PGP Mobile - 9.1 Instruction Manual

PGP® Mobile 9.10

User's Guide

Version Information

PGP Mobile User's Guide. PGP Mobile Version 9.10.0. Released June 2009.

Copyright © 1991-2009 by PGP Corporation. All Rights Reserved. No part of this document can be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of PGP Corporation.

Trademark Information

PGP, Pretty Good Privacy, and the PGP logo are registered trademarks of PGP Corporation in the US and other countries. IDEA is a trademark of Ascom Tech AG. Windows and ActiveX are registered trademarks of Microsoft Corporation. AOL is a registered trademark, and AOL Instant Messenger is a trademark, of America Online, Inc. Red Hat and Red Hat Linux are trademarks or registered trademarks of Red Hat, Inc. Linux is a registered trademark of Linus Torvalds. Solaris is a trademark or registered trademark of Sun Microsystems, Inc. AIX is a trademark or registered trademark of International Business Machines Corporation. HP-UX is a trademark or registered trademark of Hewlett-Packard Company. SSH and Secure Shell are trademarks of SSH Communications Security, Inc. Rendezvous and Mac OS X are trademarks or registered trademarks of Apple Computer, Inc. All other registered and unregistered trademarks in this document are the sole property of their respective owners.

Licensing and Patent Information

The IDEA cryptographic cipher described in U.S. patent number 5,214,703 is licensed from Ascom Tech AG. The CAST-128 encryption algorithm, implemented from RFC 2144, is available worldwide on a royalty-free basis for commercial and non-commercial uses. PGP Corporation has secured a license to the patent rights contained in the patent application Serial Number 10/655,563 by The Regents of the University of California, entitled Block Cipher Mode of Operation for Constructing a Wide-blocksize block Cipher from a Conventional Block Cipher. Some third-party software included in PGP Universal Server is licensed under the GNU General Public License (GPL). PGP Universal Server as a whole is not licensed under the GPL. If you would like a copy of the source code for the GPL software included in PGP Universal Server, contact PGP Support ( may have patents and/or pending patent applications covering subject matter in this software or its documentation; the furnishing of this software or documentation does not give you any license to these patents.

https://pgp.custhelp.com). PGP Corporation

Acknowledgments

This product includes or may include:

z The Zip and ZLib compression code, created by Mark Adler and Jean-Loup Gailly, is used with permission from the free Info-ZIP implementation, developed by zlib ( under the MIT License found at freely available high-quality data compressor, is copyrighted by Julian Seward, © 1996-2005. z Application server (

http://www.apache.org/), Jakarta Commons (http://jakarta.apache.org/commons/license.html) and log4j, a Java-based library used to parse

server ( HTML, developed by the Apache Software Foundation. The license is at data-binding framework for moving data from XML to Java programming language objects and from Java to databases, is released by the ExoLab Group under an Apache 2.0-style license, available at Foundation that implements the XSLT XML transformation language and the XPath XML query language, is released under the Apache Software License, version 1.1, available at Protocol") used for communications between various PGP products is provided under the Apache license found at

http://www.apache.org/licenses/LICENSE-2.0.txt. z mx4j, an open-source implementation of the Java Management Extensions (JMX), is released

under an Apache-style license, available at Independent JPEG Group. ( distributed under the MIT License copyrighted and distributed by University of Cambridge. ©1997-2006. The license agreement is at Binary Tree Library and Domain Name System (DNS) protocols developed and copyrighted by Internet Systems Consortium, Inc. ( Free BSD implementation of daemon developed by The FreeBSD Project, © 1994-2006. z Simple Network Management Protocol Library developed and copyrighted by Carnegie Mellon University © 1989, 1991, 1992, Networks Associates Technology, Inc, © 2001- 2003, Cambridge Broadband Ltd. © 2001- 2003, Sun Microsystems, Inc., © 2003, Sparta, Inc, © 2003-2006, Cisco, Inc and Information Network Center of Beijing University of Posts and Telecommunications, © 2004. The license agreement for these is at by Network Time Protocol and copyrighted to various contributors. z Lightweight Directory Access Protocol developed and copyrighted by OpenLDAP Foundation. OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol (LDAP). Copyright © 1999-2003, The OpenLDAP Foundation. The license agreement is at developed by OpenBSD project is released by the OpenBSD Project under a BSD-style license, available at

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/LICENCE?rev=HEAD. z PC/SC Lite is a free implementation of PC/SC, a specification for

SmartCard integration is released under the BSD license. z Postfix, an open source mail transfer agent (MTA), is released under the IBM Public License

1.0, available at released under a BSD-style license, available at connect to a PostgreSQL database using standard, database independent Java code, (c) 1997-2005, PostgreSQL Global Development Group, is released under a BSD-style license, available at object-relational database management system, is released under a BSD-style license, available at

21.vixie-cron is the Vixie version of cron, a standard UNIX daemon that runs specified programs at scheduled times. Copyright © 1993, 1994 by Paul Vixie; used by permission. z JacORB, a Java object used to facilitate communication between processes written in Java and the data layer, is open source licensed under the GNU Library General Public License (LGPL) available at Project. z TAO (The ACE ORB) is an open-source implementation of a CORBA Object Request Broker (ORB), and is used for communication between processes written in C/C++ and the data layer. Copyright (c) 1993-2006 by Douglas C. Schmidt and his research group at Washington University, University of California, Irvine, and Vanderbilt University. The open source software license is available at

http://www.cs.wustl.edu/~schmidt/ACE-copying.html. z libcURL, a library for downloading files via common network services, is open source software

provided under a MIT/X derivate license available at library used to generate unique identifiers, is released under a BSD-style license, available at

line options, is released under the terms of the GNU Free Documentation License available at 2000-2003 Free Software Foundation, Inc. z gSOAP, a development tool for Windows clients to communicate with the Intel Corporation AMT chipset

http://www.zlib.net). z Libxml2, the XML C parser and toolkit developed for the Gnome project and distributed and copyrighted

http://jakarta.apache.org/), web

www.apache.org/licenses/LICENSE-2.0.txt. z Castor, an open-source,

http://www.castor.org/license.html. z Xalan, an open-source software library from the Apache Software

http://xml.apache.org/xalan-j/#license1.1. z Apache Axis is an implementation of the SOAP ("Simple Object Access

http://mx4j.sourceforge.net/docs/ch01s06.html. z jpeglib version 6a is based in part on the work of the

http://www.ijg.org/) z libxslt the XSLT C library developed for the GNOME project and used for XML transformations is

http://www.opensource.org/licenses/mit-license.html. z PCRE version 4.5 Perl regular expression compiler,

http://www.pcre.org/license.txt. z BIND Balanced

http://www.isc.org) z

http://net-snmp.sourceforge.net/about/license.html. z NTP version 4.2 developed

http://www.openldap.org/software/release/license.html. Secure shell OpenSSH version 4.2.1

http://www.opensource.org/licenses/ibmpl.php. z PostgreSQL, a free software object-relational database management system, is

http://www.postgresql.org/about/licence. z PostgreSQL JDBC driver, a free Java program used to

http://jdbc.postgresql.org/license.html. z PostgreSQL Regular Expression Library, a free software

http://www.postgresql.org/about/licence. z

on a motherboard, is distributed under the GNU Public License, available at http://www.cs.fsu.edu/~engelen/soaplicense.html. z Windows Template Library (WTL) is used for developing user interface components and is distributed under the Common Public License v1.0 found at

http://opensource.org/licenses/cpl1.0.php. z The Perl Kit provides several independent utilities used to automate a variety of maintenance functions and

is provided under the Perl Artistic License, found at interface library for EFI, including image rendering, text rendering, and alpha blending, and is distributed under the license found at

z Java Radius Client, used to authenticate PGP Universal Web Messenger users via Radius, is distributed under the Lesser General Public License (LGPL) found at

http://www.gnu.org/licenses/lgpl.html.

http://www.perl.com/pub/a/language/misc/Artistic.html. z rEFIt - libeg, provides a graphical

Export Information

Export of this software and documentation may be subject to compliance with the rules and regulations promulgated from time to time by the Bureau of Export Administration, United States Department of Commerce, which restricts the export and re-export of certain products and technical data.

Limitations

The software provided with this documentation is licensed to you for your individual use under the terms of the End User License Agreement provided with the software. The information in this document is subject to change without notice. PGP Corporation does not warrant that the information meets your requirements or that the information is free of errors. The information may include technical inaccuracies or typographical errors. Changes may be made to the information and incorporated in new editions of this document, if and when made available by PGP Corporation.

Contents

About PGP Mobile 1

What's New in PGP Mobile Version 9.10 2 Getting Assistance 2

Available Documentation 2 Contacting Technical Support 2

Installing PGP Mobile

System Requirements 5 Installing PGP Mobile on Your Device 5 Upgrading from a Previous Version of PGP Mobile 7 Configuring PGP Mobile 7 Using LDAP for Enrollment 7

Downloading Your Key from PGP Universal Server 7 Signing a Key 8

Uninstalling PGP Mobile 8

Using PGP Mobile 9

Using the Home Screen 9 Viewing the PGP Mobile Verification Log 10 Clearing the Passphrase Cache 10 Viewing the License Agreement 10

Managing PGP Keys 11

Viewing the Key List 11 Viewing the Properties of a Key 11 Searching for Keys 13

Searching for Keys Over the Network 13

PGP® Mobile 9.10 Contents

Manually Synchronizing Keys 13 Importing Keys 14 Exporting Keys 14 Deleting Keys 15

Encrypting Email with PGP Messaging 17

About PGP Mobile Email 17 Annotated Messages 17 Manually Verifying a Signature 18 Viewing Notifications 18 Using the Shortcut Menus 19 PGP Mobile Messaging Icons 19

Generic Messaging Icons 19 Specialized Messaging Icons 20

Encrypting Files Using PGP Zip 23

Encrypting a File 23 Using PGP Zip Options 24

Using a Passphrase Instead of a Key 25

Signing a File 26 Decrypting a File 26 Verifying Signed PGP Zip Archives 26 Creating Self-Decrypting Archives 27

Creating Secure Volumes Using PGP Disk 29

About PGP Disks 29

Keeping Your Data Secure 30 Creating a PGP Disk 30 Mounting or Unmounting a PGP Disk 31 Using a Mounted PGP Disk 32 Compacting a PGP Disk Volume 32 Viewing the Properties of a PGP Disk 32

Securely Deleting Files with PGP Shred 35

Using PGP Shred to Delete Files 35

About PGP Mobile

Mobile devices such as Windows Mobile smartphones are popular tools for digital communications, both in the office and on the road. As more employees and executives begin to carry these wireless devices, the amount of sensitive and confidential information put at risk increases. Lacking the right protection, sensitive email that is stored or transmitted on mobile devices may be breached. The resulting damages can include lost revenue, regulatory penalties, and brand damage.

PGP Mobile enables enterprises to extend market-leading PGP® encryption security solutions for laptops and desktops to Windows Mobile devices, allowing users to encrypt emails, files, and entire storage volumes.

Built on proven encryption and key management services, PGP Mobile provides flexible encryption to meet the data protection and sharing needs of a mobile enterprise. With PGP Mobile, entire data volumes, archives, directories, or individual files can be encrypted. Incoming and outgoing email can be encrypted or decrypted, signed or verified.

Ready for the mobile enterprise, PGP Mobile can be deployed over-the-air, leveraging PGP Universal Server's trusted key management and provisioning services to reduce administrator setup time. When needed, PGP Mobile encrypted data can easily be shared with Windows users, even those without encryption software.

PGP Mobile is a PGP Encryption Platform-enabled application. The PGP Encryption Platform provides a strategic enterprise encryption framework for shared user management, policy, and provisioning, automated across multiple, integrated encryption applications. As a PGP Encryption Platform-enabled application, PGP Mobile is managed with PGP Universal Server to manage existing policies, users, keys, and configurations, expediting deployment and policy enforcement.

In This Chapter

What's New in PGP Mobile Version 9.10 .................................................. 1

Getting Assistance..................................................................................... 2

PGP® Mobile 9.10 About PGP Mobile

What's New in PGP Mobile Version 9.10

Building on PGP Corporation’s proven technology, PGP Mobile 9.10 includes numerous improvements and the following new features.

 PGP Mobile can now be used to encrypt and decrypt email messages

received on your mobile device.

 You can now see PGP Zip files from the Home screen. This is a temporary

list of files from the current session only.

Getting Assistance

For additional resources, see these sections.

Available Documentation

PGP Mobile on-device help is installed onto your touchscreen mobile device during the installation process.

To view the help file on your touchscreen device, do one of the following:

 Launch PGP Mobile. To do this on your touchscreen device, select Start >

Programs, and then select PGP Mobile. Then select Start > Help.

 You can also navigate to the PGP Mobile help from your mobile device's

main help. In the device's help Table of Contents, select Help for Added

Programs > PGP Mobile.

The PGP Mobile User's Guide is available in an Adobe Acrobat Portable Document Format (PDF) files. You can view and print these files with Adobe Acrobat Reader, available on the Adobe Web site ( PGP Mobile User's Guide can be obtained from your PGP Universal Server administrator or from the PGP Corporation Knowledgebase.

Once PGP Mobile is released, additional information regarding the product is entered into the online Knowledge Base available on the PGP Corporation Support Portal (

http://www.adobe.com). The

https://pgp.custhelp.com).

Contacting Technical Support

 To learn about PGP support options and how to contact PGP Technical

Support, please visit the PGP Corporation Support Home Page (

https://pgp.custhelp.com).

PGP® Mobile 9.10 About PGP Mobile

 To access the PGP Support Knowledge Base or request PGP Technical

Support, please visit PGP Support Portal Web Site

https://pgp.custhelp.com). Note that you may access portions of the

(

PGP Support Knowledge Base without a support agreement; however, you must have a valid support agreement to request Technical Support.

 For any other contacts at PGP Corporation, please visit the PGP Contacts

http://www.pgp.com/about_pgp_corporation/contact/index.html).

Page (

 For general information about PGP Corporation, please visit the PGP Web

http://www.pgp.com).

Site (

 To access the PGP Support forums, please visit PGP Support

(

http://forum.pgp.com). These are user community support forums hosted

by PGP Corporation.

Installing PGP Mobile

This section provides information on the system requirements and instructions for installing PGP Mobile.

Note: Your PGP Universal administrator may "push" the installation of PGP

Mobile. This means that PGP Mobile will be installed on your device automatically. You are not prompted to enter any information during this type of installation.

In This Chapter

System Requirements ............................................................................... 5

Installing PGP Mobile on Your Device ....................................................... 5

Upgrading from a Previous Version of PGP Mobile................................... 7

Configuring PGP Mobile ............................................................................ 7

Using LDAP for Enrollment........................................................................ 7

Uninstalling PGP Mobile ............................................................................ 8

System Requirements

PGP Mobile is supported on the following operating systems and devices:

 Windows Mobile Professional Edition, version 6.0 and 6.1

PGP Mobile is supported on all resolutions supported by the Windows Mobile version in both portrait and landscape formats.

PGP Mobile supports external storage cards (for creating new PGP Disk volumes, creating PGP Zip files, and so on).

PGP Mobile is fully compatible with email messages and keys created with PGP Corporation products.

Installing PGP Mobile on Your Device

The following instructions describe how to install PGP Mobile on your mobile device.

PGP® Mobile 9.10 Installing PGP Mobile

 To install PGP Mobile

1 The PGP Mobile installation file is a Microsoft Windows .cab file. The PGP

Mobile configuration file is a .dat file. Both of these files can be transferred to your device using any of the following methods:

 Desktop synchronization  Beaming (bluetooth, infrared)  Storage card transfer  Email  Web download  Mobile Device Management (MDM) push

While it is not necessary, PGP Corporation recommends that both files be placed in the same location on your device.

2 Once the installation and configuration files are on your device, start the

installation by selecting the installation file (.cab).

3 When prompted, review and accept the end-user license agreement. 4 If prompted to do so, restart your device. 5 The PGP Mobile files are installed on your device. When completed, select

OK to clear the message.

6 Launch PGP Mobile. To do this, select Start > Programs, and then select

PGP Mobile.

7 To enroll, enter your network login user name and password and select OK. 8 Once the enrollment has completed, a message is displayed informing you

your key has been downloaded to your mobile device. Select OK to clear the message.

PGP Mobile has been installed, you have been enrolled with your PGP Universal Server, and you can now use PGP Mobile on your mobile device.

 To install on devices without File Explorer

1 In ActiveSync, copy the files (.cab and .dat) to the \Windows\Start Menu

folder.

2 To launch the installation file, on your mobile device select Start, locate the

file (named PGPMobile*.cab), and select it. The installation program launches.

3 View and accept the license agreement and then continue to follow the

previous procedure.

PGP® Mobile 9.10 Installing PGP Mobile

Upgrading from a Previous Version of PGP Mobile

 To upgrade to PGP Mobile 9.10

 From PGP Mobile 9.9: Follow the installation process for PGP Mobile 9.10.

PGP Mobile 9.9 is automatically uninstalled, and then PGP Mobile 9.10 is installed. Existing keyrings and PGP Virtual Disk files are usable in the upgraded version.

Configuring PGP Mobile

PGP Mobile is managed by a PGP Universal Server. The name of the PGP Universal Server is defined in the configuration file used during installation (PGPConfigure.dat). Your administrator should have provided this file to you at the same time you received the installation file.

Using LDAP for Enrollment

Your network credentials are used during enrollment to your PGP Universal Server and to obtain your PGP key. During configuration, your key is downloaded from the PGP Universal Server to your device.

Downloading Your Key from PGP Universal Server

All key types are supported: SKM, GKM, CKM, and SCKM. For SKM and GKM keys, during setup and enrollment, the user's key is downloaded from the PGP Universal Server. For CKM and SCKM keys, the private key can not be downloaded from the PGP Universal Server and the user must perform a manual step is needed to import the private key.

 To manually download the private portion of your key

1 Export your private key from PGP Desktop. 2 Copy the key file to your mobile device. 3 Import this key into your local key ring. To do this, double-click the key file

on your device or use PGP Zip to decrypt it.

+ 28 hidden pages