PGP Mobile - 9.1 Administrator’s Guide

PGP® Mobile 9.10

Administrator's Guide

Version Information

PGP Mobile Administrator's Guide. PGP Mobile Version 9.10.0. Released March 2010.

Copyright © 1991-2010 by PGP Corporation. All Rights Reserved. No part of this document can be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of PGP Corporation.

Trademark Information

PGP, Pretty Good Privacy, and the PGP logo are registered trademarks of PGP Corporation in the US and other countries. IDEA is a trademark of Ascom Tech AG. Windows and ActiveX are registered trademarks of Microsoft Corporation. AOL is a registered trademark, and AOL Instant Messenger is a trademark, of America Online, Inc. Red Hat and Red Hat Linux are trademarks or registered trademarks of Red Hat, Inc. Linux is a registered trademark of Linus Torvalds. Solaris is a trademark or registered trademark of Sun Microsystems, Inc. AIX is a trademark or registered trademark of International Business Machines Corporation. HP-UX is a trademark or registered trademark of Hewlett-Packard Company. SSH and Secure Shell are trademarks of SSH Communications Security, Inc. Rendezvous and Mac OS X are trademarks or registered trademarks of Apple Computer, Inc. All other registered and unregistered trademarks in this document are the sole property of their respective owners.

Licensing and Patent Information

The IDEA cryptographic cipher described in U.S. patent number 5,214,703 is licensed from Ascom Tech AG. The CAST-128 encryption algorithm, implemented from RFC 2144, is available worldwide on a royalty-free basis for commercial and non-commercial uses. PGP Corporation has secured a license to the patent rights contained in the patent application Serial Number 10/655,563 by The Regents of the University of California, entitled Block Cipher Mode of Operation for Constructing a Wide-blocksize block Cipher from a Conventional Block Cipher. Some third-party software included in PGP Universal Server is licensed under the GNU General Public License (GPL). PGP Universal Server as a whole is not licensed under the GPL. If you would like a copy of the source code for the GPL software included in PGP Universal Server, contact PGP Support ( may have patents and/or pending patent applications covering subject matter in this software or its documentation; the furnishing of this software or documentation does not give you any license to these patents.

https://support.pgp.com). PGP Corporation

Acknowledgments

This product includes or may include:

-- The Zip and ZLib compression code, created by Mark Adler and Jean-Loup Gailly, is used with permission from the free Info-ZIP implementation, developed by zlib ( the MIT License found at available high-quality data compressor, is copyrighted by Julian Seward, © 1996-2005. -- Application server (

http://www.apache.org/), Jakarta Commons (http://jakarta.apache.org/commons/license.html) and log4j, a Java-based library used to parse HTML,

( developed by the Apache Software Foundation. The license is at framework for moving data from XML to Java programming language objects and from Java to databases, is released by the ExoLab Group under an Apache 2.0-style license, available at Foundation that implements the XSLT XML transformation language and the XPath XML query language, is released under the Apache Software License, version 1.1, available at Protocol") used for communications between various PGP products is provided under the Apache license found at

http://www.apache.org/licenses/LICENSE-2.0.txt. -- mx4j, an open-source implementation of the Java Management Extensions (JMX), is released under

an Apache-style license, available at Independent JPEG Group. ( distributed under the MIT License distributed by University of Cambridge. ©1997-2006. The license agreement is at and Domain Name System (DNS) protocols developed and copyrighted by Internet Systems Consortium, Inc. ( implementation of daemon developed by The FreeBSD Project, © 1994-2006. -- Simple Network Management Protocol Library developed and copyrighted by Carnegie Mellon University © 1989, 1991, 1992, Networks Associates Technology, Inc, © 2001- 2003, Cambridge Broadband Ltd. © 2001- 2003, Sun Microsystems, Inc., © 2003, Sparta, Inc, © 2003-2006, Cisco, Inc and Information Network Center of Beijing University of Posts and Telecommunications, © 2004. The license agreement for these is at by Network Time Protocol and copyrighted to various contributors. -- Lightweight Directory Access Protocol developed and copyrighted by OpenLDAP Foundation. OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol (LDAP). Copyright © 1999-2003, The OpenLDAP Foundation. The license agreement is at OpenBSD project is released by the OpenBSD Project under a BSD-style license, available at

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/LICENCE?rev=HEAD. -- PC/SC Lite is a free implementation of PC/SC, a specification for

SmartCard integration is released under the BSD license. -- Postfix, an open source mail transfer agent (MTA), is released under the IBM Public License

1.0, available at released under a BSD-style license, available at connect to a PostgreSQL database using standard, database independent Java code, (c) 1997-2005, PostgreSQL Global Development Group, is released under a BSD-style license, available at object-relational database management system, is released under a BSD-style license, available at

21.vixie-cron is the Vixie version of cron, a standard UNIX daemon that runs specified programs at scheduled times. Copyright © 1993, 1994 by Paul Vixie; used by permission. -- JacORB, a Java object used to facilitate communication between processes written in Java and the data layer, is open source licensed under the GNU Library General Public License (LGPL) available at Project. -- TAO (The ACE ORB) is an open-source implementation of a CORBA Object Request Broker (ORB), and is used for communication between processes written in C/C++ and the data layer. Copyright (c) 1993-2006 by Douglas C. Schmidt and his research group at Washington University, University of California, Irvine, and Vanderbilt University. The open source software license is available at

http://www.cs.wustl.edu/~schmidt/ACE-copying.html. -- libcURL, a library for downloading files via common network services, is open source software

provided under a MIT/X derivate license available at library used to generate unique identifiers, is released under a BSD-style license, available at

line options, is released under the terms of the GNU Free Documentation License available at 2000-2003 Free Software Foundation, Inc. -- gSOAP, a development tool for Windows clients to communicate with the Intel Corporation AMT chipset

http://www.zlib.net). -- Libxml2, the XML C parser and toolkit developed for the Gnome project and distributed and copyrighted under

http://jakarta.apache.org/), web server

www.apache.org/licenses/LICENSE-2.0.txt. -- Castor, an open-source, data-binding

http://www.castor.org/license.html. -- Xalan, an open-source software library from the Apache Software

http://xml.apache.org/xalan-j/#license1.1. -- Apache Axis is an implementation of the SOAP ("Simple Object Access

http://mx4j.sourceforge.net/docs/ch01s06.html. -- jpeglib version 6a is based in part on the work of the

http://www.ijg.org/) -- libxslt the XSLT C library developed for the GNOME project and used for XML transformations is

http://www.opensource.org/licenses/mit-license.html. -- PCRE Perl regular expression compiler, copyrighted and

http://www.pcre.org/license.txt. -- BIND Balanced Binary Tree Library

http://www.isc.org) -- Free BSD

http://net-snmp.sourceforge.net/about/license.html. -- NTP version 4.2 developed

http://www.openldap.org/software/release/license.html. Secure shell OpenSSH developed by

http://www.opensource.org/licenses/ibmpl.php. -- PostgreSQL, a free software object-relational database management system, is

http://www.postgresql.org/about/licence. -- PostgreSQL JDBC driver, a free Java program used to

http://jdbc.postgresql.org/license.html. -- PostgreSQL Regular Expression Library, a free software

http://www.postgresql.org/about/licence. --

on a motherboard, is distributed under the gSOAP Public License version 1.3b, available at http://www.cs.fsu.edu/~engelen/license.html. -- Windows Template Library (WTL) is used for developing user interface components and is distributed under the Common Public License v1.0 found at

http://opensource.org/licenses/cpl1.0.php. -- The Perl Kit provides several independent utilities used to automate a variety of maintenance functions and

is provided under the Perl Artistic License, found at library for EFI, including image rendering, text rendering, and alpha blending, and is distributed under the license found at

-- Java Radius Client, used to authenticate PGP Universal Web Messenger users via Radius, is distributed under the Lesser General Public License (LGPL) found at Copyright (c) 2009, Yahoo! Inc. All rights reserved. Released under a BSD-style license, available at

JSON-lib version 2.2.1, a Java library used to convert Java objects to JSON (JavaScript Object Notation) objects for AJAX. Distributed under the Apache

2.0 license, available at

http://ezmorph.sourceforge.net/license.html. -- Apache Commons Lang, used by JSON-lib, is distributed under the Apache 2.0 license, available at

http://commons.apache.org/license.html. -- Apache Commons BeanUtils, used by JSON-lib, is distributed under the Apache 2.0 license, available at http://commons.apache.org/license.html. -- SimpleIni is an .ini format file parser and provides the ability to read and write .ini files, a common

configuration file format used on Windows, on other platforms. Distributed under the MIT License found at

Standard Template Library functions and data structures and is distributed under the MIT License found at

(protobuf), Google's data interchange format, are used to serialize structure data in the PGP SDK. Distributed under the BSD license found at

Additional acknowledgements and legal notices are included as part of the PGP Universal Server.

http://www.gnu.org/licenses/lgpl.html. -- Yahoo! User Interface (YUI) library version 2.5.2, a Web UI interface library for AJAX.

http://json-lib.sourceforge.net/license.html. -- EZMorph, used by JSON-lib, is distributed under the Apache 2.0 license, available

http://www.perl.com/pub/a/language/misc/Artistic.html. -- rEFIt - libeg, provides a graphical interface

http://developer.yahoo.com/yui/license.html. --

Export Information

Export of this software and documentation may be subject to compliance with the rules and regulations promulgated from time to time by the Bureau of Export Administration, United States Department of Commerce, which restricts the export and re-export of certain products and technical data.

Limitations

The software provided with this documentation is licensed to you for your individual use under the terms of the End User License Agreement provided with the software. The information in this document is subject to change without notice. PGP Corporation does not warrant that the information meets your requirements or that the information is free of errors. The information may include technical inaccuracies or typographical errors. Changes may be made to the information and incorporated in new editions of this document, if and when made available by PGP Corporation.

Unsupported Third Party Products

By utilizing third party products, software, drivers, or other components ("Unsupported Third Party Product") to interact with the PGP software and/or by utilizing any associated PGP command or code provided by to you by PGP at its sole discretion to interact with the Unsupported Third Party Product ("PGP Third Party Commands"), you acknowledge that the PGP software has not been designed for or formally tested with the Unsupported Third Party Product, and therefore PGP provides no support or warranties with respect to the PGP Third Party Commands or the PGP software's compatibility with Unsupported Third Party Products. THE PGP THIRD PARTY COMMANDS ARE PROVIDED "AS IS," WITH ALL FAULTS, AND THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH YOU. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PGP DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS, WHETHER EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NONINFRINGEMENT, QUIET ENJOYMENT, AND ACCURACY WITH RESPECT TO THE PGP THIRD PARTY COMMANDS OR THE PGP SOFTWARE'S COMPATIBILITY WITH THE UNSUPPORTED THIRD PARTY PRODUCT.

Contents

About PGP Mobile

Overview 2 Important Terms 2 PGP Mobile and the PGP Universal Server 2 Who Should Read This Guide 3 System Requirements 3 Getting Assistance 4

Available Documentation 4 Contact Information 4

Configuration and Installation

The PGP Mobile Installation File 7 The PGP Mobile Configuration File 8

Messaging 9

Using PGP Mobile with PGP Universal Server Version 2.x 9

Mail Policies 10 Configuring Internal User Policies for PGP Mobile 10

Using PGP Mobile with PGP Universal Server Version 3.0 14

Mail Policies 15 Configuring Consumer Policy Options for PGP Mobile 15

About PGP Mobile

Mobile devices such as Windows Mobile smartphones are popular tools for digital communications, both in the office and on the road. As more employees and executives begin to carry these wireless devices, the amount of sensitive and confidential information put at risk increases. Lacking the right protection, sensitive email that is stored or transmitted on mobile devices may be breached. The resulting damages can include lost revenue, regulatory penalties, and brand damage.

PGP Mobile enables enterprises to extend market-leading PGP® encryption security solutions for laptops and desktops to Windows Mobile devices, allowing users to encrypt emails, files, and entire storage volumes.

Built on proven encryption and key management services, PGP Mobile provides flexible encryption to meet the data protection and sharing needs of a mobile enterprise. With PGP Mobile, entire data volumes, archives, directories, or individual files can be encrypted. Incoming and outgoing email can be encrypted or decrypted, signed or verified.

Ready for the mobile enterprise, PGP Mobile can be deployed over-the-air, leveraging PGP Universal Server's trusted key management and provisioning services to reduce administrator setup time. When needed, PGP Mobile encrypted data can easily be shared with Windows users, even those without encryption software.

PGP Mobile is a PGP Encryption Platform-enabled application. The PGP Encryption Platform provides a strategic enterprise encryption framework for shared user management, policy, and provisioning, automated across multiple, integrated encryption applications. As a PGP Encryption Platform-enabled application, PGP Mobile is managed with PGP Universal Server to manage existing policies, users, keys, and configurations, expediting deployment and policy enforcement.

In This Chapter

Overview.................................................................................................... 2

Important Terms ........................................................................................ 2

PGP Mobile and the PGP Universal Server................................................ 2

Who Should Read This Guide ....................................................................3

System Requirements ............................................................................... 3

Getting Assistance.....................................................................................4

PGP® Mobile 9.10 About PGP Mobile

Overview

PGP Mobile is a security tool that uses cryptography to protect your data against unauthorized access.

PGP Mobile protects your data by encrypting email messages, individual files, entire data volumes, archives, or directories. Use PGP Mobile to put any combination of files and folders into an encrypted, compressed package for easy distribution or backup. Finally, use PGP Mobile to shred (securely delete) sensitive files—so that no one can retrieve them.

Important Terms

PGP Mobile: A software product from PGP Corporation that allows users to

secure emails, files, and entire storage volumes on their mobile devices.

PGP Universal Server: A software product from PGP Corporation used for configuration and management of PGP Corporation encryption applications, including PGP Mobile.

LDAP directory synchronization: An optional feature of PGP Universal Server that lets your PGP Universal Server query your organization's LDAP directory server (a Microsoft Active Directory server, for example), thus taking advantage of existing information about configured users and their authentication credentials.

enrollment: A process during installation of PGP Mobile where the PGP Mobile client synchronizes with the PGP Universal Server. The enrollment process establishes the relationship between the client and the server, binding the managed client to the specific PGP Universal Server. During enrollment, and at specific times afterwards, the PGP Mobile client receives policy and preference updates from the PGP Universal Server. SKM and GKM keys are also downloaded to PGP Mobile during enrollment (the private key portion of CKM and SCKM keys must be downloaded and imported manually; see the PGP Mobile User's Guide for more information).

PGP Mobile and the PGP Universal Server

PGP Mobile requires that users be in a PGP Universal Server-managed environment where the LDAP Directory Synchronization feature is enabled. You provide the information about which PGP Universal Server the PGP Mobile user enrolls with through a separate configuration file provided during client installation.

+ 15 hidden pages