PGP Desktop Instruction Manual

PGP® Desktop for Mac OS X

User's Guide

Version Information

PGP Desktop for Macintosh OS X User's Guide. PGP Desktop Version 10.1.2. Released March 2011.

Copyright Information

Copyright © 2011 by PGP Corporation. All Rights Reserved. No part of this document can be reproduced or transmitted in any form or by any
means, electronic or mechanical, for any purpose, without the express written permission of PGP Corporation.

Trademark Information

PGP, Pretty Good Privacy, and the PGP logo are registered trademarks of PGP Corporation in the US and other countries. IDEA is a trademark of
Ascom Tech AG. Windows and ActiveX are registered trademarks of Microsoft Corporation. AOL is a registered trademark, and AOL Instant
Messenger is a trademark, of America Online, Inc. Red Hat and Red Hat Linux are trademarks or registered trademarks of Red Hat, Inc. Linux is a
registered trademark of Linus Torvalds. Solaris is a trademark or registered trademark of Sun Microsystems, Inc. AIX is a trademark or registered
trademark of International Business Machines Corporation. HP-UX is a trademark or registered trademark of Hewlett-Packard Company. SSH and
Secure Shell are trademarks of SSH Communications Security, Inc. Rendezvous and Mac OS X are trademarks or registered trademarks of Apple
Computer, Inc. All other registered and unregistered trademarks in this document are the sole property of their respective owners.

Licensing and Patent Information

The IDEA cryptographic cipher described in U.S. patent number 5,214,703 is licensed from Ascom Tech AG. The CAST-128 encryption algorithm,
implemented from RFC 2144, is available worldwide on a royalty-free basis for commercial and non-commercial uses. PGP Corporation has secured a
license to the patent rights contained in the patent application Serial Number 10/655,563 by The Regents of the University of California, entitled Block
Cipher Mode of Operation for Constructing a Wide-blocksize block Cipher from a Conventional Block Cipher. Some third-party software included in PGP
Universal Server is licensed under the GNU General Public License (GPL). PGP Universal Server as a whole is not licensed under the GPL. If you would
like a copy of the source code for the GPL software included in PGP Universal Server, contact PGP Support (https://support.pgp.com). PGP Corporation
may have patents and/or pending patent applications covering subject matter in this software or its documentation; the furnishing of this software or
documentation does not give you any license to these patents.

Acknowledgments

This product includes or may include:

-- The Zip and ZLib compression code, created by Mark Adler and Jean-Loup Gailly, is used with permission from the free Info-ZIP implementation,
developed by zlib (http://www.zlib.net). -- Libxml2, the XML C parser and toolkit developed for the Gnome project and distributed and copyrighted
under the MIT License found at http://www.opensource.org/licenses/mit-license.html. Copyright © 2007 by the Open Source Initiative. -- bzip2 1.0, a
freely available high-quality data compressor, is copyrighted by Julian Seward, © 1996-2005. -- Application server (http://jakarta.apache.org/), web
server (http://www.apache.org/), Jakarta Commons (http://jakarta.apache.org/commons/license.html) and log4j, a Java-based library used to parse
HTML, developed by the Apache Software Foundation. The license is at www.apache.org/licenses/LICENSE-2.0.txt. -- Castor, an open-source,
data-binding framework for moving data from XML to Java programming language objects and from Java to databases, is released by the ExoLab
Group under an Apache 2.0-style license, available at http://www.castor.org/license.html. -- Xalan, an open-source software library from the Apache
Software Foundation that implements the XSLT XML transformation language and the XPath XML query language, is released under the Apache
Software License, version 1.1, available at http://xml.apache.org/xalan-j/#license1.1. -- Apache Axis is an implementation of the SOAP ("Simple Object
Access Protocol") used for communications between various PGP products is provided under the Apache license found at

http://www.apache.org/licenses/LICENSE-2.0.txt. -- mx4j, an open-source implementation of the Java Management Extensions (JMX), is released

under an Apache-style license, available at http://mx4j.sourceforge.net/docs/ch01s06.html. -- jpeglib version 6a is based in part on the work of the
Independent JPEG Group. (http://www.ijg.org/) -- libxslt the XSLT C library developed for the GNOME project and used for XML transformations is
distributed under the MIT License http://www.opensource.org/licenses/mit-license.html. -- PCRE Perl regular expression compiler, copyrighted and
distributed by University of Cambridge. ©1997-2006. The license agreement is at http://www.pcre.org/license.txt. -- BIND Balanced Binary Tree Library
and Domain Name System (DNS) protocols developed and copyrighted by Internet Systems Consortium, Inc. (http://www.isc.org) -- Free BSD
implementation of daemon developed by The FreeBSD Project, © 1994-2006. -- Simple Network Management Protocol Library developed and
copyrighted by Carnegie Mellon University © 1989, 1991, 1992, Networks Associates Technology, Inc, © 2001- 2003, Cambridge Broadband Ltd. ©
2001- 2003, Sun Microsystems, Inc., © 2003, Sparta, Inc, © 2003-2006, Cisco, Inc and Information Network Center of Beijing University of Posts and
Telecommunications, © 2004. The license agreement for these is at http://net-snmp.sourceforge.net/about/license.html. -- NTP version 4.2 developed
by Network Time Protocol and copyrighted to various contributors. -- Lightweight Directory Access Protocol developed and copyrighted by OpenLDAP
Foundation. OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol (LDAP). Copyright © 1999-2003, The
OpenLDAP Foundation. The license agreement is at http://www.openldap.org/software/release/license.html. Secure shell OpenSSH developed by
OpenBSD project is released by the OpenBSD Project under a BSD-style license, available at

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/LICENCE?rev=HEAD. -- PC/SC Lite is a free implementation of PC/SC, a specification for

SmartCard integration is released under the BSD license. -- Postfix, an open source mail transfer agent (MTA), is released under the IBM Public License

1.0, available at http://www.opensource.org/licenses/ibmpl.php. -- PostgreSQL, a free software object-relational database management system, is
released under a BSD-style license, available at http://www.postgresql.org/about/licence. -- PostgreSQL JDBC driver, a free Java program used to
connect to a PostgreSQL database using standard, database independent Java code, (c) 1997-2005, PostgreSQL Global Development Group, is
released under a BSD-style license, available at http://jdbc.postgresql.org/license.html. -- PostgreSQL Regular Expression Library, a free software
object-relational database management system, is released under a BSD-style license, available at http://www.postgresql.org/about/licence. --

21.vixie-cron is the Vixie version of cron, a standard UNIX daemon that runs specified programs at scheduled times. Copyright © 1993, 1994 by Paul
Vixie; used by permission. -- JacORB, a Java object used to facilitate communication between processes written in Java and the data layer, is open
source licensed under the GNU Library General Public License (LGPL) available at http://www.jacorb.org/lgpl.html. Copyright © 2006 The JacORB
Project. -- TAO (The ACE ORB) is an open-source implementation of a CORBA Object Request Broker (ORB), and is used for communication between
processes written in C/C++ and the data layer. Copyright (c) 1993-2006 by Douglas C. Schmidt and his research group at Washington University,
University of California, Irvine, and Vanderbilt University. The open source software license is available at

http://www.cs.wustl.edu/~schmidt/ACE-copying.html. -- libcURL, a library for downloading files via common network services, is open source software

provided under a MIT/X derivate license available at http://curl.haxx.se/docs/copyright.html. Copyright (c) 1996 - 2007, Daniel Stenberg. -- libuuid, a
library used to generate unique identifiers, is released under a BSD-style license, available at

http://thunk.org/hg/e2fsprogs/?file/fe55db3e508c/lib/uuid/COPYING. Copyright (C) 1996, 1997 Theodore Ts'o. -- libpopt, a library that parses command

line options, is released under the terms of the GNU Free Documentation License available at http://directory.fsf.org/libs/COPYING.DOC. Copyright ©
2000-2003 Free Software Foundation, Inc. -- gSOAP, a development tool for Windows clients to communicate with the Intel Corporation AMT chipset

on a motherboard, is distributed under the gSOAP Public License version 1.3b, available at http://www.cs.fsu.edu/~engelen/license.html. -- Windows
Template Library (WTL) is used for developing user interface components and is distributed under the Common Public License v1.0 found at

http://opensource.org/licenses/cpl1.0.php. -- The Perl Kit provides several independent utilities used to automate a variety of maintenance functions

and is provided under the Perl Artistic License, found at http://www.perl.com/pub/a/language/misc/Artistic.html. -- rEFIt - libeg, provides a graphical
interface library for EFI, including image rendering, text rendering, and alpha blending, and is distributed under the license found at

http://refit.svn.sourceforge.net/viewvc/*checkout*/refit/trunk/refit/LICENSE.txt?revision=288. Copyright (c) 2006 Christoph Pfisterer. All rights

reserved. -- Java Radius Client, used to authenticate PGP Universal Web Messenger users via Radius, is distributed under the Lesser General Public
License (LGPL) found at http://www.gnu.org/licenses/lgpl.html. -- Yahoo! User Interface (YUI) library version 2.5.2, a Web UI interface library for AJAX.
Copyright (c) 2009, Yahoo! Inc. All rights reserved. Released under a BSD-style license, available at http://developer.yahoo.com/yui/license.html. --

JSON-lib version 2.2.1, a Java library used to convert Java objects to JSON (JavaScript Object Notation) objects for AJAX. Distributed under the

Apache 2.0 license, available at http://json-lib.sourceforge.net/license.html. -- EZMorph, used by JSON-lib, is distributed under the Apache 2.0 license,
available at http://ezmorph.sourceforge.net/license.html. -- Apache Commons Lang, used by JSON-lib, is distributed under the Apache 2.0 license,
available at http://commons.apache.org/license.html. -- Apache Commons BeanUtils, used by JSON-lib, is distributed under the Apache 2.0 license,
available at http://commons.apache.org/license.html. -- SimpleIni is an .ini format file parser and provides the ability to read and write .ini files, a
common configuration file format used on Windows, on other platforms. Distributed under the MIT License found at

http://www.opensource.org/licenses/mit-license.html. Copyright 2006-2008, Brodie Thiesfield. -- uSTL provides a small fast implementation of common

Standard Template Library functions and data structures and is distributed under the MIT License found at

http://www.opensource.org/licenses/mit-license.html. Copyright (c) 2005-2009 by Mike Sharov <msharov@users.sourceforge.net>. -- Protocol Buffers

(protobuf), Google's data interchange format, are used to serialize structure data in the PGP SDK. Distributed under the BSD license found at

http://www.opensource.org/licenses/bsd-license.php. Copyright 2008 Google Inc. All rights reserved.

Additional acknowledgements and legal notices are included as part of the PGP Universal Server.

Export Information

Export of this software and documentation may be subject to compliance with the rules and regulations promulgated from time to time by the Bureau
of Export Administration, United States Department of Commerce, which restricts the export and re-export of certain products and technical data.

Limitations

The software provided with this documentation is licensed to you for your individual use under the terms of the End User License Agreement provided
with the software. The information in this document is subject to change without notice. PGP Corporation does not warrant that the information meets
your requirements or that the information is free of errors. The information may include technical inaccuracies or typographical errors. Changes may be
made to the information and incorporated in new editions of this document, if and when made available by PGP Corporation.

Unsupported Third Party Products

By utilizing third party products, software, drivers, or other components ("Unsupported Third Party Product") to interact with the PGP software and/or by
utilizing any associated PGP command or code provided by to you by PGP at its sole discretion to interact with the Unsupported Third Party Product
("PGP Third Party Commands"), you acknowledge that the PGP software has not been designed for or formally tested with the Unsupported Third Party
Product, and therefore PGP provides no support or warranties with respect to the PGP Third Party Commands or the PGP software's compatibility with
Unsupported Third Party Products. THE PGP THIRD PARTY COMMANDS ARE PROVIDED "AS IS," WITH ALL FAULTS, AND THE ENTIRE RISK AS TO
SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH YOU. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE
LAW, PGP DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS, WHETHER EXPRESS OR IMPLIED, INCLUDING ANY
WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NONINFRINGEMENT, QUIET
ENJOYMENT, AND ACCURACY WITH RESPECT TO THE PGP THIRD PARTY COMMANDS OR THE PGP SOFTWARE'S COMPATIBILITY WITH THE
UNSUPPORTED THIRD PARTY PRODUCT.

4

Contents

About PGP Desktop 10.1 for Mac OS X

What's New in PGP Desktop for Mac OS X Version 10.1 1
Using this Guide 3

“Managed” versus “Unmanaged” Users 3

Conventions Used in This Guide 4
Who Should Read This Document 4
About PGP Desktop Licensing 4

About PGP Desktop Licensing 5

Checking License Details 5

If Your License Has Expired 7
Getting Assistance 7

Getting product information 8

Contact Information 8

1

PGP Desktop Basics 9

PGP Desktop Terminology 9

PGP Product Components 9

Terms Used in PGP Desktop 10
Conventional and Public Key Cryptography 12
Using PGP Desktop for the First Time 13

Installing PGP Desktop 17

System Requirements 17
Installing and Configuring PGP Desktop 17

Installing the Software 17

Using PGP Desktop with Apple Boot Camp 18

Upgrading the Software 19

Licensing PGP Desktop 21

Running the Setup Assistant 21

Integrating with Entourage 2008 22
Uninstalling PGP Desktop 22
Moving Your PGP Desktop Installation from One Computer to Another 23

The PGP Desktop User Interface 25

Accessing PGP Desktop Features 25

PGP Desktop Main Screen 26

Using the PGP Desktop Icon in the Menu Bar 27

Using the PGP Dock Icon 28

Using the Mac OS X Finder 29
PGP Desktop Notifier alerts 30

i

PGP® Desktop for Mac OS X Contents

PGP Desktop Notifier for Messaging 30
PGP Desktop and the Finder 35

Overview 35

Encrypt, Sign, or Encrypt and Sign 36

Shred 37

Decrypt/Verify 38

Mount or Unmount a PGP Virtual Disk Volume 39

Import a PGP Key 39

Add PGP Public Keys to Your Keyring 40

Extract the Contents of a PGP Zip Archive 40
Viewing the PGP Log 41

Working with PGP Keys 43

Viewing Keys 44

Creating a Smart Keyring 45
Creating a Keypair 46

Expert Mode Key Settings 48
Protecting Your Private Key 49

Protecting Keys and Keyrings 49

Backing up Your Private Key 50

What if You Lose Your Key? 51
Distributing Your Public Key 51

Placing Your Public Key on a Keyserver 52

Including Your Public Key in an Email Message 53

Exporting Your Public Key to a File 53
Getting the Public Keys of Others 54

Getting Public Keys from a Keyserver 54

Getting Public Keys from Email Messages 55
Working with Keyservers 56
Using Master Keys 57

Adding Keys to the Master Key List 57

Deleting Keys from the Master Key List 58

Managing PGP Keys 59

Examining and Setting Key Properties 59
Adding and Removing Photographs 60
Managing User Names and Email Addresses on a Key 61
Importing Keys and X.509 Certificates 62

Importing X.509 Certificates Included in S/MIME Email Messages 63
Changing Your Passphrase 63
Deleting Keys, User IDs, and Signatures 64
Disabling and Enabling Public Keys 65
Verifying a Public Key 65
Signing a Public Key 66

Revoking Your Signature from a Public Key 68
Granting Trust for Key Validations 68

To grant trust to a key 69
Working with Subkeys 69

ii

PGP® Desktop for Mac OS X Contents

Using Separate Subkeys 71

Viewing Subkeys 71

Creating New Subkeys 72

Specifying Key Usage for Subkeys 72

Revoking Subkeys 73

Removing Subkeys 73
Working with ADKs 74

Adding an ADK to a Keypair 74

Updating an ADK 75

Removing an ADK 75
Working with Revokers 75

Appointing a Designated Revoker 76

Revoking a Key 76
Splitting and Rejoining Keys 77

Creating a Split Key 77

Rejoining Split Keys 78
If You Lost Your Key or Passphrase 80

Reconstructing Keys with PGP Universal Server 80

Creating Key Reconstruction Data 80

Reconstructing Your Key if You Lost Your Key or Passphrase 82
Protecting Your Keys 83

Securing Email Messages 85

How PGP Desktop Secures Email Messages 85

Incoming Messages 86

Understanding Annotations on Incoming Messages 87

Outgoing Messages 88

Securing Sent Items on IMAP Email Servers 88
Using Offline Policy 89
Services and Policies 90

Viewing Services and Policies 91

Creating a New Messaging Service 92

Editing Message Service Properties 94

Disabling or Enabling a Service 95

Deleting a Service 95

Multiple Services 96

Troubleshooting PGP Messaging Services 96
Creating a New Security Policy 98

Regular Expressions in Policies 103

Security Policy Information and Examples 105
Working with the Security Policy List 108

Editing a Security Policy 108

Editing a Mailing List Policy 108

Deleting a Security Policy 113

Changing the Order of Policies in the List 113
PGP Desktop and SSL 113
Key Modes 115

Determining Key Mode 116

Changing Key Mode 117

iii

PGP® Desktop for Mac OS X Contents

Viewing the PGP Log 118
Using PGP Scripts with Entourage 2008 119

Securing Instant Messaging 121

About PGP Desktop’s Instant Messaging Compatibility 121

Instant Messaging Client Compatibility 122
About the Keys Used for Encryption 123
Encrypting your IM Sessions 123

Viewing Email with PGP Viewer 125

Overview of PGP Viewer 125

Supported Email Clients 126
Opening an Encrypted Email Message or File 126
Copying Email Messages to Your Inbox 127
Exporting Email Messages 128
PGP Viewer Preferences 128
Security Features in PGP Viewer 129

Protecting Disks with PGP Whole Disk Encryption 131

About PGP Whole Disk Encryption 132

Encrypting Boot Disks 133

How does PGP WDE Differ from PGP Virtual Disk? 134
Licensing PGP Whole Disk Encryption 134

License Expiration 135
Prepare Your Disk for Encryption 135

Supported Disk Types 136

Supported Keyboards 136

Ensure Disk Health Before Encryption 137

Calculate the Encryption Duration 138

Run a Pilot Test to Ensure Software Compatibility 138
Determine the Authentication Method for the Disk 138
Encrypting a Disk 139

Supported Characters 140

Encrypting the Disk 140

Encountering Disk Errors During Encryption 143
Using a PGP-WDE Encrypted Disk 143

Authenticating at the PGP BootGuard Screen 144
Maintaining the Security of Your Disk 145

Viewing Key Information on an Encrypted Disk 145

Modifying the System Partition 145

Adding Other Users to an Encrypted Disk 145

Deleting Users From an Encrypted Disk 146

Changing User Passphrases 147

Re-Encrypting an Encrypted Disk 147

Backing Up and Restoring 148

Uninstalling PGP Desktop from Encrypted Disks 148

iv

PGP® Desktop for Mac OS X Contents

Using PGP WDE in a PGP Universal Server-Managed Environment 149

PGP Whole Disk Encryption Administration 149

Creating a Recovery Token 150

Using a Recovery Token 150
Recovering Data From an Encrypted Drive 151

Creating and Using Recovery Disks 151
Decrypting a PGP WDE-Encrypted Disk 152
Moving Removable Disks to Other Systems 153
Accessing Data on Encrypted Removable Disks 153
Special Security Precautions Taken by PGP Desktop 154

Passphrase Erasure 154

Virtual Memory Protection 154

Memory Static Ion Migration Protection 154

Other Security Considerations 155
Technical Details About Encrypting Boot Disks 156

Using PGP Virtual Disks 157

About PGP Virtual Disks 158
Creating a New PGP Virtual Disk 159
Viewing the Properties of a PGP Virtual Disk 162
Using a Mounted PGP Virtual Disk 162

Mounting a PGP Virtual Disk 163

Unmounting a PGP Virtual Disk 163

Set Mount Location 164

Compacting a PGP Virtual Disk 164

Re-Encrypting PGP Virtual Disks 165
Working with Alternate Users 166

Adding Alternate User Accounts to a PGP Virtual Disk 166

Deleting Alternate User Accounts From a PGP Virtual Disk 166

Disabling and Enabling Alternate User Accounts 167

Changing Read/Write and Read-Only Status 167

Granting Administrator Status to an Alternate User 168
Changing User Passphrases 168
Deleting PGP Virtual Disks 169
Maintaining PGP Virtual Disks 169

Mounting PGP Virtual Disk Volumes on a Remote Server 170

Backing up PGP Virtual Disk Volumes 170

Exchanging PGP Virtual Disks 171
The PGP Virtual Disk Encryption Algorithms 171
Special Security Precautions Taken by PGP Virtual Disk 172

Passphrase Erasure 172

Virtual Memory Protection 173

Memory Static Ion Migration Protection 173

Other Security Considerations 173

Accessing Mobile Data with PGP Portable 175

Accessing Data on a PGP Portable Disk 175

Changing the Passphrase for a PGP Portable Disk 177

v

PGP® Desktop for Mac OS X Contents

Unmounting a PGP Portable Disk 177

Using PGP Zip 179

Overview 179
Creating PGP Zip Archives 180
Opening a PGP Zip Archive 181
Verifying Signed PGP Zip Archives 182

Shredding Files with PGP Shredder 183

Using PGP Shredder to Permanently Delete Files and Folders 183

Shredding Files using the PGP Shredder icon 184

Shredding Files using the Shred Files Icon in the PGP Desktop Toolbar 185

Shredding Files using the Shred Command from the File menu 185

Shredding Files in the Finder 185

Setting PGP Desktop Preferences 187

Accessing PGP Desktop Preferences 187
General Preferences 188
Keys Preferences 189
Master Keys Preferences 191
Messaging Preferences 192

Proxy Options 194
Disk Preferences 196
Notifications Preferences 198
Advanced Preferences 200

Working with Passwords and Passphrases 201

Choosing whether to use a password or passphrase 201
The Passphrase Quality Bar 202
Creating Strong Passphrases 203
What if You Forget Your Passphrase? 205
Saving Your Passphrase in the Keychain 205

Using PGP Desktop with PGP Universal Server 207

Overview 207
For PGP Administrators 208
Manually binding to a PGP Universal Server 209

Index 211

vi

About PGP Desktop 10.1

1

for Mac OS X

PGP Desktop is a security tool that uses cryptography to protect your data
against unauthorized access.

PGP Desktop protects your data while being sent by email or by instant
messaging (IM). It lets you encrypt your entire hard drive or hard drive partition
(on Windows systems)—so everything is protected all the time—or just a
portion of your hard drive, via a virtual disk on which you can securely store your
most sensitive data. You can use it to share your files and folders securely with
others over a network. It lets you put any combination of files and folders into
an encrypted, compressed package for easy distribution or backup. Finally, use
PGP Desktop to shred (securely delete) sensitive files—so that no one can
retrieve them—and shred free space on your hard drive, so there are no
unsecured remains of any files.

Use PGP Desktop to create PGP keypairs and manage both your personal
keypairs and the public keys of others.

To make the most of PGP Desktop, you should be familiar with PGP Desktop
Terminology (on page
public-key cryptography, as described in Conventional and Public Key
Cryptography (on page

9). You should also understand conventional and

12).

In This Chapter

What's New in PGP Desktop for Mac OS X Version 10.1 ........................ 1

Using this Guide ........................................................................................ 3

Who Should Read This Document ............................................................ 4

About PGP Desktop Licensing .................................................................. 4

Getting Assistance .................................................................................... 7

What's New in PGP Desktop for Mac OS X Version 10.1

Building on PGP Corporation’s proven technology, PGP Desktop 10.1 for Mac
OS X includes numerous improvements and the following new and resolved
features.

1

PGP® Desktop for Mac OS X About PGP Desktop 10.1 for Mac OS X

Messaging

 Improvements have been made to annotations. In a PGP Universal

Server-managed environment, your administrator can now specify where
the email annotation will be, such as end of message rather than wrapped
around the message.

 You can now protect sent message copies for IMAP accounts (available for

standalone installations only) to provide additional security so you can
protect sensitive emails that you have sent using your IMAP account.
Choose to Encrypt, Encrypt and Sign, or Sign Only messages as they
are copied to your IMAP Sent Items mailbox.

 In a managed environment, your PGP Universal Server administrator can

set policy to enable you to decide if you want to perform signature
verification on email messages. If enabled, a new button and/or menu
option appears in your Microsoft Outlook or Lotus Notes email client. The
button or option will be in the default state set by your administrator but
you can choose to override this setting.

 In a managed environment, your PGP Universal Server administrator may

have specified certain PGP Notifier settings (for example, whether
notifications are to be displayed or the location of the notifier).

 X.509 certificates included in an S/MIME email message sent to you can

now be imported to your key ring. The same settings you have specified
when public keys are found apply to these certificates. If specified, PGP
Desktop extracts and then imports the X.509 certificate to your keyring. If
you want to encrypt email using imported certificates, be sure to manually
sign the certificate.

 In a managed environment, your PGP Universal Server administrator may

have specified a setting so that additional information is included in the
Non-Delivery Receipt when a message is blocked. If PGP Desktop is
unable to find a key for one or more of the recipients in a group list, the
email addresses are listed in the Error Details of the Non-Delivery Receipt.

PGP Portable

 A link for More Info is now available on the PGP Portable dialog box

displayed when you access data on the device. Your browser launches and
the PGP Corporation Support site page is displayed.

 You can now view available disk space and total size of the PGP Portable

Disk once the disk has been mounted. When you move your cursor over
the dock item for a few seconds, the PGP Notifier message appears and
displays the mount status of the PGP Portable Disk as well as the updated
disk space information.

2

PGP® Desktop for Mac OS X About PGP Desktop 10.1 for Mac OS X

PGP Whole Disk Encryption

 AES-128 and AES-256 cipher algorithm for PGP Desktop for Mac OS X

have been enhanced to improve performance of encryption and decryption
times as well as disk access times for encrypted disks.

 Enhancement to force the encryption of boot drives, by policy. This

includes forcing encryption if policy changed (for example, you previously
did not have to encrypt boot drives, and your administrator modified policy
to require encryption).

Using this Guide

This Guide provides information on configuring and using the components
within PGP Desktop. Each chapter of the guide is devoted to one of the
components of PGP Desktop.

“Managed” versus “Unmanaged” Users

A PGP Universal Server can be used to control the policies and settings used by
components of PGP Desktop. This is often the case in enterprises using PGP
software. PGP Desktop users in this configuration are known as managed
users, because the settings and policies available in their PGP Desktop software
are pre-configured by a PGP administrator and managed using a PGP Universal
Server. If you are part of a managed environment, your company may have
specific usage requirements. For example, managed users may or may not be
allowed to send plaintext email, or may be required to encrypt their disk with
PGP Whole Disk Encryption.

Users not under the control of a PGP Universal Server are called unmanaged or
standalone users.

This document describes how PGP Desktop works in both situations; however,
managed users may discover while working with the product that some of the
settings described in this document are not available in their environments. For
more information, see Using PGP Desktop with PGP Universal Server (on page

207).

Features Customized by Your PGP Universal Server Administrator

If you are using PGP Desktop as a "managed" user in a PGP Universal
Server-managed environment, there are some settings that can be specified by
your administrator. These settings may change the way features are displayed
in PGP Desktop.

3

PGP® Desktop for Mac OS X About PGP Desktop 10.1 for Mac OS X

 Disabled features. Your PGP Universal Server administrator can enable or

disable specific functionality. For example, your administrator may disable
the ability to create PGP Zip archives, or to create PGP NetShare protected
folders (on Windows systems).

When a feature is disabled, the control item in the left side is not displayed
and the menu for that feature is not available. The graphics included in this
guide depict the default installation with all features enabled. The PGP
Desktop interface may look different if your administrator has customized
the features available.

Conventions Used in This Guide

Notes, Cautions, and Warnings are used in the following ways.

Notes: Notes are extra, but important, information. A Note calls your

attention to important aspects of the product. You will be able to use the
product better if you read the Notes.

Cautions: Cautions indicate the possibility of loss of data or a minor security

breach. A Caution tells you about a situation where problems could occur
unless precautions are taken. Pay attention to Cautions.

Warnings: Warnings indicate the possibility of significant data loss or a major

security breach. A Warning means serious problems are going to happen
unless you take the appropriate action. Please take Warnings very seriously.

Who Should Read This Document

This document is for anyone who is going to be using the PGP Desktop for Mac
OS X software to protect their data.

Note: If you are new to cryptography and would like an overview of the

terminology and concepts in PGP Desktop, see An Introduction to
Cryptography (it was installed onto your computer when you installed PGP

Desktop).

About PGP Desktop Licensing

A license is used within the PGP software to enable the functionality you
purchased, and sets the expiration of the software. Depending on the license
you have, some or all of the PGP Desktop family of applications will be active.
Once you have entered the license, you must then authorize the software with
PGP Corporation, either manually or online.

4

PGP® Desktop for Mac OS X About PGP Desktop 10.1 for Mac OS X

There are three types of licenses:

 Evaluation: This type of license is typically time-delimited and may not

include all PGP Desktop functionality.

 Subscription: This type of license is typically valid for a subscription period

of one year. During the subscription period, you receive the current version
of PGP software and all upgrades and updates released during this period.

 Perpetual: This type of license allows you to use PGP Desktop indefinitely.

With the addition of the annual Software Insurance policy, which must be
renewed annually, you also receive all upgrades and updates released
during the policy term.

About PGP Desktop Licensing

To license PGP Desktop Do one of the following:

 If you are a managed user, you are most likely already using a licensed

copy of PGP Desktop. Check your license details as described in Checking
License Details (on page
administrator.

5). If you have questions, please contact your PGP

 If you are an unmanaged user, or a PGP administrator, check your license

details as described in Checking License Details (on page
authorize your copy of PGP Desktop, do so as described in Authorizing PGP
Desktop for Mac OS X (see "
page

Checking License Details

 To see the details of your PGP Desktop license:

1 Open PGP Desktop.

2 From the PGP menu, select License. The License Information dialog box is

displayed. This dialog box displays:

 Name: The name your license is registered to.

 Organization: The organization your license is registered to.

 Email: The email address associated with your license.

 Type: The type of license you have, Enterprise or Home.

5). If you need to

Authorizing PGP Desktop or Mac OS X" on

6).

5

PGP® Desktop for Mac OS X About PGP Desktop 10.1 for Mac OS X

3 Click Details. The details of your license are displayed.

 Expiration Date: The date your license expires.

 Number of Seats: The number of seats available for this license.

 Enabled Features: The components that are active in your license.

 Disabled Features: The components that are not active in your

license.

Note: If you do not authorize your copy of PGP Desktop, only limited features

are available to you (PGP Zip and Keys).

Authorizing PGP Desktop or Mac OS X

If you need to change to a new license number, or if you skipped the license
authorization process during configuration, follow these instructions to authorize
your software.

 Before you begin

If you purchased PGP Desktop, you received an order confirmation with
licensing information.

1 OpenPGP Desktop.

2 From the PGP menu, select License.

3 Click Change License.

4 Type the Name and Organization exactly as specified in your order

confirmation.

5 Type the Email address you want to assign to the licensing of the product.

6 Do one of the following:

 Type your 28-character license number in the License Number fields

(for example, DEMO1-DEMO2-DEMO3-DEMO4-DEMO5-ABC).

6

PGP® Desktop for Mac OS X About PGP Desktop 10.1 for Mac OS X

Note: To avoid typing errors and make the authorization easier, copy the

entire license number, put the cursor in the first “License Number” field,
and paste. Your license number will be correctly entered into all six

License Number fields.

 To purchase a PGP Desktop license, select Purchase Now. A Web

browser opens so you can access the online PGP Store.

7 Click Authorize.

8 When your license is authorized, click OK to complete the process.

Resolving License Authorization Errors

If you receive any error messages while authorizing your software, the ways to
resolve this issue vary based on the error message. See the HOWTO: License
PGP Desktop 10.1 section in the PGP Support Portal (
for suggestions.

https://support.pgp.com)

If Your License Has Expired

If your PGP Desktop license has expired, you will receive a PGP License
Expiration message when you launch PGP Desktop. See the following sections
for information on how an expired license affects the functionality of PGP
Desktop.

PGP Desktop Email

 Outgoing email messages are no longer sent encrypted.

PGP Virtual Disk

 PGP Virtual Disks are still accessible in Read-Only mode. Read-Only allows

data to be copied from a PGP Virtual Disk, however no data can be copied
to a PGP Virtual Disk.

PGP Whole Disk Encryption

Any fixed disks that have been encrypted with PGP Desktop are automatically
decrypted 90 days after the license expiration date.

Getting Assistance

For additional resources, see these sections.

7

PGP® Desktop for Mac OS X About PGP Desktop 10.1 for Mac OS X

Getting product information

Unless otherwise noted, online help is installed and is available within the PGP
Desktop product. Release notes are also available, which may have last-minute
information not found in the product documentation. The users guide and quick
start guides, provided as Adobe Acrobat PDF files, are available on the
Documentation (
Portal.

Once PGP Desktop is released, additional information regarding the product is
entered into the online Knowledge Base available on the PGP Support Portal

Web Site (

https://pgp.custhelp.com/app/docs) section on the PGP Support

https://support.pgp.com).

Contact Information

Contacting Technical Support

 To learn about PGP support options and how to contact PGP Technical

Support, please visit the PGP Corporation Support Home Page

https://support.pgp.com).

(

 To access the PGP Support Knowledge Base or request PGP Technical

Support, please visit PGP Support Portal Web Site
(https://support.pgp.com). Note that you may access portions of the

PGP Support Knowledge Base without a support agreement;
however, you must have a valid support agreement to request
Technical Support.

 To access the PGP Support forums, please visit PGP Support

http://forum.pgp.com). These are user community support forums hosted

(
by PGP Corporation.

Contacting Customer Service

 For help with orders, downloads, and licensing, please visit PGP

Corporation Customer Service (

https://pgp.custhelp.com/app/cshome).

Contacting Other Departments

 For any other contacts at PGP Corporation, please visit the PGP Contacts

Page (

http://www.pgp.com/about_pgp_corporation/contact/index.html).

 For general information about PGP Corporation, please visit the PGP Web

Site (

http://www.pgp.com).

8

PGP Desktop Basics

2

This section describes the PGP Desktop terminology and provides some
high-level conceptual information on cryptography.

In This Chapter

PGP Desktop Terminology ........................................................................ 9

Conventional and Public Key Cryptography............................................. 12

Using PGP Desktop for the First Time .................................................... 13

PGP Desktop Terminology

To make the most of PGP Desktop, you should be familiar with the terms in the
following sections.

PGP Product Components

PGP Desktop and its components are described in the following list. Depending
on your license, you may not have all functionality available. For more
information, see About PGP Desktop Licensing (on page

 PGP Desktop: A software tool that uses cryptography to protect your data

against unauthorized access. PGP Desktop is available for Mac OS X and
Windows.

 PGP Messaging: A feature of PGP Desktop that automatically and

transparently supports all of your email clients through policies you
control. PGP Desktop accomplishes this using a new proxy
technology; the older plug-in technology is also available. PGP
Messaging also protects many IM clients, such as AIM and iChat
(both users must have PGP Messaging enabled).

 PGP Whole Disk Encryption: Whole Disk Encryption is a feature of

PGP Desktop that encrypts your entire hard drive or partition (on
Windows systems), including your boot record, thus protecting all
your files when you are not using them. You can use PGP Whole Disk
Encryption and PGP Virtual Disk volumes on the same system. On
Windows systems, you can protect whole disk encrypted drives with
a passphrase or with a keypair on a USB token for added security.

5).

9

PGP® Desktop for Mac OS X PGP Desktop Basics

 PGP NetShare: A feature of PGP Desktop for Windows with which

you can securely and transparently share files and folders among
selected individuals. PGP NetShare users can protect their files and
folders simply by placing them within a folder that is designated as
protected.

 PGP Keys: A feature of PGP Desktop that gives you complete control

over both your own PGP keys, and the keys of those persons with
whom you are securely exchanging email messages.

 PGP Virtual Disk volumes: PGP Virtual Disk volumes are a feature of

PGP Desktop that let you use part of your hard drive space as an
encrypted virtual disk. You can protect a PGP Virtual Disk volume with
a key or a passphrase. You can even create additional users for a
volume, so that people you authorize can also access the volume. The
PGP Virtual Disk feature is especially useful on laptops, because if
your computer is lost or stolen, the sensitive data stored on the PGP
Virtual Disk is protected against unauthorized access.

 PGP Shred: A feature of PGP Desktop that lets you securely delete

data from your system. PGP Shred overwrites files so that even file
recovery software cannot recover them.

 PGP Viewer: Use PGP Viewer decrypt, verify, and display

messages outside the mail stream

 PGP Zip: A feature of PGP Desktop that lets you put any combination

of files and folders into a single encrypted, compressed package for
convenient transport or backup. You can encrypt a PGP Zip archive to
a PGP key or to a passphrase.

 PGP Universal: A tool for enterprises to automatically and transparently

secure email messaging for their employees. If you are using PGP Desktop
in a PGP Universal Server-managed environment, your messaging policies
and other settings may be controlled by your organization’s PGP
administrator.

 PGP Global Directory: A free, public keyserver hosted by PGP

Corporation. The PGP Global Directory provides quick and easy access
to the universe of PGP keys. It uses next-generation keyserver
technology that queries the email address on a key (to verify that the
owner of the email address wants their key posted) and lets users
manage their own keys. Using the PGP Global Directory significantly
enhances your chances of finding a valid public key of someone to
whom you want to send secured messages. PGP Desktop is
designed to work closely with the PGP Global Directory.

Terms Used in PGP Desktop

Before you use PGP Desktop, you should be familiar with the following terms:

10

PGP® Desktop for Mac OS X PGP Desktop Basics

 Decrypting: The process of taking encrypted (scrambled) data and making

it meaningful again. When you receive data that has been encrypted by
someone using your public key, you use your private key to decrypt the
data.

 Encrypting: The process of scrambling data so that if an unauthorized

person gets access to it, they cannot do anything with it. The data is so
scrambled, it’s meaningless.

 Signing: The process of applying a digital signature to data using your

private key. Because data signed by your private key can be verified only by
your public key, the ability to verify signed data with your public key proves
that your private key signed the data and thus proves the data is from you.

 Verifying: The process of proving that the private key was used to digitally

sign data by using that person’s public key. Because data signed by a
private key can only be verified by the corresponding public key, the fact
that a particular public key can verify signed data proves the signer was the
holder of the private key.

 Keypair: A private key/public key combination. When you create a PGP

“key”, you are actually creating a keypair. As your keypair includes your
name and your email address, in addition to your private and public keys, it
might be more helpful to think of your keypair as your digital ID—it
identifies you in the digital world as your driver’s license or passport
identifies you in the physical world.

 Private key: The key you keep very, very private. Only your private key can

decrypt data that was encrypted using your public key. Also, only your
private key can create a digital signature that your public key can verify.

Caution: Do not give your private key, or its passphrase, to anyone! And

keep your private key safe.

 Public key: The key you distribute to others so that they can send

protected messages to you (messages that can only be decrypted by your
private key) and so they can verify your digital signature. Public keys are
meant to be widely distributed.

Your public and private keys are mathematically related, but there’s no way
to figure out your private key if someone has your public key.

 Keyserver: A repository for keys. Some companies host keyservers for the

public keys of their employees, so other employees can find their public
keys and send them protected messages. The PGP Global Directory

https://keyserver.pgp.com) is a free, public keyserver hosted by PGP

(
Corporation.

11

PGP® Desktop for Mac OS X PGP Desktop Basics

 Smart cards and tokens: Smart cards and tokens are portable devices on

which you can create your PGP keypair or copy your PGP keypair. Creating
your PGP keypair on a smart card or token adds security by requiring
possession of the smart card or token in order to encrypt, sign, decrypt, or
verify. So even if an unauthorized person gains access to your computer,
your encrypted data is secure because your PGP keypair is with you on
your smart card or token. Copying your PGP keypair to a smart card or
token is a good way to use it away from your main system, back it up, and
distribute your public key. Smart cards and tokens are not available for key
storage when used with PGP Desktop for Mac OS X.

Conventional and Public Key Cryptography

Conventional cryptography uses the same passphrase to encrypt and decrypt

data. Conventional cryptography is great for data that isn’t going anywhere
(because it encrypts and decrypts quickly). However, conventional cryptography
is not as well suited for situations where you need to send encrypted data to
someone else, especially if you want to send encrypted data to someone you
have never met.

Public-key cryptography uses two keys (called a keypair) for encrypting and
decrypting. One of these two keys is your private key; and, like the name
suggests, you need to keep it private. Very, very private. The other key is your
public key, and, like its name suggests, you can share it with the general public.
In fact, you’re supposed to share.

Public-key cryptography works this way: let’s say you and your cousin in
another city want to exchange private messages. Both of you have PGP
Desktop. First, you both need to create your keypair: one private key and one
public key. Your private key you keep secret, your public key you send to a
public keyserver like the PGP Global Directory (keyserver.pgp.com), which is a
public facility for distributing public keys. (Some companies have their own
private keyservers.)

Once the public keys are on the keyserver, you can go back to the keyserver
and get your cousin’s public key, and she can go to the keyserver and get yours
(there are other ways to exchange public keys; for more information, see
Working with PGP Keys (on page
encrypted email message that only your cousin can decrypt, you encrypt it
using your cousin’s public key. What makes this work is that only your cousin’s
private key can decrypt a message that was encrypted using her public key.
Even you, who have her public key, cannot decrypt the message once it has
been encrypted using her public key. Only the private key can decrypt data

that was encrypted with the corresponding public key.

Your public and private keys are mathematically related, but there’s no feasible
way to figure out someone’s private key if you just have a public key.

43)). This is important because to send an

12

PGP® Desktop for Mac OS X PGP Desktop Basics

Using PGP Desktop for the First Time

PGP Corporation recommends the following procedure for getting started with
PGP Desktop:

1 Install PGP Desktop on your computer.

If you are a corporate user, your PGP administrator may have specific
installation instructions for you to follow or may have configured your PGP
installer with certain settings. Either way, this is the first step.

2 Let the Setup Assistant be your guide.

To help you get started, after you install PGP Desktop and reboot your
computer, the Setup Assistant is displayed. It assists with:

 Licensing PGP Desktop

 Creating a keypair—with or without subkeys (if you do not already

have a keypair).

 Publishing your public key on the PGP Global Directory.

 Enabling PGP Messaging

 Giving you a quick overview of other features.

If your PGP Desktop installer application was configured by a PGP
administrator, the Setup Assistant may perform other tasks.

3 Exchange public keys with others.

After you have created a keypair, you can begin sending and receiving
secure messages with other PGP Desktop users (once you have
exchanged public keys with them). You can also use the PGP Desktop
disk-protection features.

Exchanging public keys with others is an important first step. To send them
secure messages, you need a copy of their public key, and to reply with a
secure message, they need a copy of your public key. If you did not upload
your public key to the PGP Global Directory using the Setup Assistant, do
so now. If you do not have the public key for someone to whom you want
to send messages, the PGP Global Directory is the first place to look. PGP
Desktop does this for you—when you send email, it finds and verifies the
keys of other PGP Desktop users automatically. It then encrypts your
message to the recipient public key, and sends the message.

4 Validate the public keys you get from untrusted keyservers.

13

PGP® Desktop for Mac OS X PGP Desktop Basics

When you get a public key from an untrusted keyserver, try to make sure
that it has not been tampered with, and that the key really belongs to the
person it names. To do this, use PGP Desktop to compare the unique
fingerprint on your copy of someone’s public key to the fingerprint on that
person’s key (a good way to do that is by telephoning the key’s owner and
having them read you the fingerprint information so that you can compare
it). Keys from trusted keyservers like the PGP Global Directory have already
been verified.

5 Start securing your email, files, and instant message (IM) sessions.

After you have generated your keypair and exchanged public keys, you can
begin encrypting, decrypting, signing, and verifying email messages and
files. The secure IM chat session feature generates its own keys
automatically, so you can use this feature even before you generate your
keypair. The only requirement is that you must be chatting with another
PGP Desktop user for the chat session to be secured.

6 Watch for information boxes from the PGP Desktop Notifier feature to

appear.

As you send or receive messages, or perform other PGP Desktop
functions, the PGP Desktop Notifier feature displays information boxes that
appear in whichever corner of the screen you specify. These PGP Notifier
boxes tell you the action that PGP Desktop took, or will take. After you
grow familiar with the process of sending and receiving messages, you can
change options for the PGP Notifier feature—or turn it off.

7 After you have sent or received some messages, check the logs to

make sure everything is working correctly.

If you want more information than the Notifier feature displays, the PGP
Log provides detailed information about all messaging operations.

8 Modify your messaging policies, if necessary.

Email messages are sent and received—automatically and seamlessly—if
PGP Desktop messaging policies are configured correctly. If your message
recipient has a key on the PGP Global Directory the default PGP Desktop
policies provide opportunistic encryption. Opportunistic encryption means
that, if PGP Desktop has what it needs (such as the recipient's verified
public key) to encrypt the message automatically, then it does so.
Otherwise, it sends the message in clear text (unencrypted). The default
PGP Desktop policies also provide optional forced encryption. This means
that, if you include the text “[PGP]” in the Subject line of a message, then
the message must be sent securely. If verified keys cannot be found, then
the message is not sent, and a Notifier box alerts you.

9 Start using the other features in PGP Desktop.

Along with its messaging features, you can also use PGP Desktop to
secure the disks that you work with:

14

PGP® Desktop for Mac OS X PGP Desktop Basics

 Use PGP Whole Disk Encryption to encrypt a boot disk, disk partition

(on Windows systems), external disk, or USB thumb drive. All files on
the disk or partition are secured — encrypted and decrypted on the fly
as you use them. The process is completely transparent to you.

 Use PGP Virtual Disk to create a secure “virtual hard disk.” You can

use this virtual disk like a bank vault for your files. Use PGP Desktop
or Windows Explorer or the Mac OS X finder to unmount and lock the
virtual disk, and your files are secure, even if the rest of your
computer is unlocked.

 Use PGP Zip to create compressed and encrypted PGP Zip archives.

These archives offer an efficient way to transport or store files
securely.

 Use PGP Shredder to delete sensitive files that you no longer need.

PGP Shredder removes them completely, eliminating any possibility of
recovery.

15

Installing PGP Desktop

3

This section describes how to install PGP Desktop onto your computer and how
to get started after installation.

In This Chapter

System Requirements............................................................................. 17

Installing and Configuring PGP Desktop.................................................. 17

Uninstalling PGP Desktop........................................................................ 22

Moving Your PGP Desktop Installation from One Computer to Another 23

System Requirements

The minimum system requirements to install PGP Desktop on your Mac OS X
system are:

 Apple Mac OS X10.5.x or 10.6.x (Intel)

 512 MB of RAM

 64 MB hard disk space

Installing and Configuring PGP Desktop

This section includes information on installing or upgrading PGP Desktop, as
well as information on the Setup Assistant.

Installing the Software

Note: You must have administrative rights on your system in order to install

the update.

The PGP Desktop installer walks you through the installation process.

17

PGP® Desktop for Mac OS X Installing PGP Desktop

 To install PGP Desktop on your Mac OS X system

1 Quit all other applications.

2 Mount the PGP DiskCopy image.

3 Double-click PGP.pkg.

4 Follow the on-screen instructions.

5 If prompted to do so, restart your system.

Note: If you are in a domain protected by a PGP Universal Server, your PGP

administrator may have preconfigured your PGP Desktop installer with
specific features and/or settings. In addition, if your PGP administrator set up
silent enrollment, your Windows domain password will be used for all
passphrase requirements in PGP Desktop. If specified by policy, PGP Whole
Disk Encryption may automatically start to encrypt your disk when your
Windows password is entered.

Using PGP Desktop with Apple Boot Camp

Apple Boot Camp is compatible with PGP Desktop ver 10.0 or later. To use PGP
Desktop with Boot Camp, you must install the software and encrypt the disk in
a specific order.

Before you begin, be sure you have installed Boot Camp correctly. For
information on how to set up Boot Camp, refer to the Boot Camp Installation
and Setup Guide (
from Apple. Note that in order to use Windows XP in the Windows partition,
you much configure the partition as FAT32. PGP Desktop does not support
installing Linux on a partition in Boot Camp.

If you need to decrypt your disk, PGP Corporation recommends that you do so
from the Mac OS X partition.

For more information on using PGP Desktop with Apple Boot Camp, see PGP
KB Article 1697 (

Note: Be sure that your disk is not encrypted (if it is, decrypt the disk before

installing Boot Camp) and then uninstall PGP Desktop.

 To use Apple Boot Camp in a standalone environment

1 Install Apple Boot Camp.

2 Install PGP Desktop on the Mac OS X partition and complete installation

with the setup assistant.

http://manuals.info.apple.com/en/boot_camp_install-setup.pdf)

https://support.pgp.com/?faq=1697).

3 Boot into the Windows partition and install PGP Desktop on the Windows.

Do not run the setup assistant on the Windows partition.

18

PGP® Desktop for Mac OS X Installing PGP Desktop

4 Boot into the Mac OS X partition and encrypt your disk. At this point, if you

pause the encryption process while running Mac OS X, you can boot into
the Windows partition but you must resume encryption while running Mac
OS X.

 To use Apple Boot Camp in a PGP Universal Server-managed

environment

1 Install Apple Boot Camp.

2 Boot into the Windows partition and install PGP Desktop on the Windows.

Do not run the setup assistant on the Windows partition.

3 Install PGP Desktop on the Mac OS X partition and complete enrollment

with the setup assistant.

4 While still booted into the Mac OS X partition, begin to encrypt your disk.

At this point, if you pause the encryption process while running Mac OS X,
you can boot into the Windows partition but you must resume encryption
while running Mac OS X.

Upgrading the Software

Note: PGP Desktop for Mac OS X, and PGP Universal Satellite for Mac OS X

cannot both be installed in the same system. The installers for both products
will detect the presence of the other program and end the install.

You can upgrade to PGP Desktop for Mac OS X from a previous version of one
of the following products:

 PGP Desktop for Mac OS X

 PGP Universal Satellite for Mac OS X

Important Note: If you are upgrading your computer to a new version of the

operating system and want to use this version of PGP Desktop, be sure to
uninstall any previous versions of PGP Desktop before upgrading the OS and
installing this release. Be sure to back up your keys and keyrings before
uninstalling. Note that if you have used PGP Whole Disk Encryption, you will
need to unencrypt your disk before you can uninstall PGP Desktop.

Upgrading PGP Desktop

Do one of the following:

 From PGP Desktop 8.x or 9.x for Mac OS X, begin the installation

process for PGP Desktop 10.1 for Mac OS X.

19

PGP® Desktop for Mac OS X Installing PGP Desktop

The existing version of PGP Desktop for Mac OS X is automatically
uninstalled, then PGP Desktop 10.1 for Mac OS X is installed. Existing
keyrings and PGP Virtual Disk files are usable in the upgraded version.

 From a version of PGP Desktop for Mac OS X prior to Version 8.0, you

must manually uninstall the existing software before beginning the
installation of PGP Desktop 10.1 for Mac OS X. Existing keyrings and PGP
Virtual Disk files are usable in the upgraded version.

Upgrading from PGP Universal Satellite

Do one of the following:

 From PGP Universal Satellite version 1.2 or previous for Mac OS X,

begin the installation process for PGP Desktop 10.1 for Mac OS X.

Existing versions of PGP Universal Satellite for Mac OS X are automatically
uninstalled, then PGP Desktop 10.1 for Mac OS X is installed. Existing
settings are retained.

Caution: Installing any version of PGP Universal Satellite on top of PGP

Desktop 10.1 for Mac OS X is an unsupported configuration. Neither
program will work correctly. Uninstall both programs and then reinstall
only PGP Desktop.

Checking for Updates

 From PGP Desktop for Mac OS X (version 8.x) and PGP Universal

Satellite: Follow the installation process for PGP Desktop 10.1 for Mac OS

X.

PGP Desktop for Mac OS X and PGP Universal Satellite for Mac OS X are
both automatically uninstalled, then PGP Desktop 10.1 for Mac OS X is
installed. Existing keyrings and PGP Virtual Disk files are usable in the
upgraded version, as are existing PGP Universal Satellite for Mac OS X
settings.

Note: The option to automatically check for updates is no longer available in

PGP Desktop, starting with version 10.1. To check for an update or to install
an update, you must manually download the file.

With the acquisition of PGP Corporation by Symantec Corporation, PGP
operations is in the process of integrating with Symantec operations. When
checking to see if there are updates, or to download an update, use the second
download link if the first link does not appear operational.

 To upgrade PGP Desktop, do the following:

 Go to the PGP License and Entitlement Management System (LEMS) and

https://lems.pgp.com/account/login). If the update for PGP Desktop

log in (
is not available, then

20