PGP Desktop Corporate

Overview

Email, mobile computers, and file servers have quickly emerged as industry-standard tools for increasing communication, user productivity, and collaboration. Unfortunately, unprotected email, files, and devices pose a critical risk to an enterprise's most sensitive data: customer information, financial data, trade secrets, and other proprietary information. Exposure of this data can result in financial loss, legal ramifications, and brand damage.

PGP® Desktop Corporate provides flexible, multilayered encryption using PGP® Desktop Email and PGP® Whole Disk Encryption to secure confidential data in email and in files stored on local desktop or laptop systems and using PGP® NetShare to securely share files with selected colleagues. This approach ensures that only authorized users can access sensitive data, fulfilling partner and regulatory requirements for information partitioning and security.

• Easy, automatic operation-Protects data without changing the user experience.
• Enforced security policies-Automatically enforce email and data protection with centrally managed policies.
• Accelerated deployment-Achieves end-to-end email and data encryption using the existing infrastructure.
• Reduced operation costs-Result from centrally automating email encryption policies.

As a PGP Encryption Platform -enabled application, PGP Desktop Corporate can be used with PGP Universal™ Server to manage existing policies, users, keys, and configurations, expediting deployment and policy enforcement. PGP Desktop Corporate can also be used in combination with other PGP® encryption applications to provide multiple layers of security.

Technical Specifications

Technical Specifications

Supported Operating Systems

• Microsoft Windows Vista (all 32-bit and 64-bit versions, including Service Pack 1)
• Microsoft Windows XP Professional 32-bit (Service Pack 1, 2 and 3)
• Microsoft Windows XP Professional 64-bit (Service Pack 1 and 2)
• Microsoft Windows XP Tablet PC Edition 2005 (requires attached keyboard)
• Microsoft Windows XP Home
• Microsoft Windows 2003 Server (Service Pack 1 and 2)*
• Microsoft Windows 2000 Professional (Service Pack 4)

* Full disk encryption functionality is not supported on Windows 2000 Server or 2003 Server.

Localization

• English
• German
• Japanese

Authentication Options

• OpenPGP RFC 4880 keys
• X.509 keys

Messaging Protocols

• POP3
• IMAP
• SMTP
• MAPI
• Lotus Notes

Messaging Security Standards

• PGP/MIME RFC 3156
• OpenPGP RFC 4880
• S/MIME v3 RFC 2633
• X.509 v3

Supported Storage Systems-PGP® NetShare

• Windows file shares (SMB, CIFS, and Samba)
• Locally attached hard drives (internal and external)
• USB flash drives

Supported Email Clients

• Microsoft Outlook 2007 SP1 (Outlook 12)
• Microsoft Outlook 2003 SP3
• Microsoft Outlook XP SP3
• Microsoft Outlook 2000 SP3
• Windows Mail 6.0.6000.16386
• Outlook Express 6
• Mozilla Thunderbird 2.0
• Lotus Notes 6.5.6, 7.0.3, and 8.01
• Novell GroupWise 6.5
• Apple Mail 2.1.1 and 3.3
• Microsoft Entourage 2008

Supported IM Clients

• AOL Instant Messenger 5.9.x, 6.5.5 for Windows
• Trillian 3.1 (Basic and Pro)

Symmetric Key Algorithms

• AES (up to 256-bit keys)
• CAST
• TripleDES
• IDEA
• Twofish

Symmetric Key Algorithms-PGP® Whole Disk Encryption

• AES 256-bit keys

Symmetric Key Algorithm-PGP® NetShare

• AES 256-bit keys in EME mode

Hashes

• SHA-2 (up to 512-bit hashes)
• SHA-1
• MD5
• RIPEMD-160

Public Key Algorithms

• Diffie-Hellman
• DSA (1024-bit keys only)
• RSA (up to 4096-bit keys)

Centralized Management Requirements

• PGP Universal™ Server 2.9*

* PGP Universal Server requires a dedicated server.

Two-Factor Authentication

Supported USB Tokens-PGP® Desktop Email, PGP NetShare, PGP® Virtual Disk, and PGP® Zip

PGP® Desktop Corporate recognizes and works with the following:

• DoD Common Access Cards (CACs) with the ActivCard Gold 2.0 profile
• Athena Smart Card Solutions smart cards, including the ASEKey USB token
• AET SafeSign smart cards, including ASEKey 1.0
• Axalto (formerly Schlumberger) smart cards, including the Cryptoflex 32K
• SafeNet® smart cards, including iKey 2032
• Aladdin smart cards, including eToken PRO USB 16K, 32K, and 64K
• GemPlus smart cards, including SafesITe and GemXpresso Pro, using GemSafe Libraries 4.2.0-015 (Gold)

PGP Desktop Corporate also recognizes and works with smart cards from other vendors, if the vendor includes a standards-based PKCS-11 library in their software drivers.

Technical Specifications

The following smart card readers are supported for communicating to a smart card at pre-boot time. These readers can be used with any supported removable smart card (it is not necessary to use the same brand of smart card and reader). Any CCID smart card reader is supported. The following readers have been tested by PGP Corporation:

• OMNIKEY CardMan 3121 USB for desktop systems
• OMNIKEY CardMan 6121 USB for mobile systems
• ActivIdentity® USB 2.0 reader
• Reiner SCT CyberJack® pinpad
• Athena ASEDrive IIIe USB reader

PGP® Whole Disk Encryption supports the following smart cards for pre-boot authentication:

• ActiveIdentity ActivClientCAC cards, 2005 models
• Aladdin eToken 64K, 2048-bit RSA-capable¹
• Aladdin eToken PRO USB Key 32K, 2048-bit RSA-capable¹
• Aladdin eToken PRO without 2048-bit capability (older smart cards)¹
• Athena ASEKey Crypto USB Token for Microsoft ILM²
• Athena ASECard Crypto Smart Card for Microsoft ILM²
• EMC RSA SecurID SID800 Token³
• Charismathics CryptoIdentity plug 'n' crypt Smart Card only stick
• S-Trust StarCOS smart card⁴
• Rainbow iKey 3000

¹ Other Aladdin eTokens, such as tokens with flash, should work provided they are APDU compatible with the supported tokens. OEM versions of Aladdin eTokens, such as those issued by VeriSign, should work provided they are APDU compatible with the supported tokens.
² The Athena tokens are supported only for credential storage.
³ This token is supported only for credential storage. SecurID is not supported.
⁴ S-Trust SECCOS cards are not supported.

FAQ

General

What is PGP Desktop Corporate and why is it important?

PGP Desktop Corporate combines the automated desktop email encryption of PGP Desktop Email and the network storage encryption of PGP NetShare with the transparent full disk encryption of PGP Whole Disk Encryption.

PGP Desktop Corporate encrypts email as it is received and sent without affecting the end-user email experience, securing data sent in email from unauthorized access, including administrators with access to the mail server data store.

PGP Desktop Corporate provides secure, shared file encryption without requiring changes to end-user applications, processes, and workflow or to an organization's storage infrastructure. IT backup and archiving applications remain as is.

PGP Desktop Corporate enables complete role separation among those authorized to create, change, and view content and systems administration personnel.

PGP Desktop Corporate has full disk encryption capability that provides worry-free protection against unauthorized access of private and confidential data.

What business problem does PGP Desktop Corporate solve?

Email and network file servers can contain the most sensitive customer, patient, financial, or intellect property data. Likewise, data stored on systems or removable media can be easily exposed due to system loss or theft. PGP Desktop Corporate allows organizations to meet audit and compliance requirements while securing sensitive data stored on file servers, desktop and laptop systems, and removable media.

What are the key benefits of PGP Desktop Corporate?

PGP Desktop Corporate provides the following benefits:

• Enforces email and data security policies-Used in combination with PGP Universal™ Server, PGP Desktop Corporate automatically secures email message and protected directories based on policy while locking down the entire contents of a system drive.
• Reduces operational costs, accelerates deployment-By operating in the background, PGP Desktop Corporate can be quickly deployed without the need for special user training or increased help desk calls. As a PGP Encryption Platform–enabled application, PGP Desktop Corporate can share policies across groups and quickly tailor them, allowing administrators to deploy PGP Desktop Corporate and focus on other projects.

How does PGP Desktop Corporate work?

PGP Desktop Corporate provides email, network storage, and full disk encryption in a single, integrated application combining the capabilities of three PGP® applications:

• Email encryption-Based on PGP Desktop Email, PGP Desktop Corporate operates as a local desktop mail proxy service, automatically encrypting/decrypting messages according to policy. PGP Desktop Corporate supports the two global email encryption standards, OpenPGP and S/MIME, automatically discovering keys and certificates.
• Network storage encryption-Using PGP NetShare technology, PGP Desktop Corporate operates as a Windows File Filter, enabling transparent encryption and decryption of files, including those stored over the network. PGP NetShare uses public key cryptography to protect folders and files, allowing access only to specific authorized users.
• Full disk encryption-The PGP Whole Disk Encryption engine operates at a system level between the operating system and the disk drive, providing user-transparent, sector-by-sector disk encryption and decryption. A successful pre-boot authentication unlocks the decryption key, enabling users to work without any additional changes to their experience.

When centrally managed, PGP Desktop Corporate key management, policy, and software updates are managed by PGP Universal™ Server.

What is the end-user experience?

For end users, PGP Desktop Corporate operates in the background, processing email messages based on policy, securing protected directories (local or networked), and locking down the entire contents of disk drives. If allowed by policy (or if not managed by PGP Universal Server), end users can adapt encryption policies and change configuration through the PGP Desktop Corporate application interface. When encryption operations are performed, the PGP Desktop Corporate notifier window alerts users that an encryption operation is being performed and its status.

What's new in PGP Desktop Corporate 9.9?

PGP Desktop Corporate 9.9 is a package that includes PGP Desktop Email 9.9, PGP Whole Disk Encryption 9.9 and PGP NetShare 9.9.

New features in PGP Desktop Email 9.9 include the following:

• Offline Policy Controls–Administrators can now enforce policy for offline users by controlling what happens to email when the PGP Universal Server cannot be reached by PGP Desktop.
• Expanded client controls–Enable the organization to better meet security requirements by locking down which features are enabled, visible to the user, and enforced.*
• Increased authentication options–Perform two-factor authentication using smart cards such as the RSA SID800.
• Trusted Platform Module (TPM) support–Protects encryption keys against unauthorized access.
• Rapid deployment process–Speeds deployment by automating the installation and configuration process.

New features in PGP Desktop Whole Disk Encryption 9.9 include the following:

• Expanded International Keyboard Support–Supports 38 keyboard locales.

New features in PGP NetShare 9.9 include the following:

• Centrally defined data protection–Defines policy to protect files stored in specific directories or based on application, enforcing security without impacting user behavior.*
• Remote Application Delivery–Supports data protection in Citrix and Microsoft Terminal Server sessions (Remote Desktop)

* Requires PGP Universal Server 2.9

What languages (localization) does PGP Desktop Corporate support?

The PGP Desktop Corporate user interface is localized in English, German, and Japanese.

Is the source code available for download?

Yes. To validate the integrity of its products, PGP Corporation releases all product source code, including PGP Desktop Corporate, for peer review. For more information, see PGP® Source Code.

How does PGP Desktop Corporate fit into the PGP Encryption Platform architecture?

PGP Desktop Corporate is a PGP Encryption Platform–enabled application managed by PGP Universal Server. PGP Desktop Corporate account management, key management, and policy and software update distribution are automated for all PGP Encryption Platform–enabled applications.