PGP™ Desktop for Mac OS X User's Guide - Desktop for Mac OS X User's Guide 10.2 The software described…

  • Published on
    11-Mar-2019

  • View
    212

  • Download
    0

Embed Size (px)

Transcript

PGP Desktop for Mac OS X

User's Guide

10.2

The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Version 10.2.0. Last updated: July 2011.

Legal Notice Copyright (c) 2011 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, PGP, Pretty Good Privacy, and the PGP logo are trademarks or registered trademarks of Symantec Corporation or its

affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering.

No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if

any.

THE DOCUMENTATION IS PROVIDED"AS IS"AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING

ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT

TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR

INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION.

THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights

as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. Commercial Computer

Software and Commercial Computer Software Documentation, as applicable, and any successor regulations. Any use, modification, reproduction

release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with

the terms of this Agreement.

Symantec Corporation

350 Ellis Street

Mountain View, CA 94043

Symantec Home Page (http://www.symantec.com)

Printed in the United States of America.

10 9 8 7 6 5 4 3 2 1

http://www.symantec.com/

1

Contents

About PGP Desktop 10.2 for Mac OS X

What's New in PGP Desktop Version 10.2 for Mac OS X 1

Using this Guide 2

Managed versus Unmanaged Users 2

Conventions Used in This Guide 3

Who Should Read This Document 3

About PGP Desktop Licensing 3

About PGP Desktop Licensing 4

Checking License Details 4

If Your License Has Expired 6

Technical Support 6

Contacting Technical Support 7

Licensing and registration 7

Customer service 7

Support agreement resources 8

PGP Desktop Basics 9

PGP Desktop Terminology 9

PGP Product Components 9

Terms Used in PGP Desktop 10

Conventional and Public Key Cryptography 11

Using PGP Desktop for the First Time 12

Installing PGP Desktop 15

System Requirements 15

Installing and Configuring PGP Desktop 15

Installing the Software 16

Using PGP Desktop with Apple Boot Camp 16

Upgrading the Software 17

Licensing PGP Desktop 19

Running the Setup Assistant 19

Integrating with Entourage 2008 20

Uninstalling PGP Desktop 20

Moving Your PGP Desktop Installation from One Computer to Another 21

The PGP Desktop User Interface 23

Accessing PGP Desktop Features 23

PGP Desktop Main Screen 24

Using the PGP Desktop Icon in the Menu Bar 25

Using the PGP Dock Icon 26

Using the Mac OS X Finder 27

PGP Desktop Notifier alerts 27

PGP Desktop Notifier for Messaging 27

PGP Desktop and the Finder 31

Overview 31

ii Contents

Encrypt, Sign, or Encrypt and Sign 31

Shred 33

Decrypt/Verify 33

Mount or Unmount a PGP Virtual Disk Volume 34

Import a PGP Key 34

Add PGP Public Keys to Your Keyring 35

Extract the Contents of a PGP Zip Archive 35

Viewing the PGP Log 36

Working with PGP Keys 37

Viewing Keys 38

Creating a Smart Keyring 38

Creating a Keypair 40

Expert Mode Key Settings 41

Protecting Your Private Key 42

Protecting Keys and Keyrings 43

Backing up Your Private Key 43

What if You Lose Your Key? 44

Distributing Your Public Key 44

Placing Your Public Key on a Keyserver 44

Including Your Public Key in an Email Message 45

Exporting Your Public Key to a File 46

Getting the Public Keys of Others 46

Getting Public Keys from a Keyserver 47

Getting Public Keys from Email Messages 48

Working with Keyservers 48

Using Master Keys 49

Adding Keys to the Master Key List 49

Deleting Keys from the Master Key List 50

Managing PGP Keys 51

Examining and Setting Key Properties 51

Adding and Removing Photographs 52

Managing User Names and Email Addresses on a Key 53

Importing Keys and X.509 Certificates 54

Importing X.509 Certificates Included in S/MIME Email Messages 54

Changing Your Passphrase 54

Deleting Keys, User IDs, and Signatures 55

Disabling and Enabling Public Keys 56

Verifying a Public Key 56

Signing a Public Key 57

Revoking Your Signature from a Public Key 58

Granting Trust for Key Validations 59

To grant trust to a key 59

Working with Subkeys 60

Using Separate Subkeys 62

Viewing Subkeys 62

Creating New Subkeys 62

Specifying Key Usage for Subkeys 63

Revoking Subkeys 64

Removing Subkeys 64

iii Contents

Working with ADKs 64

Adding an ADK to a Keypair 65

Updating an ADK 65

Removing an ADK 65

Working with Revokers 66

Appointing a Designated Revoker 66

Revoking a Key 66

Splitting and Rejoining Keys 67

Creating a Split Key 67

Rejoining Split Keys 68

If You Lost Your Key or Passphrase 69

Reconstructing Keys with PGP Universal Server 70

Creating Key Reconstruction Data 70

Reconstructing Your Key if You Lost Your Key or Passphrase 72

Protecting Your Keys 73

Securing Email Messages 75

How PGP Desktop Secures Email Messages 75

Incoming Messages 76

Understanding Annotations on Incoming Messages 77

Outgoing Messages 78

Securing Sent Items on IMAP Email Servers 78

Using Offline Policy 78

Services and Policies 79

Viewing Services and Policies 80

Creating a New Messaging Service 81

Editing Message Service Properties 83

Disabling or Enabling a Service 83

Deleting a Service 84

Multiple Services 84

Troubleshooting PGP Messaging Services 85

Creating a New Security Policy 86

Regular Expressions in Policies 91

Security Policy Information and Examples 92

Working with the Security Policy List 95

Editing a Security Policy 95

Editing a Mailing List Policy 95

Deleting a Security Policy 99

Changing the Order of Policies in the List 99

PGP Desktop and SSL 100

Key Modes 101

Determining Key Mode 102

Changing Key Mode 102

Viewing the PGP Log 103

Using PGP Scripts with Entourage 2008 104

Securing Instant Messaging 105

About PGP Desktop Instant Messaging Compatibility 105

Instant Messaging Client Compatibility 106

About the Keys Used for Encryption 106

Encrypting your IM Sessions 107

iv Contents

Viewing Email with PGP Viewer 109

Overview of PGP Viewer 109

Supported Email Clients 110

Opening an Encrypted Email Message or File 110

Copying Email Messages to Your Inbox 111

Exporting Email Messages 111

PGP Viewer Preferences 112

Security Features in PGP Viewer 112

Protecting Disks with PGP Whole Disk Encryption 115

About PGP Whole Disk Encryption 116

Encrypting Boot Disks 117

How does PGP WDE Differ from PGP Virtual Disk? 117

Licensing PGP Whole Disk Encryption 117

License Expiration 118

Prepare Your Disk for Encryption 118

Supported Disk Types 119

Supported Keyboards 119

Ensure Disk Health Before Encryption 120

Calculate the Encryption Duration 120

Run a Pilot Test to Ensure Software Compatibility 121

Determine the Authentication Method for the Disk 121

Encrypting a Disk 121

Supported Characters 122

Encrypting the Disk 122

Encountering Disk Errors During Encryption 124

Using a PGP-WDE Encrypted Disk 125

Authenticating at the PGP BootGuard Screen 125

Authenticating With a User Name 126

Maintaining the Security of Your Disk 126

Viewing Key Information on an Encrypted Disk 127

Modifying the System Partition 127

Adding Other Users to an Encrypted Disk 127

Deleting Users From an Encrypted Disk 128

Changing User Passphrases 128

Re-Encrypting an Encrypted Disk 128

Backing Up and Restoring 129

Uninstalling PGP Desktop from Encrypted Disks 129

Using PGP WDE in a PGP Universal Server-Managed Environment 130

PGP Whole Disk Encryption Administration 130

Creating a Recovery Token 130

Using a Recovery Token 131

Recovering Data From an Encrypted Drive 131

Creating and Using Recovery Disks 132

Decrypting an Encrypted Disk 133

Moving Removable Disks to Other Systems 133

Accessing Data on Encrypted Removable Disks 134

Special Security Precautions Taken by PGP Desktop 134

Passphrase Erasure 134

Virtual Memory Protection 134

Contents v

Memory Static Ion Migration Protection 134

Other Security Considerations 135

Technical Details About Encrypting Boot Disks 135

Using PGP Virtual Disks 137

About PGP Virtual Disks 137

Creating a New PGP Virtual Disk 138

Viewing the Properties of a PGP Virtual Disk 141

Using a Mounted PGP Virtual Disk 141

Mounting a PGP Virtual Disk 142

Unmounting a PGP Virtual Disk 142

Set Mount Location 143

Compacting a PGP Virtual Disk 143

Re-Encrypting PGP Virtual Disks 143

Working with Alternate Users 144

Adding Alternate User Accounts to a PGP Virtual Disk 144

Deleting Alternate User Accounts From a PGP Virtual Disk 145

Disabling and Enabling Alternate User Accounts 145

Changing Read/Write and Read-Only Status 146

Granting Administrator Status to an Alternate User 146

Changing User Passphrases 147

Deleting PGP Virtual Disks 147

Maintaining PGP Virtual Disks 148

Mounting PGP Virtual Disk Volumes on a Remote Server 148

Backing up PGP Virtual Disk Volumes 148

Exchanging PGP Virtual Disks 149

The PGP Virtual Disk Encryption Algorithms 149

Special Security Precautions Taken by PGP Virtual Disk 150

Passphrase Erasure 150

Virtual Memory Protection 150

Memory Static Ion Migration Protection 150

Other Security Considerations 151

Accessing Mobile Data with PGP Portable 153

Accessing Data on a PGP Portable Disk 153

Changing the Passphrase for a PGP Portable Disk 155

Unmounting a PGP Portable Disk 155

Using PGP Zip 157

Overview 157

Creating PGP Zip Archives 158

Opening a PGP Zip Archive 159

Verifying Signed PGP Zip Archives 159

Shredding Files with PGP Shredder 161

Using PGP Shredder to Permanently Delete Files and Folders 161

Shredding Files using the PGP Shredder icon 162

Shredding Files using the Shred Files Icon in the PGP Desktop Toolbar 162

vi Contents

Shredding Files using the Shred Command from the File menu 163

Shredding Files in the Finder 163

Setting Preferences 165

Accessing PGP Desktop Preferences 165

General Preferences 166

Keys Preferences 167

Master Keys Preferences 169

Messaging Preferences 170

Proxy Options 172

Disk Preferences 173

Notifications Preferences 174

Advanced Preferences 176

Working with Passwords and Passphrases 179

Choosing whether to use a password or passphrase 179

The Passphrase Quality Bar 180

Creating Strong Passphrases 181

What if You Forget Your Passphrase? 182

Saving Your Passphrase in the Keychain 182

Using PGP Desktop with PGP Universal Server 185

Overview 185

For PGP Administrators 186

Manually binding to a PGP Universal Server 187

Index 189

1 About PGP Desktop 10.2 for Mac OS X PGP Desktop is a security tool that uses cryptography to protect your data against unauthorized access.

PGP Desktop protects your data while being sent by email or by instant messaging (IM). It lets you encrypt your entire hard drive or hard drive partition (on Windows systems)so everything is protected all the timeor just a portion of your hard drive, via a virtual disk on which you can securely store your most sensitive data. You can use it to share your files and folders securely with others over a network. It lets you put any combination of files and folders into an encrypted, compressed package for easy distribution or backup. Finally, use PGP Desktop to shred (securely delete) sensitive filesso that no one can retrieve themand shred free space on your hard drive, so there are no unsecured remains of any files.

Use PGP Desktop to create PGP keypairs and manage both your personal keypairs and the public keys of others.

To make the most of PGP Desktop, you should be familiar with PGP Desktop Terminology (on page 9). You should also understand conventional and public-key cryptography, as described in Conventional and Public Key Cryptography (on page 11).

In This Chapter

What's New in PGP Desktop Version 10.2 for Mac OS X........................................... 1

Using this Guide .............................................................................................................. 2

Who Should Read This Document ................................................................................ 3

About PGP Desktop Licensing ....................................................................................... 3

Technical Support ........................................................................................................... 6

What's New in PGP Desktop Version 10.2 for Mac OS X Building on Symantec Corporations proven technology, PGP Desktop 10.2 for Mac OS X includes numerous improvements and the following new and resolved features.

General Symantec identity branding. The user interface and all user assistance (including

help and users guides) have been rebranded to include the Symantec logo and colors. All product names remain the same. PGP Desktop for Windows and PGP Desktop for Mac OS X.

2 About PGP Desktop 10.2 for Mac OS X Using this Guide

Messaging Symantec PGP Viewer for iOS. A separate application for the iPhone and iPad that

you use to read encrypted email messages on your iOS mobile device. Available at no cost through the Apple App Store. Requires integration with PGP Universal Server to manage keys.

PGP Whole Disk Encryption AES-NI for Mac OS X and Linux systems. If your Mac OS X or Linux system

supports the Intel Advanced Encryption Standard (AES) Instructions (AES-NI), your system is encrypted and decrypted using the hardware associated with this encryption algorithm. AES-NI provides improved performance during encryption and de...