PGP Desktop Professional

Overview

Email and mobile computers have quickly emerged as industry-standard tools for increasing communication and user productivity. Unfortunately, unprotected email and mobile devices pose a critical risk to an enterprise's most sensitive data: customer information, financial data, trade secrets, and other proprietary information. Exposure of this data can result in financial loss, legal ramifications, and brand damage.

PGP® Desktop Professional provides a comprehensive set of encryption applications to protect sensitive data in email and instant messages and on disk or removable media. PGP Desktop Professional secures confidential data, protecting sensitive business information and helping to meet partner and regulatory mandates for information security and privacy.

• Easy, automatic operation-Protects sensitive email without changing the user experience or email application.
• Enforced security policies-Automatically enforce email and data protection with centrally managed policies.
• Accelerated deployment-Achieves end-to-end email encryption using the existing infrastructure.
• Reduced operation costs-Result from centrally automating email encryption policies.

As a PGP® Encryption Platform–enabled application, PGP Desktop Professional can be used with PGP Universal™ Server to manage existing policies, users, keys, and configurations, expediting deployment and policy enforcement. PGP Desktop Professional can also be used in combination with other PGP® encryption applications to provide multiple layers of security.

Technical Specifications

Technical Specifications

Supported Operating Systems

Windows®

• Windows 7 (all 32- and 64-bit editions)
• Windows Vista (all 32- and 64-bit editions, including Service Pack 1 and 2)
• Microsoft Windows XP Tablet PC Edition 2005 (requires attached keyboard)
• Windows XP Home Edition (Service Pack 2 or 3)
• Windows XP Professional 64-bit (Service Pack 2)
• Windows XP Professional 32-bit (Service Pack 2 or 3)
• Microsoft Windows 2000 (Service Pack 4)

Note: The above operating systems are supported only when all of the latest hot fixes and security patches from Microsoft have been applied.

PGP Whole Disk Encryption (WDE) is supported on all client operating systems above as well as the following Windows Server, Mac and Linux operating systems:

Windows® Server

• Windows Server 2008 SP 1 and 2 (32- and 64-bit editions)
• Windows Server 2008 R2 (32- and 64-bit editions)
• Windows Server 2003 (Service Pack 1 and 2)
• Windows Server 2003 SP 2 (32- and 64-bit editions)

Mac OS® X

• Apple Mac OS X10.5.x or 10.6.x (Intel-based Macs only)

Linux®

• Ubuntu 8.04 and 9.04 (32-bit versions) and Red Hat Enterprise Linux/CentOS 5.2 and 5.3 (32-bit versions) **

** PGP Whole Disk Encryption for Linux is command line only

Localization

• English
• German
• Japanese
• French (France)
• Spanish (Latin America)

Authentication Options

• OpenPGP RFC 4880 keys
• X.509 keys

Symmetric Key Algorithms-PGP® Whole Disk Encryption

• AES 256-bit keys

Messaging Protocols

• POP3
• IMAP
• SMTP
• MAPI
• Lotus Notes

Messaging Security Standards

• PGP/MIME RFC 3156
• OpenPGP RFC 4880
• S/MIME v3 RFC 2633
• X.509 v3

Supported Email Clients

PGP Desktop for Windows will, in many cases, work with Internet-standards-based email clients other than those listed here. PGP Corporation, however, does not support the use of other clients. PGP Desktop for Windows has been tested with the following email clients:

• Microsoft Outlook 2007 SP1 (Outlook 12)
• Microsoft Outlook 2003 SP3
• Microsoft Outlook XP SP3
• Microsoft Windows Mail 6.0.600.16386
• Microsoft Outlook Express 6 SP1
• Windows Live Mail version 2009
• Mozilla Thunderbird 2.0
• Lotus Notes 6.5.6, 7.0.3, 8.02, 8.5
• Novell GroupWise 6.5.1

PGP Desktop will, in most cases, work without problems with any Internet-standards-based email client that runs on Mac OS X 10.5.x or Mac OS X 10.6.x.

• Apple Mail 2.1.1, 3.4, 4.1
• Microsoft Entourage 2008
  - Entourage is compatible for POP/IMAP only. "Exchange Mode" is supported when using the Entourage Scripts included with PGP Desktop. Automatic proxying is not supported with the scripts. For more information on using the scripts, see "Integrating with Entourage 2008" in the PGP Desktop for Mac OS X User's Guide.

Supported IM Clients

PGP Desktop is compatible with the following instant messaging clients when encrypting AIM instant messages, file transfers, and direct connections:

• AOL AIM 6.5.5
  - To encrypt instant messages with AIM 6.5, you must change the default port that AIM uses from 493 to 5190.
  - Audio and video connections are not encrypted by PGP Desktop.
  - Continued interoperability with the AIM service may be affected by changes made to the underlying AIM protocols.
• Trillian 3.1 (Basic and Pro)

Other instant messaging clients may work for basic instant messaging, but have not been certified for use.

Symmetric Key Algorithms

• AES (up to 256-bit keys)
• CAST
• TripleDES
• IDEA
• Twofish

Symmetric Key Algorithms-PGP® Whole Disk Encryption

• AES 256-bit keys
• AES 128-bit keys (enabled on PGP Universal Server)

Hashes

• SHA-2 (up to 512-bit hashes)
• SHA-1
• MD5
• RIPEMD-160

Public Key Algorithms

• Diffie-Hellman
• DSA (1024-bit keys only)
• (up to 4096-bit keys)

Centralized Management Requirements

PGP Whole Disk Encryption is centrally managed by PGP Universal Server which requires a dedicated hardware server. For supported hardware and other information, please refer to the PGP Universal™ Server technical specifications.

Two-Factor Authentication (Windows Only)

Compatible Smart Card Readers for PGP WDE Authentication

The following smart card readers are compatible when communicating to a smart card at pre-boot time. These readers can be used with any compatible removable smart card (it is not necessary to use the same brand of smart card and reader).

Generic smart card readers

Most CCID smart card readers are compatible. The following readers have been tested by PGP Corporation:

• OMNIKEY CardMan 3121 USB for desktop systems (076b:3021)
• OMNIKEY CardMan 6121 USB for mobile systems (076b:6622)
• ActiveIdentity USB 2.0 reader (09c3:0008)
• SCM Microsystem Smart Card Reader model SCR3311
• CyberJack smart card readers
  - Reiner SCT CyberJack pinpad (0c4b:0100).
• ASE smart card readers
  - Athena ASEDrive IIIe USB reader (0dc3:0802)
• Embedded smart card readers
  - Dell D430 embedded reader
  - Dell D630 embedded reader
  - Dell D830 embedded reader

Compatible Smart Cards or Tokens for PGP WDE Authentication (Windows Only)

PGP Whole Disk Encryption is compatible with the following smart cards for pre-boot authentication:

• ActiveIdentity ActivClientCAC cards, 2005 model
• Aladdin eToken PRO 64K, 2048 bit RSA capable
• Aladdin eToken PRO USB Key 32K, 2048 bit RSA capable
• Aladdin eToken PRO without 2048 bit capability (older smart cards)
• Aladdin eToken PRO Java 72K
• Aladdin eToken NG-OTP 32K
  Note: Other Aladdin eTokens, such as tokens with flash, should work provided they are APDU compatible with the compatible tokens. OEM versions of Aladdin eTokens, such as those issued by VeriSign, should work provided they are APDU compatible with the compatible tokens.
• Athena ASEKey Crypto USB Token
• Athena ASECard Crypto Smart Card
  Note: The Athena tokens are compatible only for credential storage.
• Axalto Cyberflex Access 32K V2
• Charismathics CryptoIdentity plug 'n' crypt Smart Card only stick
• EMC RSA SecurID SID800 Token (v1 and 2)
  Note: This token is compatible only for key storage. SecurID is not compatible.
• EMC RSA Smart Card 5200
• Marx CrypToken USB token
• Rainbow iKey 3000
• S-Trust StarCOS smart card
  Note: S-Trust SECCOS cards are not compatible.
• SafeNet iKey 2032 USB token
• T-Systems Telesec NetKey 3.0 smart card
• T-Systems TCOS 3.0 IEI smart card
• Personal Identity Verification (PIV) cards
  - Oberthur ID-One Cosmo V5.2D PIV cards using ActivClient version 6.1 client software.
  - Giesecke and Devrient Sm@rtCafe Expert 3.2 PIV cards using ActivClient version 6.1 client software.

PGP Whole Disk Encryption for Windows Operating Systems also recognizes and works with smart cards from other vendors if the vendor includes a standards-based PKCS-11 library in its software drivers.

FAQ

General

What is PGP Desktop Professional and why is it important?

PGP Desktop Professional combines the automated desktop email encryption of PGP Desktop Email with the transparent full disk encryption of PGP Whole Disk Encryption, securing the entire contents of a disk, including system and temporary files. PGP Desktop Professional encrypts email as it is received and sent without affecting the end-user email experience. PGP Desktop Professional secures data sent in email from unauthorized access, including administrators with access to the mail server data store. PGP Desktop Professional full disk encryption capability provides worry-free protection against unauthorized access of private and confidential data.

What business problem does PGP Desktop Email solve?

Email sent to and from an organization can contain the most sensitive customer, patient, financial, or intellectual property data. Likewise, data stored on systems or removable media can be easily exposed due to system loss or theft. PGP Desktop Professional allows organizations to meet audit and compliance requirements while securing sensitive data stored on systems or removable media and sent and received through email.

What are the key benefits of PGP Desktop Professional?

PGP Desktop Professional provides the following benefits:

• Enforces email and data security policies-Used in combination with PGP Universal™ Server, PGP Desktop Professional automatically secures email messages based on centrally defined email encryption policies while locking down the entire contents of a system drive.
• Reduces operational costs, accelerates deployment-By operating in the background, PGP Desktop Professional can be quickly deployed without the need for special user training or increased help desk load. As a PGP Encryption Platform–enabled application, PGP Desktop Professional can share policies across groups and quickly tailor them, allowing administrators to deploy PGP Desktop Professional and focus on other projects.

How does PGP Desktop Professional work?

PGP Desktop Professional operates as a local desktop mail proxy service, automatically encrypting/decrypting messages according to policy. PGP Desktop Professional supports the two global email encryption standards, OpenPGP and S/MIME, automatically discovering keys and certificates. The PGP Whole Disk Encryption engine operates at a system level between the operating system and the disk drive, providing user-transparent, sector-by-sector disk encryption and decryption. A successful pre-boot authentication unlocks the decryption key, enabling users to work without any additional changes to their experience. When centrally managed, PGP Desktop Professional key management, policy, and software updates are managed by PGP Universal Server.

What is the end-user experience?

For end users, PGP Desktop Professional operates in the background, processing email messages based on policy and securing the entire contents of disk drives. If allowed by policy (or if not managed by PGP Universal Server), end users can adapt email and disk encryption policies and change configuration through the PGP Desktop Professional application interface. When encryption operations are performed, the PGP Desktop Professional notifier window alerts users that an encryption operation is being performed and its status.

Is the source code available for download?

Yes. To validate the integrity of its products, PGP Corporation releases all product source code, including PGP Desktop Professional, for peer review. For more information, see PGP® Source Code.

How does PGP Desktop Professional fit into the PGP Encryption Platform architecture?

PGP Desktop Professional is a PGP Encryption Platform–enabled application managed by PGP Universal Server. PGP Desktop Professional account management, key management, and policy and software update distribution are automated for all PGP Encryption Platform–enabled applications.