PGP Whole Disk Encryption for Linux 10.1.2 Operating instructions

Brand: PGP

Model: Whole Disk Encryption for Linux 10.1.2

Type: Operating instructions

PGP WDE for Linux

User's Guide

Version Information

PGP Whole Disk Encryption for Linux User's Guide. Version 10.1.2. Released March 2011.

means, electronic or mechanical, for any purpose, without the express written permission of PGP Corporation.

Trademark Information

PGP, Pretty Good Privacy, and the PGP logo are registered trademarks of PGP Corporation in the US and other countries. IDEA is a trademark of

Ascom Tech AG. Windows and ActiveX are registered trademarks of Microsoft Corporation. AOL is a registered trademark, and AOL Instant

Messenger is a trademark, of America Online, Inc. Red Hat and Red Hat Linux are trademarks or registered trademarks of Red Hat, Inc. Linux is a

registered trademark of Linus Torvalds. Solaris is a trademark or registered trademark of Sun Microsystems, Inc. AIX is a trademark or registered

trademark of International Business Machines Corporation. HP-UX is a trademark or registered trademark of Hewlett-Packard Company. SSH and

Secure Shell are trademarks of SSH Communications Security, Inc. Rendezvous and Mac OS X are trademarks or registered trademarks of Apple

Computer, Inc. All other registered and unregistered trademarks in this document are the sole property of their respective owners.

Licensing and Patent Information

The IDEA cryptographic cipher described in U.S. patent number 5,214,703 is licensed from Ascom Tech AG. The CAST-128 encryption algorithm,

implemented from RFC 2144, is available worldwide on a royalty-free basis for commercial and non-commercial uses. PGP Corporation has secured a

license to the patent rights contained in the patent application Serial Number 10/655,563 by The Regents of the University of California, entitled Block

Cipher Mode of Operation for Constructing a Wide-blocksize block Cipher from a Conventional Block Cipher. Some third-party software included in PGP

Universal Server is licensed under the GNU General Public License (GPL). PGP Universal Server as a whole is not licensed under the GPL. If you would

like a copy of the source code for the GPL software included in PGP Universal Server, contact PGP Support (https://support.pgp.com). PGP Corporation

may have patents and/or pending patent applications cov

ering subject matter in this software or its documentation; the furnishing of this software or

documentation does not give you any license to these patents.

Acknowledgments

This product includes or may include:

-- The Zip and ZLib compression code, created by Mark Adler and Jean-Loup Gailly, is used with

permission from the free Info-ZIP implementation,

developed by zlib (http://www.zlib.net

). -- Libxml2, the XML C parser and toolkit developed for the Gnome project and distributed and copyrighted

under the MIT License found at http://www.opensource.org/licenses/mit-license.html

), web

server (http://www.apache.org/

), Jakarta Commons (http://jakarta.apache.org/commons/license.html) and log4j, a Java-based library used to parse

HTML, developed by the Apache Software Foundation. The license is at www.apache.org/licenses/LICENSE-2.0.txt

. -- Castor, an open-source, data-

binding framework for moving data from XML to Java programming language objects and from Java to databases, is released by the ExoLab Group

under an Apache 2.0-style license, available at http://www.castor.org/license.html

. -- Xalan, an open-source software library from the Apache Software

Foundation that implements the XSLT XML transformation language and the XPath XML query language, is released under the Apache Software

License, version 1.1, available at http://xml.apache.org/xalan-j/#license1.1

. -- Apache Axis is an implementation of the SOAP ("Simple Object Access

Protocol") used for communications between various PGP products is provided under the Apache license found at

http://www.apache.org/licenses/LICENSE-2.0.txt

. -- mx4j, an open-source implementation of the Java Management Extensions (JMX), is released

under an Apache-style license, available at http://mx4j.sourceforge.net/docs/ch01s06.html

. -- jpeglib version 6a is based in part on the work of the

Independent JPEG Group. (http://www.ijg.org/

) -- libxslt the XSLT C library developed for the GNOME project and used for XML transformations is

distributed under the MIT License http://www.opensource.org/licenses/mit-license.

html. -- PCRE Perl regular expression compiler, copyrighted and

. -- BIND Balanced Binary Tree Library

and Domain Name System (DNS) protocols developed and copyrighted by Internet Systems Consortium, Inc. (http://www.isc.org

) -- Free BSD

4.2 developed

by Network Time Protocol and copyrighted to various contributors. -- Lightweight Directory Access Protocol developed and copyrighted by OpenLDAP

OpenLDAP Foundation. The license agreement is at http://www.openldap.org/software/release/license.html

. Secure shell OpenSSH developed by

OpenBSD project is released by the OpenBSD Project under a BSD-style license, available at http://www.openbsd.org/cgi-

bin/cvsweb/src/usr.bin/ssh/LICENCE?rev=HEAD. -- PC/SC Lite is a free implementation of PC/SC, a specification for SmartCard integration is released

under the BSD license. -- Postfix, an open source mail transfer agent (MTA), is released under the IBM Public License 1.0, available at

http://www.opensource.org/licenses/ibmpl.php

. -- PostgreSQL, a free software object-relational database management system, is released under a

BSD-style license, available at http://www.postgresql.org/about/licence

. -- PostgreSQL JDBC driver, a free Java program used to connect to a

BSD-style license, available at http://jdbc.postgresql.org/license.html

. -- PostgreSQL Regular Expression Library, a free software object-relational

database management system, is released under a BSD-style license, available at http://www.postgresql.org/about/licence

. -- 21.vixie-cron is the Vixie

- JacORB, a Java object used to facilitate communication between processes written in Java and the data layer, is open source licensed under the

GNU Library General Public License (LGPL) available at http://www.jacorb.org/lgpl.html

is an open-source implementation of a CORBA Object Request Broker (ORB), and is used for communication between processes written in C/C++ and

Vanderbilt University. The open source software license is available at http://www.cs.wustl.edu/~schmidt/ACE-copying.html

. -- libcURL, a library for

downloading files via common network services, is open source software provided under a MIT/X derivate license available at

http://curl.haxx.se/docs/copyright.html

under a BSD-style license, available at http://thunk.org/hg/e2fsprogs/?file/fe55db3e508c/lib/uuid/COPYING

libpopt, a library that parses command line options, is released under the terms of the GNU Free Documentation License available at

http://directory.fsf.org/libs/COPYING.DOC

to communicate with the Intel Corporation AMT chipset on a motherboard, is distributed under the gSOAP Public License version 1.3b, available at

http://www.cs.fsu.edu/~engelen/license.html. -- Windows Template Library (WTL) is used for developing user interface components and is distributed

under the Common Public License v1.0 found at http://opensource.org/licenses/cpl1.0.php

. -- The Perl Kit provides several independent utilities used to

automate a variety of maintenance functions and is provided under the Perl Artistic License, found at

http://www.perl.com/pub/a/language/misc/Artistic.html

. -- rEFIt - libeg, provides a graphical interface library for EFI, including image rendering, text

rendering, and alpha blending, and is distributed under the license found at

http://refit.svn.sourceforge.net/viewvc/*checkout*/refit/trunk/refit/L

reserved. -- Java Radius Client, used to authenticate PGP Universal Web Messenger users via Radius, is distributed under the Lesser General Public

License (LGPL) found at http://www.gnu.org/licenses/lgpl.html

. -- Yahoo! User Interface (YUI) library version 2.5.2, a Web UI interface library for AJAX.

JSON-lib version 2.2.1, a Java library used to convert Java objects to JSON (JavaScript Object Notation) objects for AJAX. Distributed under the

Apache 2.0 license, available at http://json-lib.sourceforge.net/license.html

. -- EZMorph, used by JSON-lib, is distributed under the Apache 2.0 license,

available at http://ezmorph.sourceforge.net/license.html

. -- Apache Commons Lang, used by JSON-lib, is distributed under the Apache 2.0 license,

available at http://commons.apache.org/license.html

. -- Apache Commons BeanUtils, used by JSON-lib, is distributed under the Apache 2.0 license,

available at http://commons.apache.org/license.html

. -- SimpleIni is an .ini format file parser and provides the ability to read and write .ini files, a

common configuration file format used on Windows, on other platforms. Distributed under the MIT License found at

, Brodie Thiesfield. -- uSTL provides a small fast implementation of common

Standard Template Library functions and data structures and is distributed under the MIT License found at http://www.opensource.org/licenses/mit-

format, are used to serialize structure data in the PGP SDK. Distributed under the BSD license found at http://www.opensource.org/licenses/bsd-

Additional acknowledgements and legal notices are included as part of the PGP Universal Server.

Export Information

Export of this software and documentation may be subject to compliance with the rules and regulations promulgated from time to time by the Bureau

of Export Administration, United States Department of Commerce, which restricts the export and re-export of certain products and technical data.

Limitations

The software provided with this documentation is licensed to you for your individual use under the terms of the End User License Agreement provided

with the software. The information in this document is subject to change without notice. PGP Corporation does not warrant that the information meets

your requirements or that the information is free of errors. The information may include technical inaccuracies or typographical errors. Changes may be

made to the information and incorporated in new editions of this document, if and when made available by PGP Corporation.

Unsupported Third Party Products

By utilizing third party products, software, drivers, or other components ("Unsupported Third Party Product") to interact with the PGP software and/or by

utilizing any associated PGP command or code provided by to you by PGP at its sole discretion to interact with the Unsupported Third Party Product

("PGP Third Party Commands"), you acknowledge that the PGP software has not been designed for or formally tested with the Unsupported Third Party

Product, and therefore PGP provides no support or warranties with respect to the PGP Third Party Commands or the PGP software's compatibility with

Unsupported Third Party Products. THE PGP THIRD PARTY COMMANDS ARE PROVIDED "AS IS," WITH ALL FAULTS, AND THE ENTIRE RISK AS TO

SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH YOU. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE

LAW, PGP DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS, WHETHER EXPRESS OR IMPLIED, INCLUDING ANY

WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NONINFRINGEMENT, QUIET

ENJOYMENT, AND ACCURACY WITH RESPECT TO THE PGP THIRD PARTY COMMANDS OR THE PGP SOFTWARE'S COMPATIBILITY WITH THE

UNSUPPORTED THIRD PARTY PRODUCT.

Contents

Introduction 1

About PGP Whole Disk Encryption for Linux 1

Important Terms 2

Audience 3

System Requirements 3

Using PGP Whole Disk Encryption for Linux in a PGP Universal Server-Managed Environment 3

Installing and Uninstalling 5

Installing 5

Uninstalling 6

Licensing 7

Overview 7

--license-authorize 8

Licensing via a Proxy Server 8

Enrolling 11

Overview 11

--enroll 12

--check-enroll 13

The Command-Line Interface 15

Overview 15

Scripting 16

WDE-ADMIN Active Directory Group 16

Passphrases 16

--interactive 17

Before You Encrypt 19

Ensure Disk Health 19

Choose Encryption Options 20

Maintain Power Throughout Encryption 20

PGP WDE for Linux User's Guide Contents

The Encryption Process 21

Overview 21

Using --secure 21

Using Individual Commands 22

The PGP BootGuard Screen 25

Overview 25

Authenticating 26

Authenticating if You Have Forgotten Your Passphrase 27

Choosing a Keyboard 28

Generic Commands 29

--help (-h) 29

--version 30

Disk Information Commands 31

--enum 31

--info 32

--show-config 33

--status 33

Boot Bypass Commands 35

--add-bypass 35

--check-bypass 37

--remove-bypass 37

Disk Operation 39

--decrypt 39

--encrypt 40

--resume 41

--secure 42

--stop 43

Disk Management 45

--auth 45

--instrument 46

--uninstrument 46

iii

PGP WDE for Linux User's Guide Contents

User Management Commands 49

--add-user 49

--change-passphrase 50

--change-userdomain 51

--list-user 52

--remove-user 53

--verify-user 53

PGP BootGuard Customization Commands 55

--set-background 55

--set-language 56

--set-sound 57

--set-start 58

--set-text 59

Recovery Token Commands 61

--new-wdrt 61

Local Self Recovery 63

--recovery-configure 64

--recovery-questions 65

--recovery-verify 66

--recovery-remove 67

--recovery-change-passphrase 67

Authenticating if you Have Forgotten Your Passphrase 68

Options 71

Overview 72

"Secure" Options 74

--admin-authorization 74

--admin-passphrase 74

--all 75

--answers-file 75

--auto-start 75

--beep 75

--count 76

--dedicated-mode 76

--disk (-d) 76

--display 77

--domain-name 77

--fast-mode 77

--image 78

--interactive 78

PGP WDE for Linux User's Guide Contents

--keyboard 78

--keyid 78

--license-email 79

--license-name 79

--license-number 79

--license-organization 80

--message 80

--new-domain 80

--new-passphrase 81

--no-beep 81

--partition 81

--passphrase (-p) 82

--questions-file 82

--recovery-token 82

--safe-mode 83

--username 83

Quick Reference 85

Commands 85

Options 87

Troubleshooting 89

Overview 89

Encryption Does Not Begin 89

Encryption Does Not Finish 91

Problems at PGP BootGuard 92

Introduction

This guide tells you how to use PGP Whole Disk Encryption for Linux.

In This Chapter

About PGP Whole Disk Encryption for Linux ............................................ 1

Important Terms........................................................................................ 2

Audience.................................................................................................... 3

System Requirements............................................................................... 3

Using PGP Whole Disk Encryption for Linux in a PGP Universal Server-

Managed Environme

nt .............................................................................. 3

About PGP Whole Disk Encryption for Linux

Thank you for using PGP Whole Disk Encryption for Linux, a software product

from PGP Corporation that locks down the entire contents of your Linux system

using PGP Whole Disk Encryption (WDE) technology.

For more information about PGP WDE, see the:

 PGP Desktop User's Guide

 PGP WDE Quick Start Guide

 PGP WDE Data Sheet (available via the PGP WDE page on the PGP

oration website)

PGP Whole Disk Encryption for Linux gives you access to PGP WDE

functi

onality using a command-line interface.

The encryption algorithm used by PGP Whole Disk Encryption for Linux is AES-

256. The hashing algo

rithm is SHA-1. You cannot change these.

Warning: Once you unlock a disk, its files are available to you—as well as

anyone else who can physically use your system. Your files are unlocked until

you lock them again by shutting down your system.

PGP WDE for Linux User's Guide Introduction

Important Terms

Understanding the following terms will help make it easier to use PGP Whole

Disk Encryption for Linux:

 PGP Whole Disk Encryption (PGP WDE): a technology that encrypts the

entire con

tents of a disk; boot disks, partitions, and non-boot disks such as

USB thumb drives can all be whole disk encrypted.

 PGP Whole Disk Encryption for Linux: a software product from PGP

Corporatio

n that brings PGP WDE technology to the Linux platform,

allowing you to lock down the entire contents of your Linux system.

 command line: the interface to PGP Whole Disk Encryption for Linux

functi

onality. All PGP Whole Disk Encryption for Linux commands and

options are accessed via the command-line interface.

 passphrase user: a user who can authenticate to an encrypted disk using

a passphra

se.

 public-key user: a user who can authenticate to an encrypted disk using

the passphrase to the

corresponding private key.

 encrypt: the process of "scrambling" data so that it is not usable unless you

pro

perly authenticate.

 decrypt: the process of "unscrambling" encrypted data.

 master boot record (MBR): software on a disk that is "in front" of the

parti

tion table; that is, it is implemented during the startup process before

the operating system itself. The instructi

ons in the MBR tells the system

how to boot.

 instrument: a part of the process of whole disk encrypting a disk/partition

where th

e Linux

MBR is replaced with the PGPMBR.

 PGPMBR: an MBR from PGP Corporation that implements the PGP

BootGuard. Once a disk is i

nstrumented, even if it is not fully encrypted,

subsequent startups will bring up PGP BootGuard.

 PGP BootGuard: the screen that appears after instrumenting a disk that

requires

proper authentication for the boot process to continue. If proper

authentication is

not provided, the boot process will not continue; the

operating system will not lo

ad and the system will not be usable.

 uninstrument: removing the PGPMBR and replacing it with the original

Linux MBR (which was saved when the

disk was instrumented).

 whole disk recovery token (WDRT): an additional passphrase for a whole

disk encrypte

d disk that is passed to the appropriate PGP Universal Server

if the disk is part of a PGP Universal-managed environment.

 PGP Universal Server: a management console for securing data from PGP

Corporation.

PGP WDE for Linux User's Guide Introduction

 managed user: someone using PGP Whole Disk Encryption for Linux in a

PGP Universal Server-managed environment. Managed users receive

policies and settings from their PGP Universal Server.

 enroll: the process of a user in a PGP Universal Server-managed

enviro

nment contacting their PGP Universal Server so that they can receive

applicable policies and settings.

 standalone user: someone using PGP Whole Disk Encryption for Linux

with no asso

ciated PGP Universal Server. Standalone users establish their

own policies and settings.

 recovery: the process of restoring access to a disk/partition that has been

whole disk en

crypted but now cannot be decrypted.

Audience

This User's Guide is for anyone who is going to be using PGP Whole Disk

Encryption for Linux to perform PGP WDE functions on their Linux system.

System Requirements

The system requirements for PGP Whole Disk Encryption for Linux are:

 Ubuntu 8.04 and 9.04 (32-bit versions) and Red Hat Enterprise

Linux/CentO

S 5.2 and 5.3 (32-bit versions), Ubuntu 8.04 and 9.04 (64-bit

versions), Red Hat Enterprise Linux 5.2 and 5.3 (64-bit versions)

Note: CentOS is free, open source software based on Red Hat Enterprise

Linux. For the purposes of supporting PGP Whole Disk Encryption for Linux,

the two are functionally equivalent.

 512 MB of RAM

 64 MB ha

rd disk space

Using PGP Whole Disk Encryption for Linux in a PGP

Universal Server-Managed Environment

If you are using PGP Whole Disk Encryption for Linux in a PGP Universal Server-

managed environment, your PGP Universal administrator may have enabled or

disabled certain features. For example, you may be required to encrypt your

drive immediately after enrolling with your PGP Universal Server.

PGP WDE for Linux User's Guide Introduction

If you have any questions about features that may be have been automatically

enabled or disabled, contact your PGP Universal administrator.

Installing and Uninstalling

This section describes how to install and uninstall PGP Whole Disk Encryption

for Linux.

In This Chapter

Installing..................................................................................................... 5

Uninstalling ................................................................................................ 6

Installing

The PGP Whole Disk Encryption for Linux installer is a bsx (Bash Self-eXtracting)

file.

You must have root privileges to install.

Note: The installer file may have a slightly different filename than shown in

the procedure below depending on the platform you are installing onto.

 To install PGP Whole Disk Encryption for Linux

1 Download the installer file, called

pgp_desktop_10.0.1_linux_ub9.04_i386.bsx for U

buntu 9.04, to a

known lo

cation on your system.

2 Begin the installa

tion process using either of the following methods:

a Make the file an executable (using chmod +x [filename]),

then use

./[filename] Enter to begin the installation.

b Begin the installation via a shell: bash [filename] Enter

3 Follow the on-screen instru

ctions.

4 Reboot your

system when the installation is complete.

PGP WDE for Linux User's Guide Installing and Uninstalling

Uninstalling

Use the built-in uninstaller for the version of Linux you are using to uninstall

PGP Whole Disk Encryption for Linux. You must have root privileges to

uninstall.

Warning: You must decrypt any whole disk encrypted drives before

uninstalling PGP Whole Disk Encryption for Linux or removing any packages.

The packages that are installed are: pgp-libs, pgpwde, pgp-release, and kmod-

pgpwde.

Licensing

This section describes how to license PGP Whole Disk Encryption for Linux.

You must license PGP Whole Disk Encryption for Linux if you are using it

standalone; that is, yo

u are not in a PGP Universal Server-managed

env

ironment.

You do not need to enroll PGP Whole Disk Encryption for Linux if you are using

it standalone;

that is only required for PGP Universal Server-managed

environments.

Note: As PGP Whole Disk Encryption for Linux will not operate normally until

licensed, you should license it immediately after installation.

In This Chapter

Overview ................................................................................................... 7

--license-authorize...................................................................................... 8

Licensing via a Proxy Server...................................................................... 8

Overview

PGP Whole Disk Encryption for Linux requires a valid license to operate. This

section describes how to license your copy of PGP Whole Disk Encryption for

Linux.

PGP Whole Disk Encryption for Linux supports the following licensing

scenari

os:

 Using a License Number. Th

is is the normal method to license PGP Whole

Disk Encrypti

on for Linux. You must have your license information and a

working connection to the Internet.

 Through a Proxy Server

. If you connect to the Internet through a proxy

server, use this method to license PGP Whole Disk Encryption for Linux.

You must have your license information and the appropriate proxy server

information.

The licensing command is --license-authorize.

Once PGP Whole Disk Encryption for Linux is correctly installed and licensed on

your

system, you can encrypt your drive. See The Encryption Process for

complete information.

PGP WDE for Linux User's Guide Licensing

--license-authorize

Use --license-authorize to license PGP Whole Disk EncryptionLinux.

The usage format is:

pgpwde --license-authorize --license-name <name> --

license-number <number> [--license-email

<emailaddress>] [--license-organization <org>]

Where:

 --license-authorize is the command to license PGP Whole Disk

Encryption for Linu

 --license-name is the option to specify the user.

<name> is your name or a descriptive name.

 --license-number is the option to enter a license number.

<number> is a valid license number for PGP Whole Disk Encryption for

Linu

 --license-email is the

option to enter an email address.

<emailaddress> is a valid email address.

 --license-organization is the option to enter an organization.

<org> is the name of your organization.

If you decide not to enter a license email, you may see a warning message but

your license

will authorize.

Example:

pgpwde --license-authorize --license-name "Alice

Cameron"

--license-number "aaaaa-bbbbb-ccccc-ddddd-eeeee-fff"

--license-email "[email protected]

--license-organization "Example Corporation"

(When entering this text, it all goes on a single line.)

Licensing via a Proxy Server

If the Internet access of the system hosting PGP Whole Disk Encryption for

Linux is via an HTTP proxy connection, you can still license your copy of PGP

Whole Disk Encryption for Linux directly; you simply need to add the necessary

proxy information.

Use --license-authorize to license PGP Whole Disk Encryption for Linux

via a prox

y server.

PGP WDE for Linux User's Guide Licensing

The usage format is:

pgpwde --license-authorize --license-name <name> --

license-number <number> [--license-email

<emailaddress>] [--license-organization <org>] [--

proxy-server <proxyserver>] [--proxy-username

<proxyusername>] [--proxy-passphrase <proxypass>]

Where:

 --license-authorize is the command to license PGP Whole Disk

Encryption for Linu

 --license-name is the option to specify the user.

<name> is your name or a descriptive name.

 --license-number is the option to enter a license number.

<number> is a valid license number for PGP Whole Disk Encryption for

Linu

 --license-email is the

option to enter an email address.

<emailaddress> is a valid email address.

 --license-organization is the option to enter an organization.

<org> is the name of your organization.

 --proxy-server is the command to go through a proxy server to access

the Internet.

<proxyserver> is the

appropriate proxy server.

 --proxy-username is the command to specify a user on the proxy server

when authentication

is required.

<proxyusername> is a valid username on the specified proxy server.

 --proxy-passphrase is the option to specify the passphrase of the

speci

fied user when authentication is required.

<proxypass> is the passphrase for the specified user on the proxy server.

Example:

pgpwde --license-authorize --license-name "Alice

Cameron"

--license-number "aaaaa-bbbbb-ccccc-ddddd-eeeee-fff"

--license-email "[email protected]

--license-organization "Example Corporation"

--proxy-server "proxyserver.example.com"

--proxy-username "acameron"

--proxy-passphrase 'a_cameron1492sailedblue'

(When entering this text, it all goes on a single line.)

Enrolling

This section describes how to enroll PGP Whole Disk Encryption for Linux.

You must enroll PGP Whole Disk Encryption for Linux if you are using it in a

PGP Universal Server-managed environm

ent.

You do not need to license PGP Whole Disk Encryption for Linu

x in a PGP

Universal Server-managed environment, as the license is included in the

installer.

Note: As PGP Whole Disk Encryption for Linux will not operate normally until

you enroll, you should enroll immediately after installation.

In This Chapter

Overview ................................................................................................. 11

--enroll ...................................................................................................... 12

--check-enroll............................................................................................ 13

Overview

You must enroll with a PGP Universal Server before you can use any PGP

Whole Disk Encryption for Linux features in a PGP Universal Server-managed

environment.

When enrollment is complete, PGP Whole Disk Encryption for Linux will receive

policies and setti

ngs from its PGP Universal Server. It will also send information

to the PGP Universal Server that can be seen by the PGP Universal

administrator.

Note: You must initiate enrollment on your own. You will not be prompted to

do so.

Enrollment uses LDAP credentials. The username and passphrase required for

both enrolling and checking enrollment status are the username and passphrase

of the user on the LDAP server.

If enrollment is unsuccessful, contact your

PGP Universal administrator for

assistance.

PGP WDE for Linux User's Guide Enrolling

You can check the enrollment status of a client using the --check-enroll

command. When successful, this command will note that the client is enrolled

and will download the latest policies and settings. If unsuccessful, this means

that the client must enroll again because of a change of policies or settings on

the PGP Universal Server.

Once PGP Whole Disk Encryption for Linux is co

rrectly installed on your system

and you have enrolled, you can encrypt your drive. Refer to The Encryption

Process for complete information.

--enroll

Use --enroll to enroll PGP Whole Disk Encryption for Linux.

Entering a username and passphrase on the command line are op

tional. If you

do not enter them, you will be prompted for them.

Note: --enroll is preceded by pgpenroll instead of the usual pgpwde.

The usage format is:

pgpenroll --enroll [--username <user>] [--passphrase

<phrase>]

Where:

 --enroll is the command to enroll with a PGP Universal Server.

 --username specifies a username for an operation (optional).

<user> is the username (on the LDAP server) of the user being enrolled.

 --passphrase specifies the passphrase for an operation (optional).

<phrase> is the passphrase (on the LDAP server) of the user being

enrolled.

Examples:

 pgpenroll --enroll --username "Alice Cameron"

--passphrase 'Frodo@Baggins22'

This example shows user Alice Cameron enrolling PGP Whole Disk

Encrypti

on for Linu

x. The username and passphrase she is using are her

credentials on her organization's LDAP server.

 pgpenroll --enroll

This example shows a user enrolling PGP Whole

Disk Encryptio

n for Linux.

Because the username and passphrase are not supplied on the command

line, the enrolling user will be prompted for them.

Page is loading ...

PGP Whole Disk Encryption for Linux 10.1.2 Operating instructions

PGP Whole Disk Encryption for Linux 10.1.2 Operating instructions

PGP Whole Disk Encryption for Linux 10.1.2 Operating instructions

Related papers

Other documents