PGP Whole Disk Encryption for Linux 10.0.3 User guide

Type
User guide
PGP WDE for Linux
User's Guide
Version Information
PGP Whole Disk Encryption for Linux User's Guide. Version 10.0.3. Released October 2010.
Copyright Information
Copyright © 1991-2010 by PGP Corporation. All Rights Reserved. No part of this document can be reproduced or transmitted in any form or by any
means, electronic or mechanical, for any purpose, without the express written permission of PGP Corporation.
Trademark Information
PGP, Pretty Good Privacy, and the PGP logo are registered trademarks of PGP Corporation in the US and other countries. IDEA is a trademark of Ascom
Tech AG. Windows and ActiveX are registered trademarks of Microsoft Corporation. AOL is a registered trademark, and AOL Instant Messenger is a
trademark, of America Online, Inc. Red Hat and Red Hat Linux are trademarks or registered trademarks of Red Hat, Inc. Linux is a registered trademark
of Linus Torvalds. Solaris is a trademark or registered trademark of Sun Microsystems, Inc. AIX is a trademark or registered trademark of International
Business Machines Corporation. HP-UX is a trademark or registered trademark of Hewlett-Packard Company. SSH and Secure Shell are trademarks of
SSH Communications Security, Inc. Rendezvous and Mac OS X are trademarks or registered trademarks of Apple Computer, Inc. All other registered
and unregistered trademarks in this document are the sole property of their respective owners.
Licensing and Patent Information
The IDEA cryptographic cipher described in U.S. patent number 5,214,703 is licensed from Ascom Tech AG. The CAST-128 encryption algorithm,
implemented from RFC 2144, is available worldwide on a royalty-free basis for commercial and non-commercial uses. PGP Corporation has secured a
license to the patent rights contained in the patent application Serial Number 10/655,563 by The Regents of the University of California, entitled Block
Cipher Mode of Operation for Constructing a Wide-blocksize block Cipher from a Conventional Block Cipher. Some third-party software included in PGP
Universal Server is licensed under the GNU General Public License (GPL). PGP Universal Server as a whole is not licensed under the GPL. If you would
like a copy of the source code for the GPL software included in PGP Universal Server, contact PGP Support (https://support.pgp.com). PGP Corporation
may have patents and/or pending patent applications covering subject matter in this software or its documentation; the furnishing of this software or
documentation does not give you any license to these patents.
Acknowledgments
This product includes or may include:
-- The Zip and ZLib compression code, created by Mark Adler and Jean-Loup Gailly, is used with permission from the free Info-ZIP implementation,
developed by zlib (http://www.zlib.net
). -- Libxml2, the XML C parser and toolkit developed for the Gnome project and distributed and copyrighted under
the MIT License found at http://www.opensource.org/licenses/mit-license.html
. Copyright © 2007 by the Open Source Initiative. -- bzip2 1.0, a freely
available high-quality data compressor, is copyrighted by Julian Seward, © 1996-2005. -- Application server (http://jakarta.apache.org/
), web server
(http://www.apache.org/
), Jakarta Commons (http://jakarta.apache.org/commons/license.html) and log4j, a Java-based library used to parse HTML,
developed by the Apache Software Foundation. The license is at www.apache.org/licenses/LICENSE-2.0.txt
. -- Castor, an open-source, data-binding
framework for moving data from XML to Java programming language objects and from Java to databases, is released by the ExoLab Group under an
Apache 2.0-style license, available at http://www.castor.org/license.html
. -- Xalan, an open-source software library from the Apache Software
Foundation that implements the XSLT XML transformation language and the XPath XML query language, is released under the Apache Software
License, version 1.1, available at http://xml.apache.org/xalan-j/#license1.1
. -- Apache Axis is an implementation of the SOAP ("Simple Object Access
Protocol") used for communications between various PGP products is provided under the Apache license found at
http://www.apache.org/licenses/LICENSE-2.0.txt
. -- mx4j, an open-source implementation of the Java Management Extensions (JMX), is released under
an Apache-style license, available at http://mx4j.sourceforge.net/docs/ch01s06.html
. -- jpeglib version 6a is based in part on the work of the
Independent JPEG Group. (http://www.ijg.org/
) -- libxslt the XSLT C library developed for the GNOME project and used for XML transformations is
distributed under the MIT License http://www.opensource.org/licenses/mit-license.html
. -- PCRE Perl regular expression compiler, copyrighted and
distributed by University of Cambridge. ©1997-2006. The license agreement is at http://www.pcre.org/license.txt
. -- BIND Balanced Binary Tree Library
and Domain Name System (DNS) protocols developed and copyrighted by Internet Systems Consortium, Inc. (http://www.isc.org
) -- Free BSD
implementation of daemon developed by The FreeBSD Project, © 1994-2006. -- Simple Network Management Protocol Library developed and
copyrighted by Carnegie Mellon University © 1989, 1991, 1992, Networks Associates Technology, Inc, © 2001- 2003, Cambridge Broadband Ltd. ©
2001- 2003, Sun Microsystems, Inc., © 2003, Sparta, Inc, © 2003-2006, Cisco, Inc and Information Network Center of Beijing University of Posts and
Telecommunications, © 2004. The license agreement for these is at http://net-snmp.sourceforge.net/about/license.html. -- NTP version 4.2
developed
by Network Time Protocol and copyrighted to various contributors. -- Lightweight Directory Access Protocol developed and copyrighted by OpenLDAP
Foundation. OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol (LDAP). Copyright © 1999-2003, The
OpenLDAP Foundation. The license agreement is at http://www.openldap.org/software/release/license.html
. Secure shell OpenSSH developed by
OpenBSD project is released by the OpenBSD Project under a BSD-style license, available at http://www.openbsd.org/cgi-
bin/cvsweb/src/usr.bin/ssh/LICENCE?rev=HEAD. -- PC/SC Lite is a free implementation of PC/SC, a specification for SmartCard integration is released
under the BSD license. -- Postfix, an open source mail transfer agent (MTA), is released under the IBM Public License 1.0, available at
http://www.opensource.org/licenses/ibmpl.php
. -- PostgreSQL, a free software object-relational database management system, is released under a
BSD-style license, available at http://www.postgresql.org/about/licence
. -- PostgreSQL JDBC driver, a free Java program used to connect to a
PostgreSQL database using standard, database independent Java code, (c) 1997-2005, PostgreSQL Global Development Group, is released under a
BSD-style license, available at http://jdbc.postgresql.org/license.html
. -- PostgreSQL Regular Expression Library, a free software object-relational
database management system, is released under a BSD-style license, available at http://www.postgresql.org/about/licence
. -- 21.vixie-cron is the Vixie
version of cron, a standard UNIX daemon that runs specified programs at scheduled times. Copyright © 1993, 1994 by Paul Vixie; used by permission. -
- JacORB, a Java object used to facilitate communication between processes written in Java and the data layer, is open source licensed under the GNU
Library General Public License (LGPL) available at http://www.jacorb.org/lgpl.html
. Copyright © 2006 The JacORB Project. -- TAO (The ACE ORB) is an
open-source implementation of a CORBA Object Request Broker (ORB), and is used for communication between processes written in C/C++ and the
data layer. Copyright (c) 1993-2006 by Douglas C. Schmidt and his research group at Washington University, University of California, Irvine, and
Vanderbilt University. The open source software license is available at http://www.cs.wustl.edu/~schmidt/ACE-copying.html
. -- libcURL, a library for
downloading files via common network services, is open source software provided under a MIT/X derivate license available at
http://curl.haxx.se/docs/copyright.html
. Copyright (c) 1996 - 2007, Daniel Stenberg. -- libuuid, a library used to generate unique identifiers, is released
under a BSD-style license, available at http://thunk.org/hg/e2fsprogs/?file/fe55db3e508c/lib/uuid/COPYING
. Copyright (C) 1996, 1997 Theodore Ts'o. --
libpopt, a library that parses command line options, is released under the terms of the GNU Free Documentation License available at
http://directory.fsf.org/libs/COPYING.DOC
. Copyright © 2000-2003 Free Software Foundation, Inc. -- gSOAP, a development tool for Windows clients to
communicate with the Intel Corporation AMT chipset on a motherboard, is distributed under the gSOAP Public License version 1.3b, available at
4
http://www.cs.fsu.edu/~engelen/license.html. -- Windows Template Library (WTL) is used for developing user interface components and is distributed
under the Common Public License v1.0 found at http://opensource.org/licenses/cpl1.0.php
. -- The Perl Kit provides several independent utilities used to
automate a variety of maintenance functions and is provided under the Perl Artistic License, found at
http://www.perl.com/pub/a/language/misc/Artistic.html
. -- rEFIt - libeg, provides a graphical interface library for EFI, including image rendering, text
rendering, and alpha blending, and is distributed under the license found at
http://refit.svn.sourceforge.net/viewvc/*checkout*/refit/trunk/refit/LICENSE.txt?revision=288
. Copyright (c) 2006 Christoph Pfisterer. All rights reserved.
-- Java Radius Client, used to authenticate PGP Universal Web Messenger users via Radius, is distributed under the Lesser General Public License
(LGPL) found at http://www.gnu.org/licenses/lgpl.html
. -- Yahoo! User Interface (YUI) library version 2.5.2, a Web UI interface library for AJAX.
Copyright (c) 2009, Yahoo! Inc. All rights reserved. Released under a BSD-style license, available at http://developer.yahoo.com/yui/license.html. --
JSON-lib version 2.2.1, a Java library used to convert Java objects to JSON (JavaScript Object Notation) objects for AJAX. Distributed under the Apache
2.0 license, available at http://json-lib.sourceforge.net/license.html
. -- EZMorph, used by JSON-lib, is distributed under the Apache 2.0 license, available
at http://ezmorph.sourceforge.net/license.html
. -- Apache Commons Lang, used by JSON-lib, is distributed under the Apache 2.0 license, available at
http://commons.apache.org/license.html
. -- Apache Commons BeanUtils, used by JSON-lib, is distributed under the Apache 2.0 license, available at
http://commons.apache.org/license.html
. -- SimpleIni is an .ini format file parser and provides the ability to read and write .ini files, a common
configuration file format used on Windows, on other platforms. Distributed under the MIT License found at http://www.opensource.org/licenses/mit-
license.html. Copyright 2006-2008, Brodie Thiesfield. -- uSTL provides a small fast implementation of common Standard Template Library functions and
data structures and is distributed under the MIT License found at http://www.opensource.org/licenses/mit-license.html
. Copyright (c) 2005-2009 by
Mike Sharov <[email protected]
>. -- Protocol Buffers (protobuf), Google's data interchange format, are used to serialize structure data in
the PGP SDK. Distributed under the BSD license found at http://www.opensource.org/licenses/bsd-license.php. Copyright 2008
Google Inc. All rights
reserved.
Additional acknowledgements and legal notices are included as part of the PGP Universal Server.
Export Information
Export of this software and documentation may be subject to compliance with the rules and regulations promulgated from time to time by the Bureau
of Export Administration, United States Department of Commerce, which restricts the export and re-export of certain products and technical data.
Limitations
The software provided with this documentation is licensed to you for your individual use under the terms of the End User License Agreement provided
with the software. The information in this document is subject to change without notice. PGP Corporation does not warrant that the information meets
your requirements or that the information is free of errors. The information may include technical inaccuracies or typographical errors. Changes may be
made to the information and incorporated in new editions of this document, if and when made available by PGP Corporation.
i
Contents
Introduction 1
About PGP Whole Disk Encryption for Linux 1
Important Terms 2
Audience 3
System Requirements 3
Using PGP Whole Disk Encryption for Linux in a PGP Universal Server-Managed Environment 4
Installing and Uninstalling 5
Installing 5
Uninstalling 6
Licensing 7
Overview 7
--license-authorize 8
Licensing via a Proxy Server 8
Enrolling 11
Overview 11
--enroll 12
--check-enroll 13
The Command-Line Interface 15
Overview 15
Scripting 16
WDE-ADMIN Active Directory Group 16
Passphrases 16
--interactive 17
Before You Encrypt 19
Ensure Disk Health 19
Choose Encryption Options 20
Maintain Power Throughout Encryption 20
The Encryption Process 21
Overview 21
Using --secure 21
ii
PGP WDE for Linux User's Guide Contents
Using Individual Commands 22
The PGP BootGuard Screen 25
Overview 25
Authenticating 26
Authenticating if You Have Forgotten Your Passphrase 27
Choosing a Keyboard 28
Generic Commands 29
--help (-h) 29
--version 30
Disk Information Commands 31
--enum 31
--info 32
--show-config 33
--status 33
Boot Bypass Commands 35
--add-bypass 35
--check-bypass 36
--remove-bypass 37
Disk Operation 39
--decrypt 39
--encrypt 40
--resume 41
--secure 42
--stop 43
Disk Management 45
--auth 45
--instrument 46
--uninstrument 46
User Management Commands 49
--add-user 49
--change-passphrase 50
--change-userdomain 51
--list-user 52
iii
PGP WDE for Linux User's Guide Contents
--remove-user 53
--verify-user 53
PGP BootGuard Customization Commands 55
--set-background 55
--set-language 56
--set-sound 57
--set-start 58
--set-text 59
Recovery Token Commands 61
--new-wdrt 61
Local Self Recovery 63
--recovery-configure 64
--recovery-questions 65
--recovery-verify 66
--recovery-remove 67
--recovery-change-passphrase 67
Authenticating if you Have Forgotten Your Passphrase 68
Options 71
Overview 72
"Secure" Options 74
--admin-authorization 74
--admin-passphrase 74
--all 75
--answers-file 75
--auto-start 75
--beep 75
--dedicated-mode 76
--disk (-d) 76
--display 76
--domain-name 77
--fast-mode 77
--image 77
--interactive 77
--keyboard 78
--keyid 78
--license-email 78
--license-name 79
--license-number 79
--license-organization 79
--message 80
iv
PGP WDE for Linux User's Guide Contents
--new-domain 80
--new-passphrase 80
--no-beep 80
--partition 81
--passphrase (-p) 81
--questions-file 81
--recovery-token 82
--safe-mode 82
--username 82
Quick Reference 83
Commands 83
Options 85
Troubleshooting 87
Overview 87
Encryption Does Not Begin 88
Encryption Does Not Finish 89
Problems at PGP BootGuard 91
1
This guide tells you how to use PGP Whole Disk Encryption for Linux.
In This Chapter
About PGP Whole Disk Encryption for Linux............................................. 1
Important Terms ........................................................................................2
Audience ....................................................................................................3
System Requirements ...............................................................................3
Using PGP Whole Disk Encryption for Linux in a PGP Universal Server-
Managed Environment...............................................................................3
About PGP Whole Disk Encryption for Linux
Thank you for using PGP Whole Disk Encryption for Linux, a software product
from PGP Corporation that locks down the entire contents of your Linux system
using PGP Whole Disk Encryption (WDE) technology.
For more information about PGP WDE, see the:
 PGP Desktop User's Guide
 PGP WDE Quick Start Guide
 PGP WDE Data Sheet (available via the PGP WDE page on the PGP
Corporation website)
PGP Whole Disk Encryption for Linux gives you access to PGP WDE
functionality using a command-line interface.
The encryption algorithm used by PGP Whole Disk Encryption for Linux is AES-
256. The hashing algorithm is SHA-1. You cannot change these.
Warning: Once you unlock a disk, its files are available to you—as well as
anyone else who can physically use your system. Your files are unlocked until
you lock them again by shutting down your system.
1
Introduction
2
PGP WDE for Linux User's Guide Introduction
Important Terms
Understanding the following terms will help make it easier to use PGP Whole
Disk Encryption for Linux:
 PGP Whole Disk Encryption (PGP WDE): a technology that encrypts the
entire contents of a disk; boot disks, partitions, and non-boot disks such as
USB thumb drives can all be whole disk encrypted.
 PGP Whole Disk Encryption for Linux: a software product from PGP
Corporation that brings PGP WDE technology to the Linux platform,
allowing you to lock down the entire contents of your Linux system.
 command line: the interface to PGP Whole Disk Encryption for Linux
functionality. All PGP Whole Disk Encryption for Linux commands and
options are accessed via the command-line interface.
 passphrase user: a user who can authenticate to an encrypted disk using a
passphrase.
 public-key user: a user who can authenticate to an encrypted disk using
the passphrase to the corresponding private key.
 encrypt: the process of "scrambling" data so that it is not usable unless you
properly authenticate.
 decrypt: the process of "unscrambling" encrypted data.
 master boot record (MBR): software on a disk that is "in front" of the
partition table; that is, it is implemented during the startup process before
the operating system itself. The instructions in the MBR tells the system
how to boot.
 instrument: a part of the process of whole disk encrypting a disk/partition
where the Linux MBR is replaced with the PGPMBR.
 PGPMBR: an MBR from PGP Corporation that implements the PGP
BootGuard. Once a disk is instrumented, even if it is not fully encrypted,
subsequent startups will bring up PGP BootGuard.
 PGP BootGuard: the screen that appears after instrumenting a disk that
requires proper authentication for the boot process to continue. If proper
authentication is not provided, the boot process will not continue; the
operating system will not load and the system will not be usable.
 uninstrument: removing the PGPMBR and replacing it with the original
Linux MBR (which was saved when the disk was instrumented).
 whole disk recovery token (WDRT): an additional passphrase for a whole
disk encrypted disk that is passed to the appropriate PGP Universal Server
if the disk is part of a PGP Universal-managed environment.
 PGP Universal Server: a management console for securing data from PGP
Corporation.
3
PGP WDE for Linux User's Guide Introduction
 managed user: someone using PGP Whole Disk Encryption for Linux in a
PGP Universal Server-managed environment. Managed users receive
policies and settings from their PGP Universal Server.
 enroll: the process of a user in a PGP Universal Server-managed
environment contacting their PGP Universal Server so that they can receive
applicable policies and settings.
 standalone user: someone using PGP Whole Disk Encryption for Linux
with no associated PGP Universal Server. Standalone users establish their
own policies and settings.
 recovery: the process of restoring access to a disk/partition that has been
whole disk encrypted but now cannot be decrypted.
Audience
This User's Guide is for anyone who is going to be using PGP Whole Disk
Encryption for Linux to perform PGP WDE functions on their Linux system.
System Requirements
The system requirements for PGP Whole Disk Encryption for Linux are:
 Ubuntu 8.04 and 9.04 (32-bit versions) and Red Hat Enterprise
Linux/CentOS 5.2 and 5.3 (32-bit versions), Ubuntu 8.04 and 9.04 (64-bit
versions), Red Hat Enterprise Linux 5.2 and 5.3 (64-bit versions)
Note: CentOS is free, open source software based on Red Hat Enterprise
Linux. For the purposes of supporting PGP Whole Disk Encryption for Linux,
the two are functionally equivalent.
 512 MB of RAM
 64 MB hard disk space
4
PGP WDE for Linux User's Guide Introduction
Using PGP Whole Disk Encryption for Linux in a PGP
Universal Server-Managed Environment
If you are using PGP Whole Disk Encryption for Linux in a PGP Universal Server-
managed environment, your PGP Universal administrator may have enabled or
disabled certain features. For example, you may be required to encrypt your
drive immediately after enrolling with your PGP Universal Server.
If you have any questions about features that may be have been automatically
enabled or disabled, contact your PGP Universal administrator.
5
This section describes how to install and uninstall PGP Whole Disk Encryption
for Linux.
In This Chapter
Installing.....................................................................................................5
Uninstalling ................................................................................................6
Installing
The PGP Whole Disk Encryption for Linux installer is a bsx (Bash Self-eXtracting)
file.
You must have root privileges to install.
Note: The installer file may have a slightly different filename than shown in
the procedure below depending on the platform you are installing onto.
 To install PGP Whole Disk Encryption for Linux
1 Download the installer file, called
pgp_desktop_10.0.1_linux_ub9.04_i386.bsx for Ubuntu 9.04, to a
known location on your system.
2 Begin the installation process using either of the following methods:
a Make the file an executable (using chmod +x [filename]),
then use ./[filename] Enter to begin the installation.
or
b Begin the installation via a shell: bash [filename] Enter
3 Follow the on-screen instructions.
4 Reboot your system when the installation is complete.
2
Installing and Uninstalling
6
PGP WDE for Linux User's Guide Installing and Uninstalling
Uninstalling
Use the built-in uninstaller for the version of Linux you are using to uninstall PGP
Whole Disk Encryption for Linux. You must have root privileges to uninstall.
Warning: You must decrypt any whole disk encrypted drives before
uninstalling PGP Whole Disk Encryption for Linux or removing any packages.
The packages that are installed are: pgp-libs, pgpwde, pgp-release, and kmod-
pgpwde.
7
This section describes how to license PGP Whole Disk Encryption for Linux.
You must license PGP Whole Disk Encryption for Linux if you are using it
standalone; that is, you are not in a PGP Universal Server-managed
environment.
You do not need to enroll PGP Whole Disk Encryption for Linux if you are using
it standalone; that is only required for PGP Universal Server-managed
environments.
Note: As PGP Whole Disk Encryption for Linux will not operate normally until
licensed, you should license it immediately after installation.
In This Chapter
Overview....................................................................................................7
--license-authorize ......................................................................................8
Licensing via a Proxy Server ...................................................................... 8
Overview
PGP Whole Disk Encryption for Linux requires a valid license to operate. This
section describes how to license your copy of PGP Whole Disk Encryption for
Linux.
PGP Whole Disk Encryption for Linux supports the following licensing scenarios:
 Using a License Number. This is the normal method to license PGP Whole
Disk Encryption for Linux. You must have your license information and a
working connection to the Internet.
 Through a Proxy Server. If you connect to the Internet through a proxy
server, use this method to license PGP Whole Disk Encryption for Linux.
You must have your license information and the appropriate proxy server
information.
The licensing command is --license-authorize.
Once PGP Whole Disk Encryption for Linux is correctly installed and licensed on
your system, you can encrypt your drive. See The Encryption Process for
complete information.
3
Licensing
8
PGP WDE for Linux User's Guide Licensing
--license-authorize
Use --license-authorize to license PGP Whole Disk Encryption for Linux.
The usage format is:
pgpwde --license-authorize --license-name <name>
--license-number <number> [--license-email
<emailaddress>] [--license-organization <org>]
Where:
 --license-authorize is the command to license PGP Whole Disk
Encryption for Linux.
 --license-name is the option to specify the user.
<name> is your name or a descriptive name.
 --license-number is the option to enter a license number.
<number> is a valid license number for PGP Whole Disk Encryption for
Linux.
 --license-email is the option to enter an email address.
<emailaddress> is a valid email address.
 --license-organization is the option to enter an organization.
<org> is the name of your organization.
If you decide not to enter a license email, you may see a warning message but
your license will authorize.
Example:
pgpwde --license-authorize --license-name "Alice
Cameron"
--license-number "aaaaa-bbbbb-ccccc-ddddd-eeeee-fff"
--license-email "[email protected]
"
--license-organization "Example Corporation"
(When entering this text, it all goes on a single line.)
Licensing via a Proxy Server
If the Internet access of the system hosting PGP Whole Disk Encryption for
Linux is via an HTTP proxy connection, you can still license your copy of PGP
Whole Disk Encryption for Linux directly; you simply need to add the necessary
proxy information.
Use --license-authorize to license PGP Whole Disk Encryption for Linux
via a proxy server.
9
PGP WDE for Linux User's Guide Licensing
The usage format is:
pgpwde --license-authorize --license-name <name>
--license-number <number> [--license-email
<emailaddress>] [--license-organization <org>] [--proxy-
server <proxyserver>] [--proxy-username <proxyusername>]
[--proxy-passphrase <proxypass>]
Where:
 --license-authorize is the command to license PGP Whole Disk
Encryption for Linux.
 --license-name is the option to specify the user.
<name> is your name or a descriptive name.
 --license-number is the option to enter a license number.
<number> is a valid license number for PGP Whole Disk Encryption for
Linux.
 --license-email is the option to enter an email address.
<emailaddress> is a valid email address.
 --license-organization is the option to enter an organization.
<org> is the name of your organization.
 --proxy-server is the command to go through a proxy server to access
the Internet.
<proxyserver> is the appropriate proxy server.
 --proxy-username is the command to specify a user on the proxy server
when authentication is required.
<proxyusername> is a valid username on the specified proxy server.
 --proxy-passphrase is the option to specify the passphrase of the
specified user when authentication is required.
<proxypass> is the passphrase for the specified user on the proxy server.
Example:
pgpwde --license-authorize --license-name "Alice
Cameron"
--license-number "aaaaa-bbbbb-ccccc-ddddd-eeeee-fff"
--license-email "[email protected]
"
--license-organization "Example Corporation"
--proxy-server "proxyserver.example.com"
--proxy-username "acameron"
--proxy-passphrase 'a_cameron1492sailedblue'
(When entering this text, it all goes on a single line.)
11
This section describes how to enroll PGP Whole Disk Encryption for Linux.
You must enroll PGP Whole Disk Encryption for Linux if you are using it in a PGP
Universal Server-managed environment.
You do not need to license PGP Whole Disk Encryption for Linux in a PGP
Universal Server-managed environment, as the license is included in the
installer.
Note: As PGP Whole Disk Encryption for Linux will not operate normally until
you enroll, you should enroll immediately after installation.
In This Chapter
Overview..................................................................................................11
--enroll ......................................................................................................12
--check-enroll............................................................................................13
Overview
You must enroll with a PGP Universal Server before you can use any PGP Whole
Disk Encryption for Linux features in a PGP Universal Server-managed
environment.
When enrollment is complete, PGP Whole Disk Encryption for Linux will receive
policies and settings from its PGP Universal Server. It will also send information
to the PGP Universal Server that can be seen by the PGP Universal
administrator.
Note: You must initiate enrollment on your own. You will not be prompted to
do so.
Enrollment uses LDAP credentials. The username and passphrase required for
both enrolling and checking enrollment status are the username and passphrase
of the user on the LDAP server.
If enrollment is unsuccessful, contact your PGP Universal administrator for
assistance.
4
Enrolling
12
PGP WDE for Linux User's Guide Enrolling
You can check the enrollment status of a client using the --check-enroll
command. When successful, this command will note that the client is enrolled
and will download the latest policies and settings. If unsuccessful, this means
that the client must enroll again because of a change of policies or settings on
the PGP Universal Server.
Once PGP Whole Disk Encryption for Linux is correctly installed on your system
and you have enrolled, you can encrypt your drive. Refer to The Encryption
Process for complete information.
--enroll
Use --enroll to enroll PGP Whole Disk Encryption for Linux.
Entering a username and passphrase on the command line are optional. If you
do not enter them, you will be prompted for them.
Note: --enroll is preceded by pgpenroll instead of the usual pgpwde.
The usage format is:
pgpenroll --enroll [--username <user>] [--passphrase
<phrase>]
Where:
 --enroll is the command to enroll with a PGP Universal Server.
 --username specifies a username for an operation (optional).
<user> is the username (on the LDAP server) of the user being enrolled.
 --passphrase specifies the passphrase for an operation (optional).
<phrase> is the passphrase (on the LDAP server) of the user being
enrolled.
Examples:
 pgpenroll --enroll --username "Alice Cameron"
--passphrase 'Frodo@Baggins22'
This example shows user Alice Cameron enrolling PGP Whole Disk
Encryption for Linux. The username and passphrase she is using are her
credentials on her organization's LDAP server.
 pgpenroll --enroll
This example shows a user enrolling PGP Whole Disk Encryption for Linux.
Because the username and passphrase are not supplied on the command
line, the enrolling user will be prompted for them.
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100

PGP Whole Disk Encryption for Linux 10.0.3 User guide

Type
User guide

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI