D

Using PGP Desktop with IBM Lotus

Notes

This section describes use of PGP Desktop with Lotus Notes, including MAPI.

In This Chapter

About Lotus Notes and MAPI Compatibility ...........................................................283

Using PGP Desktop with Lotus Notes ......................................................................283

Binding to a PGP Universal Server ...........................................................................284

Notes Addresses...........................................................................................................285

Notes Client Settings ..................................................................................................286

Using Lotus Notes Native Encryption......................................................................286

About Lotus Notes and MAPI Compatibility

Once set up correctly, PGP Desktop messaging with Lotus Notes and MAPI email clients in a PGP Universal-protected environment works the same as with POP or IMAP email

clients, as described in Securing Email Messages (on page 75). The information in this

appendix supplements the information in that chapter.

Lotus Notes is a groupware application that provides messaging, calendaring, and scheduling capabilities. Refer to the PGP Desktop for Windows Release Notes for information on compatible Lotus Notes email clients.

MAPI (Messaging Application Programming Interface) is a messaging architecture and a client interface used in Microsoft Exchange environments.

Lotus Notes and MAPI compatibility in PGP Desktop means you get your messaging protected by PGP technology while using your existing email client, plus the other features Lotus Notes and MAPI make available to you.

PGP Desktop installation is compatible with both Lotus Notes Single-User and

Multi-User installation.

Using PGP Desktop with Lotus Notes

This section provides an overview of the interoperability of PGP Desktop and PGP

Universal in a Lotus Notes environment.

Sending email to recipients inside your Lotus Notes organization

Within the Lotus Notes environment PGP Desktop supports the use of both SMTP and

Notes addressing.

284 Using PGP Desktop with IBM Lotus Notes

Binding to a PGP Universal Server

Using Notes Addresses

Lotus Notes clients using PGP Desktop can use Notes addresses for key lookup. When a

Lotus Notes email client sends an email, the PGP Desktop client recognizes this and automatically adds the Notes address to the key. This key is then synchronized with

PGP Universal to facilitate the lookup of keys by Notes address.

All PGP Universal Server keys have an SMTP email address associated with them (for example, [email protected]

). The keys of internal Lotus Notes email client users have their Notes address on their key in addition to a SMTP email address:

CN=josem/O=notes6@notes6, for example. (External users will never have a Notes address on their key, as contact with external users is always using their SMTP email addresses.) The keys of internal Lotus Notes email client users have both addresses, the

SMTP email address and the Notes address, because requests for the key from PGP

Universal Satellite for Windows could specify either address.

Using SMTP Addresses to a recipient with PGP Desktop

Lotus Notes clients using PGP Desktop can use SMTP IDs for key lookup inside the organization. Some Lotus Notes enterprises utilize SMTP IDs for all internal communication, while others offer their employees a choice. PGP Desktop interoperates within both configurations. In this scenario Lotus Notes typically constructs the email in MIME and the PGP Desktop Proxy performs S/MIME.

Sending email to recipients outside your Lotus Notes organization

Lotus Notes clients using PGP Desktop will use SMTP IDs for email routing and key lookup outside the organization. PGP Desktop interoperates within both configurations.

In this scenario Notes constructs the email in MIME and the PGP Desktop proxy performs S/MIME or PGP/MIME. The recipient receives and decrypts the email.

Binding to a PGP Universal Server

When using Lotus Notes or MAPI email clients with PGP Desktop in a PGP

Universal-protected environment, there may be an extra setup step required because both Lotus Notes and MAPI email clients must directly connect to their Domino or

Exchange mail servers, respectively.

This section does not apply if you are using PGP Desktop standalone; that is, outside of a PGP Universal Server-managed environment.

In addition to communicating with you mail servers, you must also have a relationship with your PGP Universal Server. Both requirements are met by having a policy for the respective mail server and a second policy that includes both the mail server and the

PGP Universal Server.

This is called binding, and it allows your email client to access its mail server to send and receive mail and its PGP Universal Server to get keys and policies. As mentioned, binding is achieved through PGP Desktop messaging policies.

There are two ways the necessary PGP Desktop messaging policies can be created to support binding: pre-binding and manual binding.

Using PGP Desktop with IBM Lotus Notes

Notes Addresses

285

Pre-Binding

With pre-binding, the PGP administrator configures the PGP Desktop installer with the information needed to create the binding in the PGP Desktop messaging policies. So with pre-binding, the right policies come configured in PGP Desktop.

Manual Binding

With manual binding, the PGP administrator does not configure the PGP Desktop installer with the information needed to create the binding in the PGP Desktop messaging policies; you have to create these policies yourself.

To manually bind a mail server and a PGP Universal Server, you must first create a service for the PGP Universal Server and then create another service for the mail server that includes a reference to the PGP Universal Server.

To manually bind a mail server and a PGP Universal Server using PGP Desktop messaging policies

1 Open PGP Desktop.

2 Click the PGP Messaging Control Box.

3 Under existing standalone service, click Universal Server <none> and select

Create new.

4 In the New PGP Universal Service menu, type your Universal Server name and click OK.

5 Using your email client, send yourself a message. For MAPI users, doing this may not be necessary. If not, go to step 8.

6 Click OK on the Operation stopped by your request dialog box.

7 From your in-box, read the email from “PGP Universal.” The PGP Key Generation

Wizard dialog box is displayed.

8 Click Next.

9 Choose a Key Mode from the Key Management Selection, then click Next.

10 In Key Source Selection, choose PGP Desktop key, if you are using PGP Desktop as a standalone application. Otherwise, select New key or Import Key.

11 Click Next.

12 Select the key set and click Next.

13 Click Finish.

Notes Addresses

PGP Desktop keys generally have at least one SMTP email address associated with them: [email protected]

, for example.

286 Using PGP Desktop with IBM Lotus Notes

Notes Client Settings

The PGP Desktop keys of Lotus Notes email client users in a PGP Universal

Server-managed environment may have their Notes address on their key in addition to a SMTP email address: CN=josem/O=notes6@notes6, for example. (Standalone PGP

Desktop users do not have a Notes ID on their key; they always use their SMTP email addresses.)

If you are using PGP Desktop and a Lotus Notes email client in a PGP Universal

Server-managed environment and want to know more information, contact your PGP administrator.

Notes Client Settings

If you are using PGP Desktop with a Lotus Notes email client, you need to make sure that on the Home/Mail Server Setting field of your email client’s location record, the

Servers tab has the full Notes name (host/orgName), and not just the WINS host.

Symantec Corporation recommends that you fill in the Internet mail address field on the Basics tab of the current Location document. OCNOTES relies on this field to determine the user's SMTP email address. If the field is missing, PGP Desktop constructs an SMTP email address for the user based on the Domino Server's Global

Domain document.

If you are in "Island mode" and PGP Desktop fails to look up keys for some or all recipients, PGP Desktop tries to encrypt the message again by looking for keys when the replicator pushes the message to your home server.

If PGP Desktop fails to look up a key for some recipients and the Notes native encryption option is checked, PGP Desktop allows the Lotus Notes client to encrypt the message to the recipients which PGP failed to encrypt.

The Notes.ini Configuration File

PGP Desktop updates the notes.ini configuration and adds the following entry:

EXTMGR_ADDINS=nPGPNote.dll

Be sure that this entry is not modified or removed. PGP Desktop scans the notes.ini file every time it starts. If this entry is missing, it will add the entry again.

Using Lotus Notes Native Encryption

Lotus Notes Native Encryption enables Notes users to send internal email encrypted to the user's Notes key. When PGP Desktop is configured to use Notes native encryption, confidential information can be sent encrypted to internal users by selecting a checkbox when composing the message. All Lotus Notes users have a Notes key.

If the email address in the To: field matches the Lotus Notes format (CN=Alice

Cameron/O=Example Corp) and Notes native encryption is enabled, PGP Desktop allows the email to be sent encrypted using Lotus Notes. If the email address in the To: field is an SMTP address ( [email protected]

), PGP Desktop encrypts the email to your

PGP key.

Using PGP Desktop with IBM Lotus Notes

Using Lotus Notes Native Encryption

287

Notes Native Encryption is available for both PGP Universal Server-managed environments as well as standalone environments. For more information, go to the the

Symantec Knowledgebase

(http://www.symantec.com/business/support/index?page=home) and search for

TECH149530, "HOW TO: Enable Lotus Notes Native Encryption with PGP Desktop".

PGP Desktop applies the messaging policies for Sign and Encrypt Buttons to all outgoing Lotus Notes messages when the options to Sign and/or Encrypt have been selected. For information on these policies, see Security Policy Information and

Examples (on page 97). If the policies do not exist in your standalone environment, you

will need to create them.

To use Notes native encryption

1 Compose the message in Lotus Notes.

2 Select the boxes for Sign and/or Encrypt in the message toolbar (if available in the template). If not, choose Delivery Options and under the Security Options section, select the boxes for Sign and/or Encrypt.

Note: These boxes must be selected each time you want to send an email using

Notes native encryption.

3 Send the message.

ƒ If mail policy is set to encrypt and the email recipient is a Notes user, the message is sent encrypted using Notes native encryption. Click More on the notifier message to verify the message is processed and encrypted using

Lotus Notes. When the recipient opens the message, there is no PGP annotation included.

ƒ If mail policy is set to encrypt and the email recipient is an SMTP address,

PGP Desktop looks up the PGP key and the message is sent encrypted using

PGP Desktop. When the recipient opens the message, the standard PGP annotation is included.

ƒ If mail policy is set to encrypt and the email recipient is an SMTP address and you are connected to the Lotus Notes Domino server, Lotus Notes tries to resolve the SMTP address to the Lotus Notes address. If successful, the message is then sent using Notes native encryption. Click More on the notifier message to verify the message is processed and encrypted using

Lotus Notes. When the recipient opens the message, there is no PGP annotation included.

ƒ If mail policy is set to sign, Lotus Notes signs the message with the senders

Notes key. No encryption occurs using Lotus Notes or PGP Desktop. Note that if the box to Sign the message is not selected, PGP Desktop signs the message using the sender's PGP key.

Index

A

access lists, importing in PGP NetShare • 214

Active Directory groups in PGP NetShare • 214, 215,

216

Additional Decryption Keys (ADKs) • 64

Advanced Encryption Standard Instructions • See

AES-NI

AES, algorithm in PGP Virtual Disk • 186

AES-NI • 142, 167

Aladdin eToken Pro USB token • 134, 136, 139 alerts • See notifiers application window • 26 applications, force or bypass encryption from • 202 archives • 225 advanced options • 226 creating • 226 editing • 235 opening • 234, 235 self-decrypting • 231, 234 signing only • 232 verifying signed • 236 audible sounds, PGP WDE authentication • 148 authentication in PGP Whole Disk Encryption • 133,

148 audible sounds during • 148 method used, determining • 133 authorized users, in PGP NetShare • 195, 211 automatic backup software, using on PGP WDE disks

• 160 automatic mounting of PGP Virtual Disk volumes •

174

B

backing up keys • 40 backup software, using • 160, 220

BartPE, using with PGP WDE • 169 basic steps for using • 14 binding, manually to a PGP Universal Server • 281 biometric word list, explained • 49 blacklisted, in PGP NetShare • 201, 202

BootGuard • See PGP BootGuard screen bypass, PGP WDE SSO login • 154

C

CACs • 245

CAST, algorithm in PGP Virtual Disk • 186 changing your passphrase • 54 characters, supported in PGP WDE • 141

Client Key Mode (CKM) • 108

Common Access Cards (CACs) • 245 compacting, PGP Virtual Disk • 179 control box • 26 coordinator for PGP NetShare • 201

CPU usage, during encryption • 139 creating • 36, 85, 92, 174, 226, 277 keypair • 36, 249 messaging policy • 92 messaging service • 85 passphrases, strong • 277

PGP Virtual Disk volume • 174

PGP Zip archive • 226

D

data recovery • 165 decrypting • 167 default policies • 83, 97, 98, 99, 100 deleting files, deleting permanently • 240 keys • 55, 252 messaging policy • 105

PGP Virtual Disks • 184 signature from public key • 58 subkey • 64 user IDs • 55 users • 181, 213 designated revoker • 65 digital signatures • 40, 41, 43, 55, 61, 73, 228, 229,

232 disk notifiers • 32 disk read/write error • 142 disks adding users to encrypted • 155 encrypting • 140, 142 errors during encryption • 144 options • 267 recovery, creating • 165 removable • 160, 162 scheduled wiping • 242 supported in PGP WDE • 128 using encrypted • 145 distributing virtual disks • 185 drives, removable in PGP WDE • 162

E

email • 75 copying public keys from • 44 copying to your Inbox with PGP Viewer • 119 exporting email from PGP Viewer • 120 key from a smart card • 250 key to a file • 42

29 Index

0 including your public key in • 42 key modes • 108 messaging log • 110 multiple accounts • 90 notifiers • 30 options • 263 securing • 75 services and policies • 83 viewing encrypted with PGP Viewer • 118 encrypt and sign buttons in Microsoft Outlook • 81,

98, 99, 100 encrypting IM sessions • 75, 113, 118, See PGP

Messaging encryption adding users to • 155 algorithm used • 129, 186 calculate duration of in PGP WDE • 131 deleting users from PGP WDE • 156 disk errors during • 142, 144 disks or partitions • 140, 142 instant messaging sessions • 115

Maximum CPU Usage option • 131, 139 options in PGP WDE • 135 partitions in PGP WDE • 136 passphrase in PGP Zip • 229 pilot test • 132

Power Failure Safety option • 132, 139 recipient keys in PGP Zip • 228 reducing time of initial • 131, 139 re-encrypting disk or partition • 157 using PGP WDE-encrypted disk • 145, 162

evaluation licenses • 4

exchanging virtual disks • 185 exporting email messages • 120

F

files blacklisted in PGP NetShare • 201 exporting public keys to • 42 files, deleting permanently • 240 properties of, PGP NetShare • 220 protecting outside of protected folder • 218 using in Protected Folders • 207, 208, 209 files, deleting permanently • 240 fingerprint, verifying digital • 56

FIPS • 272 flags, specifying usage on subkeys • 62 folder wiping • 240, 242 folders, protected in PGP NetShare • 195 forensics, recovering data • 165 forgotten passphrases • 70

Free Space Wipe • See shredding free space

G

general options • 256

generating keypairs • 36, 249 granting trust • 59 group key, PGP NetShare • 200 groups, Active Directory • 214

Guarded Key Mode (GKM) • 108

H

hibernation • 168, 187, See sleep, Mac OS X and PGP

WDE

I

IBM Lenovo Rescue and Recovery • 169 importing, private keys and certificates • 52 incoming email • 76 incoming email notifiers • 31 installing PGP Desktop • 17 instant messaging • 113 options • 264 sessions encrypting • 115

J

JavaCards • 245

K

key ID • 49 key modes • 108, 272 key reconstruction • 70, See reconstructing your key keyboard hot keys • 272 keyboard, supported in PGP WDE • 129, 150 keypair • 12 creating • 36 smart card • 249, 251 keyrings • 35, 39, 55 keys • 35, 49

creating • 36 deleting from your keyring • 55 disabling • 55 distributing, public • 40 email, including in • 42 enabling • 55 exporting • 42, 250 granting trust for validations • 59 group key in PGP NetShare • 200 importing • 52 keyserver, uploading to • 42 lost • 69, 70 master keys • 46 multiple user names and email addresses • 51 options • 258 properties • 49 protecting • 73 reconstructing • 70 rejoining a split key • 67, 68 replacing a photo ID • 50 revoking • 65, 66 saving public to file • 42 signing • 57, 58 splitting • 67 subkeys • 59 verifying public • 56 viewing • 35 keyserver sending your public key to • 41 keyservers • 12, 44 getting someone's public key from • 43 list of • 258 searching • 43 sending your public key to • 41 using to circulate revoke keys • 66

L

language support for PGP WDE • 150 licensing • 4, 5, 21, 125, 199 local policy • See offline policy local users • 152, 157 locked out, at PGP BootGuard screen • 149 log, messaging • 34, 110 logging in, PGP BootGuard screen • 145 lost key or passphrase • 69

Lotus Notes email client • 283, 286

M

mail servers, see messaging services • See messaging mailing list policies • 97, 98, 99, 100, 102

managed users • 3

MAPI • 283 master keys options • 46, 47, 260

Index 29

1

messaging • 83 creating new • 85 deleting • 89 disabling and enabling • 89 editing existing • 88

Lotus Notes • 283

MAPI • 283 messaging log • 110 multiple • 90 notifiers • 30 options • 261 troubleshooting • 90

Microsoft Outlook, sign and encrypt buttons • 81, 98,

99, 100 mobile data • See PGP Portable mounting PGP Virtual Disk volumes • 178 moving PGP Desktop to another computer • 22 multiple messaging services • 90

N

NetShare • See PGP NetShare

Notes ID • See Lotus Notes email client

Notes Native Encryption • 286

Notifier feature described • 30 for instant messaging • 32 notifiers • 30, 270

O

offline policy • 31, 79, 82, 84 options • 255 advanced • 272 disk • 267 encryption • 135, 139

general • 256

instant messaging • 261, 264 keys • 258 master keys • 260 messaging • 261 notifier • 266

PGP NetShare • 218, 266

PGP Viewer • 120, 121 proxy • 263 outgoing email • 79 outgoing email notifiers • 31

overview, of PGP Desktop • 1

P

partitions, encrypting • 128, 136, 140, 155 passphrase forgotten • 278 passphrase quality bar • 276

Passphrase Quality bar • 276 passphrases • 38, 186, 275

29 Index

2

adding alternate ones for PGP Virtual Disk • 155 alternate, adding • 155, 181 authenticating with in PGP WDE • 133 changing • 54, 153, 156, 183, 193, 251 clearing cached • 218 encrypting with in PGP Zip • 229 forgotten • 69, 70

options • 256

PGP Whole Disk Encryption • 133 setting • 36

Single Sign-On • 133 strong, creating • 277 supported characters in PGP WDE • 141 passwords • See passphrases

perpetual licenses • 4

PGP administrator • 162, 279

PGP BootGuard screen • 141, 145, 148, 149, 150

PGP Desktop described • 11 in PGP Universal-managed environment • 279 installing • 19 main screen • 25, 26

PGP tray icon • 27 policies described • 83

Setup Assistant • 21

SSL/TLS support • 106 system requirements • 17 uninstalling • 22 upgrading • 19

PGP Desktop Log • 34

PGP Global Directory • 11, 44

PGP Keys • See keys creating a keypair • 36

PGP Keyservers List • See keyservers

PGP Log • 34

PGP Messaging • 11, 75, 110 services and policies • 83 services described • 83

PGP NetShare • 11, 195, See protected folders

Active Directory groups • 214, 215, 216 application-based encryption list • 202 backing up protected files • 220 blacklisted files • 201, 202 coordinator, establishing • 201 corrupted, deleted, or overwritten file usage of •

205 decryption bypass applications • 202

Edit menu options • 223

File menu options • 222 folder status, checking • 209 group keys • 200 groups, Active Directory • 214 importing access lists from another folder • 214 licensing • 199

Netshare menu options • 223 notifiers • 32 options • 218 passphrase, clearing • 218

PGP Universal-managed environment • 221

PGP Virtual Disk or PGP WDE, using with • 195 properties of file or folder • 220 roles • 197, 212 users • 211, 214 whitelisted folders • 202

PGP Portable • 189

PGP RDD • See PGP Remote Disable and Destroy

PGP Remote Disable and Destroy • 126

PGP Shred • 11, 239 files, deleting permanently • 240

PGP Zip, using with • 226 shredding free space • 241, 242

PGP tray icon • 27

PGP Universal • 70, 279

PGP Universal Server • 3, 11, 36, 44, 70, 162, 221,

272, 279, 280, 281, 283

PGP Universal Services Protocol (USP) • 44

PGP Viewer • 117, 118, 119, 120, 121 options • 120

overview of • 117

PGP Virtual Disk • 11, 173, 186 alternate users • 181 backing up • 185 creating new • 174 encryption algorithms • 186 exchanging • 185 finding • 177 maintaining • 184 mounting • 174, 178 passphrases, changing • 183 re-encrypting • 180 security precautions • 186 unmounting • 178, 179

PGP Whole Disk Encryption • 11, 123

authentication options • 133 automatic backup software • 160 backing up encrypted disks • 159 compatibility with third-party applications • 132 decrypting an encrypted disk • 167 disk errors during encryption • 142, 144 disk types, supported • 128 disk, maintaining security of • 154 disk, using encrypted • 145 encrypting a disk • 142 encryption algorithm used • 129 encryption duration, calculating • 131 encryption options • 135, 139 keyboard layouts • 150 licensing • 125 notifiers • 32 options when encrypting disks • 132, 135, 139 partitions • 136 passphrase • 133, 141, 153, 156, 158

PGP BootGuard screen • 145, 148

PGP Universal Server, managed • 162 power, during encryption • 132 prepare disk for • 127 public key authentication • 134 recovery disks, creating • 165 recovery tokens • 164 re-encrypting an encrypted disk • 157 removable drives • 160, 162 security precautions • 168

Single Sign-On, using with • 133, 152, 153, 154 supported disk types • 128 token-based authentication • 134, 136 uninstalling • 160 users, working with • 155, 156

PGP Zip • 11, 225 adding a file or folder to • 235 advanced options, creating archive • 226 archive, creating • 226 deleting a file or folder • 235 editing an archive • 235 encrypting archives • 228, 229 extracting files from • 235 opening an archive • 234, 235 saving changes • 235 self-decrypting archives • 231, 234 shredding files after archiving • 226 signing only • 232 verifying signed archives • 236 photographic ID, on keys • 50

PKCS-11 library • 245

PKCS-12 X.509 certificates, importing • 52 policies • 83

Index 29

3

changing order of • 106 creating messaging • 92 default policies • See default policies deleting • 105 examples of messaging • 97 power failure safety option • 139 primary name, on key • 51, 52 private keys • 12, 36, 38, 52 properties • 49, 221, 248 protected folders • 203, 221, See protected folders access lists, importing • 214

Active Directory groups • 214 backing up files and folders • 220 blacklisted files in • 201 creating • 205 files, using in • 207, 209 files, using outside of • 218 licensing • 199 location, determining • 204 properties • 221 re-encrypting • 217 removing • 216 status of • 209 subfolders in • 209 unlocking • 208 users, in protected folders • 199, 200, 211, 214 viewing files in • 209 protecting keys • 73 public keys • 12 advantages of sending to key server • 41 authenticating with in PGP WDE • 134 copying from a smart card • 250 copying from email messages • 44 disabling and enabling • 55 distributing to others • 40 email message, including in • 42 exporting to files • 42 getting others • 43

PGP Whole Disk Encryption • 134 saving to file • 42 searching keyserver • 43 sending to keyserver • 41 signing • 57 verifying • 56

R

read/write error • 142 read-only disk or partition information • 154 reconstructing keys • 70 reconstructing your key • 40, 70, 158 recovering data from an encrypted drive • 165 recovery disks, creating in PGP WDE • 165 recovery tokens • 164 re-encrypting • 157, 217 reformatting encrypted removable disks • 162

29 Index

4

rejoining split keys • 67, 68

Remote Disable and Destroy • See PGP Remote

Disable and Destroy removable drives in PGP WDE • 160, 161, 162 removing • 50, 64, 252

Rescue and Recovery • See IBM Lenovo Rescue and

Recovery resetting key mode • 108, 272 revokers, key • 65 revoking keys and signatures • 58, 63, 66 roles, in PGP NetShare • 197, 212

S

S/MIME email, importing certificates in • 54 schedulihg free space shredding • 242 searching keyserver • 43 secure instant messaging (IM) • 113 security precautions • 168, 186 self-decrypting archives • 231, 234 separate signing subkey • 11

Server Client Key Mode (SCKM) • 108

Server Key Mode (SKM) • 108 services • 83 services, messaging • 83, 84, 85, 90 setup assistant • 21 shortcut menus, in PGP Netshare • 220 shredding files • 239 shredding free space • 11, 240, 241, 242 sign and encrypt buttons in Microsoft Outlook • 81,

98, 99, 100 signature verification • 77 signatures, deleting from keys • 55, 58 signing • 55 archives in PGP Zip • 232, 235 keys • 55, 57 public keys • 57

Single Sign-On • 133, 152 bypassing, in PGP WDE • 154 logging in with PGP WDE • 153 passphrase, changing • 153, 157 using with PGP WDE • 152, 153 sleep, Mac OS X and PGP WDE • 169 smart card • 12, 245 authenticating with, at PGP BootGuard • 137 cards, supported in PGP WDE • 138 changing passphrase • 251 copying keypair to • 251 copying your public key from • 250

JavaCards • 245 keypair, creating new on • 249 personalization • 245

PKCS-11 • 245 properties • 248 readers, supported in PGP WDE • 137 wiping keys from • 252 sounds, during PGP WDE authentication • 148 splitting keys • 67

SSL/TLS support • 106 standby, PGP WDE • 168

Start Menu • 29 strong passphrases • 277 subkeys • 59 creating new • 62 encryption • 62 encryption and signing • 62 expiration • 59, 62 icons • 59 looking at • 61 properties • 59 removing • 64 revoking • 63 separate • 59 setting size of • 62 signing • 62 size • 59 subkey usage • 62 symbols • 59 validity • 59 viewing • 59 working with • 59

subscription licenses • 4

support, contacting • 7

system partition, modifying • 155 system requirements • 17, 128, 132, 136, 139

T

Tablet PC, using in PGP WDE • 147 tasks, scheduled freespace wiping • 242

technical support • 7

terminology • 3, 11, 13, 83, 108, 195 third-party software, compatibility with • 132, 160 token • 136, 245 authenticating with in PGP WDE • 134 copying to or from • 250, 251 creating a new keypair on • 249

PGP Whole Disk Encryption, using with • 134, 136 properties • 248 supported tokens in PGP WDE • 138 wiping keys from • 252

TPM • See Trusted Platform Module (TPM)

Authentication tray icon • See PGP tray icon troubleshooting • 6, 90, 144 trust, granting for key validations • 59

Trusted Platform Module (TPM) Authentication • 134

Twofish, algorithm in PGP Virtual Disk • 186

U

uninstalling • 22, 160 unlocking Protected Folders • 208

unmanaged users • 3

unmounting • 194

PGP Portable Disks • 194

PGP Virtual Disk volumes • 178, 179

Unversal Server • See PGP Universal update policy • 27, 82 upgrading • 19, 21 usage flags, on subkeys • 62 usage flags, specifying • 62 user interface, main window • 26 user names, on keys • 51 users • 181, 211

PGP NetShare, importing access lists in • 214

PGP Whole Disk Encryption, adding or deleting from • 155, 156 protected folders, authorized in • 195, 211, 213

USP • See PGP Universal Services Protocol (USP)

V

validating keys • 59 verifying PGP Zip signed archives • 236 viewing subkeys • 59 virtual disks • See PGP Virtual Disk

W

whitelisted, in PGP NetShare • 202 wildcards, in policies • 96

Windows Explorer • 28

Windows Login dialog box, displaying • 154

Windows Preinstallation Environment, using with

PGP WDE • 169

WINS host • 286 wiping files • See shredding files, See shredding free space wiping, keys from your smart card • 252 word list, biometric • 49

X

X.509 certificates • 52, 54

Index 29

5