
Frequently Answers and Questions
How do I install PGP Desktop?
How do I create a PGP keypair?
How do I encrypt an email message?
How do I decrypt an encrypted email message?
How do I sign a digital signature?
How do I verify a digital signature?
advertisement
Table of contents
- 13 About PGP Desktop 10.2 for Windows
- 13 What's New in PGP Desktop Version 10.2 for Windows
- 15 Using this Guide
- 15 “Managed” versus “Unmanaged” Users
- 15 Conventions Used in This Guide
- 16 Who Should Read This Document
- 16 About PGP Desktop Licensing
- 16 Licensing PGP Desktop for Windows
- 17 Checking License Details
- 18 If Your License has Expired
- 19 Technical Support
- 20 Contacting Technical Support
- 20 Licensing and registration
- 20 Customer service
- 21 Support agreement resources
- 23 PGP Desktop Basics
- 23 PGP Desktop Terminology
- 23 PGP Product Components
- 24 Terms Used in PGP Desktop
- 25 Conventional and Public Key Cryptography
- 26 Using PGP Desktop for the First Time
- 29 Installing PGP Desktop
- 29 Before You Install
- 29 System Requirements
- 30 Citrix and Terminal Services Compatibility
- 31 Installing and Configuring PGP Desktop
- 31 Installing the Software
- 31 Upgrading the Software
- 33 Licensing PGP Desktop
- 33 Running the Setup Assistant
- 34 Uninstalling PGP Desktop
- 34 Moving Your PGP Desktop Installation From One Computer to Another
- 37 The PGP Desktop User Interface
- 37 Accessing PGP Desktop Features
- 38 The PGP Desktop Main Screen
- 39 Using the PGP Tray Icon
- 40 Using Shortcut Menus in Windows Explorer
- 41 Using the Start Menu
- 42 PGP Desktop Notifier alerts
- 42 PGP Desktop Notifier for Messaging
- 44 PGP Desktop Notifier for Disk features
- 45 Enabling or Disabling Notifiers
- 46 Viewing the PGP Log
- 47 Working with PGP Keys
- 47 Viewing Keys
- 48 Creating a Keypair
- 50 Passwords and Passphrases
- 50 Protecting Your Private Key
- 51 Protecting Keys and Keyrings
- 52 Backing up Your Private Key
- 52 What if You Lose Your Key?
- 52 Distributing Your Public Key
- 53 Placing Your Public Key on a Keyserver
- 54 Including Your Public Key in an Email Message
- 54 Exporting Your Public Key to a File
- 55 Copying from a Smart Card Directly to Someone’s Keyring
- 55 Getting the Public Keys of Others
- 55 Getting Public Keys from a Keyserver
- 56 Getting Public Keys from Email Messages
- 56 Working with Keyservers
- 58 Using Master Keys
- 58 Adding Keys to the Master Key List
- 59 Deleting Keys from the Master Key List
- 61 Managing PGP Keys
- 61 Examining and Setting Key Properties
- 62 Working With Photographic IDs
- 63 Managing User Names and Email Addresses on a Key
- 64 Importing Keys and X.509 Certificates
- 65 Using the Import Certificate Assistant
- 66 Importing X.509 Certificates Included in S/MIME Email Messages
- 66 Changing Your Passphrase
- 67 Deleting Keys, User IDs, and Signatures
- 67 Disabling and Enabling Public Keys
- 68 Verifying a Public Key
- 69 Signing a Public Key
- 70 Revoking Your Signature from a Public Key
- 71 Granting Trust for Key Validations
- 71 Working with Subkeys
- 73 Using Separate Subkeys
- 73 Viewing Subkeys
- 74 Creating New Subkeys
- 74 Specifying Key Usage for Subkeys
- 75 Revoking Subkeys
- 76 Removing Subkeys
- 76 Working with ADKs
- 76 Adding an ADK to a Keypair
- 77 Updating an ADK
- 77 Removing an ADK
- 77 Working with Revokers
- 78 Appointing a Designated Revoker
- 78 Revoking a Key
- 79 Splitting and Rejoining Keys
- 79 Creating a Split Key
- 80 Rejoining Split Keys
- 81 If You Lost Your Key or Passphrase
- 82 Reconstructing Keys with PGP Universal Server
- 82 Creating Key Reconstruction Data
- 84 Reconstructing Your Key if You Lost Your Key or Passphrase
- 85 Protecting Your Keys
- 87 Securing Email Messages
- 87 How PGP Desktop Secures Email Messages
- 88 Incoming Messages
- 89 Verifying Signatures on Incoming Messages
- 91 Understanding Annotations on Incoming Messages
- 91 Outgoing Messages
- 91 Securing Sent Items on IMAP Email Servers
- 92 Sending MAPI Email with Microsoft Outlook
- 93 Using the Sign and Encrypt Buttons in Microsoft Outlook
- 94 Using Offline Policy
- 95 Services and Policies
- 96 Viewing Services and Policies
- 97 Creating a New Messaging Service
- 100 Editing Messaging Service Properties
- 101 Disabling or Enabling a Service
- 101 Deleting a Service
- 102 Multiple Services
- 102 Troubleshooting PGP Messaging Services
- 104 Creating a New Security Policy
- 108 Regular Expressions in Policies
- 109 Security Policy Information and Examples
- 113 Working with the Security Policy List
- 113 Editing a Security Policy
- 114 Editing a Mailing List Policy
- 117 Deleting a Security Policy
- 118 Changing the Order of Policies in the List
- 118 PGP Desktop and SSL
- 120 Key Modes
- 121 Determining Key Mode
- 121 Changing Key Mode
- 122 Viewing the PGP Log
- 125 Securing Instant Messaging
- 125 About PGP Desktop Instant Messaging Compatibility
- 126 Instant Messaging Client Compatibility
- 126 About the Keys Used for Encryption
- 127 Encrypting your IM Sessions
- 129 Viewing Email with PGP Viewer
- 129 Overview of PGP Viewer
- 130 Compatible Email Clients
- 130 Opening an Encrypted Email Message or File
- 131 Copying Email Messages to Your Inbox
- 132 Exporting Email Messages
- 132 Specifying Additional Options
- 133 Specifying Options in PGP Viewer
- 133 Security Features in PGP Viewer
- 135 Protecting Disks with PGP Whole Disk Encryption
- 136 About PGP Whole Disk Encryption
- 137 How does PGP WDE Differ from PGP Virtual Disk?
- 137 Licensing PGP Whole Disk Encryption
- 138 Using PGP Remote Disable and Destroy
- 139 Prepare Your Disk for Encryption
- 140 Supported Disk Types
- 141 Supported Keyboards
- 143 Supported Input Method Editors (IME)
- 143 Ensure Disk Health Before Encryption
- 143 Calculate the Encryption Duration
- 144 Maintain Power Throughout Encryption
- 144 Run a Pilot Test to Ensure Software Compatibility
- 145 Determining the Authentication Method for the Disk
- 145 Passphrase and Single Sign-On Authentication
- 146 Public Key Authentication
- 146 Token-Based Authentication
- 146 Trusted Platform Module (TPM) Authentication
- 147 Setting Encryption Options
- 148 Partition-Level Encryption
- 148 Preparing a Smart Card or Token to Use For Authentication
- 151 Using PGP Whole Disk Encryption Options
- 152 Encrypting a Disk or Partition
- 153 Supported Characters for PGP WDE Passphrases
- 154 Encrypting the Disk
- 156 Encountering Disk Errors During Encryption
- 157 Using a PGP WDE-Encrypted Disk
- 157 Authenticating at the PGP BootGuard Screen
- 162 Selecting Keyboard Layouts
- 164 Using PGP WDE Single Sign-On
- 164 Prerequisites for Using Single Sign-On
- 164 Encrypting the Disk to Use Single Sign-On
- 165 Multiple Users and Single Sign-On
- 165 Logging in with Single Sign-On
- 165 Changing Your Passphrase With Single Sign-On
- 166 Displaying the Windows Login dialog box
- 166 Maintaining the Security of Your Disk
- 166 Getting Disk or Partition Information
- 167 Adding Other Users to an Encrypted Disk or Partition
- 168 Deleting Users From an Encrypted Disk or Partition
- 168 Changing User Passphrases
- 169 Re-Encrypting an Encrypted Disk or Partition
- 170 If you Forgot Your Passphrase
- 171 Backing Up and Restoring
- 172 Uninstalling PGP Desktop from Encrypted Disks or Partitions
- 172 Working with Removable Disks
- 172 Encrypting Removable Disks
- 173 Using Locked (Read-Only) Disks as Read-Only
- 174 Moving Removable Disks to Other Systems
- 174 Reformatting an Encrypted Removable Disk
- 174 Using PGP WDE in a PGP Universal Server-Managed Environment
- 175 PGP Whole Disk Encryption Administration
- 176 Creating a Recovery Token
- 176 Using a Recovery Token
- 177 Recovering Data From an Encrypted Drive
- 177 Creating and Using Recovery Disks
- 179 Decrypting a PGP WDE-Encrypted Disk
- 180 Special Security Precautions Taken by PGP Desktop
- 180 Passphrase Erasure
- 180 Virtual Memory Protection
- 180 Hibernation vs Standby
- 180 Memory Static Ion Migration Protection
- 181 Other Security Considerations
- 181 Using the Windows Preinstallation Environment
- 181 Using PGP Whole Disk Encryption with IBM Lenovo ThinkPad Systems
- 182 Using PGP Whole Disk Encryption with the Microsoft Windows XP Recovery Console
- 185 Using PGP Virtual Disks
- 185 About PGP Virtual Disks
- 186 Creating a New PGP Virtual Disk
- 189 Viewing the Properties of a PGP Virtual Disk
- 189 Finding PGP Virtual Disks
- 190 Using a Mounted PGP Virtual Disk
- 190 Mounting a PGP Virtual Disk
- 191 Unmounting a PGP Virtual Disk
- 191 Compacting a PGP Virtual Disk
- 192 Re-Encrypting PGP Virtual Disks
- 193 Working with Alternate Users
- 193 Adding Alternate User Accounts to a PGP Virtual Disk
- 193 Deleting Alternate User Accounts from a PGP Virtual Disk
- 194 Disabling and Enabling Alternate User Accounts
- 194 Changing Read/Write and Read-Only Status
- 195 Granting Administrator Status to an Alternate User
- 195 Changing User Passphrases
- 196 Deleting PGP Virtual Disks
- 196 Maintaining PGP Virtual Disks
- 196 Mounting PGP Virtual Disk Volumes on a Remote Server
- 197 Backing up PGP Virtual Disk Volumes
- 197 Exchanging PGP Virtual Disks
- 198 The PGP Virtual Disk Encryption Algorithms
- 198 Special Security Precautions Taken by PGP Virtual Disk
- 198 Passphrase Erasure
- 199 Virtual Memory Protection
- 199 Hibernation
- 199 Memory Static Ion Migration Protection
- 199 Other Security Considerations
- 201 Creating and Accessing Mobile Data with PGP Portable
- 201 Creating PGP Portable Disks
- 202 Creating a PGP Portable Disk from a Folder
- 202 Creating a PGP Portable Disk from a Removable USB Device
- 204 Creating Read/Write or Read-Only PGP Portable Disks
- 204 Accessing Data on a PGP Portable Disk
- 205 Changing the Passphrase for a PGP Portable Disk
- 206 Unmounting a PGP Portable Disk
- 207 Using PGP NetShare
- 207 About PGP NetShare
- 209 PGP NetShare Roles
- 210 Integrating with Symantec Data Loss Prevention
- 211 Licensing PGP NetShare
- 212 Authorized User Keys
- 212 Using a Group Key
- 213 Establishing a PGP NetShare Admin (Owner)
- 213 "Blacklisted" and "Whitelisted" Files, Folders, and Applications
- 213 “Blacklisted” and Other Files You Cannot Protect
- 214 "Blacklisted" and "Whitelisted" Folders Specified by PGP Universal Server
- 214 Application-based Encryption and Decryption Bypass Lists
- 215 Working with Protected Folders
- 216 Choosing the Location for a Protected Folder
- 217 Creating a New PGP NetShare Protected Folder
- 219 Using Files in a PGP NetShare Protected Folder
- 220 Unlocking a Protected Folder
- 221 Determining the Files in a Protected Folder
- 221 Adding Subfolders to a Protected Folder
- 221 Checking Folder Status
- 222 Copying Protected Folders to Other Locations
- 223 Working with PGP NetShare Users
- 223 Adding a PGP NetShare User
- 224 Changing a User's Role
- 225 Deleting a User from a Protected Folder
- 226 Importing PGP NetShare Access Lists
- 226 Working with Active Directory Groups
- 227 Setting up PGP NetShare to Work with Groups
- 227 Adding an Active Directory Group to a Protected Folder
- 228 Refreshing Groups
- 228 Decrypting PGP NetShare-Protected Folders
- 229 Re-Encrypting a Folder
- 230 Clearing a Passphrase
- 230 Protecting Files Outside of a Protected Folder
- 232 Backing Up PGP NetShare-Protected Files
- 232 Accessing PGP NetShare Features using the Shortcut Menu
- 233 PGP NetShare in a PGP Universal Server-managed Environment
- 233 Accessing the Properties of a Protected File or Folder
- 234 Using the PGP NetShare Menus in PGP Desktop
- 234 The File Menu
- 235 The Edit Menu
- 235 The NetShare Menu
- 237 Using PGP Zip
- 237 Overview
- 238 Creating PGP Zip Archives
- 240 Encrypting to Recipient Keys
- 241 Encrypting with a Passphrase
- 243 Creating a PGP Self-Decrypting Archive (SDA)
- 244 Creating a Sign Only Archive
- 246 Opening a PGP Zip Archive
- 246 Opening a PGP Zip SDA
- 247 Editing a PGP Zip Archive
- 248 Verifying Signed PGP Zip Archives
- 251 Shredding Files with PGP Shredder
- 251 Using PGP Shredder to Permanently Delete Files and Folders
- 252 Shredding Files using the PGP Shredder Icon on Your Desktop
- 252 Shredding Files From Within PGP Desktop
- 253 Shredding Files in Windows Explorer
- 253 Using the PGP Shred Free Space Assistant
- 254 Scheduling Free Space Shredding
- 257 Storing Keys on Smart Cards and Tokens
- 257 About Smart Cards and Tokens
- 258 Compatible Smart Cards
- 260 Recognizing Smart Cards
- 260 Examining Smart Card Properties
- 261 Generating a PGP Keypair on a Smart Card
- 262 Copying your Public Key from a Smart Card to a Keyring
- 263 Copying a Keypair from Your Keyring to a Smart Card
- 264 Wiping Keys from Your Smart Card
- 264 Using Multiple Smart Cards
- 267 Setting PGP Desktop Options
- 267 Accessing the PGP Options dialog box
- 268 General Options
- 270 Keys Options
- 272 Master Keys Options
- 273 Messaging Options
- 275 Proxy Options
- 278 PGP NetShare Options
- 279 Disk Options
- 282 Notifier Options
- 284 Advanced Options
- 287 Working with Passwords and Passphrases
- 287 Choosing whether to use a password or passphrase
- 288 The Passphrase Quality Bar
- 289 Creating Strong Passphrases
- 290 What if You Forget Your Passphrase?
- 291 Using PGP Desktop with PGP Universal Server
- 291 Overview
- 292 For PGP Administrators
- 293 Manually binding to a PGP Universal Server
- 295 Using PGP Desktop with IBM Lotus Notes
- 295 About Lotus Notes and MAPI Compatibility
- 295 Using PGP Desktop with Lotus Notes
- 295 Sending email to recipients inside your Lotus Notes organization
- 296 Sending email to recipients outside your Lotus Notes organization
- 296 Binding to a PGP Universal Server
- 297 Pre-Binding
- 297 Manual Binding
- 297 Notes Addresses
- 298 Notes Client Settings
- 298 The Notes.ini Configuration File
- 298 Using Lotus Notes Native Encryption