PGP Desktop Professional

Overview

Email and mobile computers have quickly emerged as industry-standard tools for increasing communication and user productivity. Unfortunately, unprotected email and mobile devices pose a critical risk to an enterprise's most sensitive data: customer information, financial data, trade secrets, and other proprietary information. Exposure of this data can result in financial loss, legal ramifications, and brand damage.

PGP® Desktop Professional provides a comprehensive set of encryption applications to protect sensitive data in email and instant messages and on disk or removable media. PGP Desktop Professional secures confidential data, protecting sensitive business information and helping to meet partner and regulatory mandates for information security and privacy.

• Easy, automatic operation-Protects sensitive email without changing the user experience or email application.
• Enforced security policies-Automatically enforce email and data protection with centrally managed policies.
• Accelerated deployment-Achieves end-to-end email encryption using the existing infrastructure.
• Reduced operation costs-Result from centrally automating email encryption policies.

As a PGP® Encryption Platform–enabled application, PGP Desktop Professional can be used with PGP Universal™ Server to manage existing policies, users, keys, and configurations, expediting deployment and policy enforcement. PGP Desktop Professional can also be used in combination with other PGP® encryption applications to provide multiple layers of security.

Technical Specifications

Technical Specifications

Supported Operating Systems

• Microsoft Windows Vista (all 32-bit and 64-bit versions, including Service Pack 1)
• Microsoft Windows XP Professional 32-bit (Service Pack 1, 2 and 3)
• Microsoft Windows XP Professional 64-bit (Service Pack 1 and 2)
• Microsoft Windows XP Tablet PC Edition 2005 (requires attached keyboard)
• Microsoft Windows XP Home
• Microsoft Windows 2003 Server (Service Pack 1 and 2)*
• Microsoft Windows 2000 Professional (Service Pack 4)
• Mac Pre-boot volumes: Mac OS X 10.4.10 and later (Intel-based Macs only)
• Mac Non-boot volumes: Mac OS X 10.4.X and Mac OS X 10.5.X (Intel and PPC platforms)

* Full disk encryption functionality is not supported on Windows 2000 Server or 2003 Server.

Localization

• English
• German
• Japanese

Authentication Options

• OpenPGP RFC 4880 keys
• X.509 keys

Messaging Protocols

• POP3
• IMAP
• SMTP
• MAPI
• Lotus Notes

Messaging Security Standards

• PGP/MIME RFC 3156
• OpenPGP RFC 4880
• S/MIME v3 RFC 2633
• X.509 v3

Supported Email Clients

• Microsoft Outlook 2007 SP1 (Outlook 12)
• Microsoft Outlook 2003 SP3
• Microsoft Outlook XP SP3
• Microsoft Outlook 2000 SP3
• Windows Mail 6.0.6000.16386
• Outlook Express 6
• Mozilla Thunderbird 2.0
• Lotus Notes 6.5.6, 7.0.3, 8.01 and 8.5
  
• Novell GroupWise 6.5
• Apple Mail 2.1.1 and 3.3
• Microsoft Entourage 2008

Supported IM Clients

• AOL Instant Messenger 5.9.x, 6.5.5 for Windows
• Trillian 3.1 (Basic and Pro)
• Apple iChat 3.1.x, 4.0 for Mac OS X

Symmetric Key Algorithms

• AES (up to 256-bit keys)
• CAST
• TripleDES
• IDEA
• Twofish

Symmetric Key Algorithms-PGP® Whole Disk Encryption

• AES 256-bit keys

Hashes

• SHA-2 (up to 512-bit hashes)
• SHA-1
• MD5
• RIPEMD-160

Public Key Algorithms

• Diffie-Hellman
• DSA (1024-bit keys only)
• (up to 4096-bit keys)

Centralized Management Requirements

• PGP Universal™ Server 2.9

 PGP Universal Server requires a dedicated server.

Two-Factor Authentication

Supported USB Tokens-PGP® Desktop Email, PGP® Virtual Disk, and PGP® Zip

PGP® Desktop Professional recognizes and works with the following:

• DoD Common Access Cards (CACs) with the ActivCard Gold 2.0 profile
• Oberthur Technologies ID-One Cosmo 64 V5.2D personal identification verification (PIV) smart cards
• Athena Smart Card Solutions smart cards, including the ASEKey USB token
• AET SafeSign smart cards, including ASEKey 1.0
• Axalto (formerly Schlumberger) smart cards, including the Cryptoflex 32K
• SafeNet smart cards, including iKey 2032
• Aladdin smart cards, including eToken PRO USB 16K, 32K, and 64K
• GemPlus smart cards, including SafesITe and GemXpresso Pro, using GemSafe Libraries 4.2.0-015 (Gold)

PGP Desktop Professional also recognizes and works with smart cards from other vendors if the vendor includes a standards-based PKCS-11 library in its software drivers.

Supported Pre-Boot Authentication Smart Cards and USB Tokens

The following smart card readers are supported for communicating to a smart card at pre-boot time. These readers can be used with any supported removable smart card (it is not necessary to use the same brand of smart card and reader).

Most Chip/Smart Card Interface Device (CCID) smart card readers are supported. The following readers have been tested by PGP Corporation:

• OMNIKEY CardMan 3121 USB for desktop systems (076b:3021)
  
• OMNIKEY CardMan 6121 USB for mobile systems (076b:6622)
  
• ActivIdentity USB 2.0 reader (09c3:0008)
  
• Reiner SCT CyberJack pinpad (0c4b:0100)
  
• Athena ASEDrive IIIe USB reader (0dc3:0802)
• SCM Microsystems - Smart Card Reader Model: SCR3311
  

PGP Whole Disk Encryption supports the following smart cards for pre-boot authentication:

• ActivIdentity ActivClient CAC cards, 2005 models
• Aladdin eToken 64K, 2048-bit RSA-capable¹
• Aladdin eToken PRO USB Key 32K, 2048-bit RSA-capable¹
• Aladdin eToken PRO without 2048-bit capability (older smart cards)¹
• Aladdin eToken PRO Java 72K
• Aladdin eToken NG-OTP 32K
• Athena ASEKey Crypto USB Token for Microsoft ILM²
• Athena ASECard Crypto Smart Card for Microsoft ILM²
• EMC RSA SecurID SID800 Token³
• Charismathics CryptoIdentity plug 'n' crypt Smart Card only stick
• EMC RSA Smart Card 5200
• Rainbow iKey 3000
• S-Trust StarCOS smart card 2.3⁴
• Oberthur ID-One Cosmo V5.2D personal identity verification cards using ActivClient version 6.1 client software
• Giesecke and Devrient Sm@rtCafe Expert 3.2 personal identity verification cards using ActivClient version 6.1 client software

¹ Other Aladdin eTokens, such as tokens with flash, should work provided they are APDU compatible with the supported tokens. OEM versions of Aladdin eTokens, such as those issued by VeriSign, should work provided they are APDU compatible with the supported tokens.
² Athena tokens are supported only for credential storage.
³ This token is supported only for credential storage. SecurID is not supported.
⁴ S-Trust SECCOS cards are not supported.

FAQ

General

What is PGP Desktop Professional and why is it important?

PGP Desktop Professional combines the automated desktop email encryption of PGP Desktop Email with the transparent full disk encryption of PGP Whole Disk Encryption, securing the entire contents of a disk, including system and temporary files. PGP Desktop Professional encrypts email as it is received and sent without affecting the end-user email experience. PGP Desktop Professional secures data sent in email from unauthorized access, including administrators with access to the mail server data store. PGP Desktop Professional full disk encryption capability provides worry-free protection against unauthorized access of private and confidential data.

What business problem does PGP Desktop Email solve?

Email sent to and from an organization can contain the most sensitive customer, patient, financial, or intellectual property data. Likewise, data stored on systems or removable media can be easily exposed due to system loss or theft. PGP Desktop Professional allows organizations to meet audit and compliance requirements while securing sensitive data stored on systems or removable media and sent and received through email.

What are the key benefits of PGP Desktop Professional?

PGP Desktop Professional provides the following benefits:

• Enforces email and data security policies-Used in combination with PGP Universal™ Server, PGP Desktop Professional automatically secures email messages based on centrally defined email encryption policies while locking down the entire contents of a system drive.
• Reduces operational costs, accelerates deployment-By operating in the background, PGP Desktop Professional can be quickly deployed without the need for special user training or increased help desk load. As a PGP Encryption Platform–enabled application, PGP Desktop Professional can share policies across groups and quickly tailor them, allowing administrators to deploy PGP Desktop Professional and focus on other projects.

How does PGP Desktop Professional work?

PGP Desktop Professional operates as a local desktop mail proxy service, automatically encrypting/decrypting messages according to policy. PGP Desktop Professional supports the two global email encryption standards, OpenPGP and S/MIME, automatically discovering keys and certificates. The PGP Whole Disk Encryption engine operates at a system level between the operating system and the disk drive, providing user-transparent, sector-by-sector disk encryption and decryption. A successful pre-boot authentication unlocks the decryption key, enabling users to work without any additional changes to their experience. When centrally managed, PGP Desktop Professional key management, policy, and software updates are managed by PGP Universal Server.

What is the end-user experience?

For end users, PGP Desktop Professional operates in the background, processing email messages based on policy and securing the entire contents of disk drives. If allowed by policy (or if not managed by PGP Universal Server), end users can adapt email and disk encryption policies and change configuration through the PGP Desktop Professional application interface. When encryption operations are performed, the PGP Desktop Professional notifier window alerts users that an encryption operation is being performed and its status.

What's new in PGP Desktop Professional 9.9?

PGP Desktop Professional is a package that includes both PGP Desktop Email 9.9 and PGP Whole Disk Encryption 9.9.

New features in PGP Desktop Email 9.9 include the following:

• Offline Policy Controls—Administrators can now enforce policy for offline users by controlling what happens to email when the PGP Universal Server cannot be reached by PGP Desktop.
• Expanded client controls—Enable the organization to better meet security requirements by locking down which features are enabled, visible to the user, and enforced.*
• Increased authentication options—Perform two-factor authentication using smart cards and authentication tokens such as the RSA SID800.
• Trusted Platform Module (TPM) support—Protects encryption keys against unauthorized access.
• Rapid deployment process—Speeds deployment by automating the installation and configuration process.

* Requires PGP Universal Server 2.9

New features in PGP Whole Disk Encryption 9.9 include the following:

• Mac OS X Support—Supports whole disk encryption with pre-boot authentication for Mac OS X-based systems.
• Expanded International Keyboard Support—Support 38 keyboard locales.

What languages (localization) does PGP Desktop Professional support?

The PGP Desktop Professional user interface is localized in English, German, and Japanese.

Is the source code available for download?

Yes. To validate the integrity of its products, PGP Corporation releases all product source code, including PGP Desktop Professional, for peer review. For more information, see PGP® Source Code.

How does PGP Desktop Professional fit into the PGP Encryption Platform architecture?

PGP Desktop Professional is a PGP Encryption Platform–enabled application managed by PGP Universal Server. PGP Desktop Professional account management, key management, and policy and software update distribution are automated for all PGP Encryption Platform–enabled applications.