Note: Boot Camp is no longer supported with encryption. If you use Boot Camp, we strongly suggest that you convert it to a VM using software such as Parallels Desktop or VMware Fusion.
PGP Whole Disk Encryption (WDE) for Macintosh Install Overview
The process for initially encrypting your Mac's hard drive consists of the following steps. You must complete all of the steps in order to successfully install the PGP client and to encrypt your computer's hard drive
Back up your computer
Securing your computer
Installing the PGP Desktop WDE client
Enrolling the computer with the Partners PGP Universal Server
Constructing a PGP Key File
Creating a PGP WDE passphrase and Encrypting your disk
Prerequisites before you begin the encryption process
You will need to have an account with administrative privileges (the default account on OS X is an administrator)
You need an active Partners logon and password
Your laptop should be connected to the internet. Connecting to VPN to enroll and encrypt is not required.
Please plug your laptop into a power source. While losing power during encryption did not result in any problems during our testing, it is strongly recommended that you keep your laptop connected to a power source during the encryption process
Time. A 500GB drive can take upwards of 12 hours to encrypt. You will, however, be able to use your Mac normally as it is being encrypted.
10.4 (Tiger) users on Intel Hardware MUST to upgrade to 10.5 Leopard or higher
Backing up your Mac
Before beginning the encryption process on your laptop, you are strongly encouraged to back up the contents of your hard drive. This will allow you to recover your data should anything go wrong. The easiest way to ensure you have a complete backup of your system is to leverage the built in Time Machine backup that comes as part of Leopard (10.5) and Snow Leopard (10.6). For instructions on how to use Time Machine, please reference the following Apple Support Document
Installation of the PGP client is no different than installing any other program on your Mac. Simply double click the installer and follow the on-screen instructions. For your reference, we have also included detailed step-by-step instructions for the installation of the PGP client.
After you install the PGP software, proceed to the Enrollment part of this document
The first time you launch the installer, you may see the following screen. Click Continue
Click Continue again
The next screen should contain the Release Notes for this version of PGP. Please verify that you are installing PGP version 10.0 or higher and click on Continue
You will then be presented with the PGP End User Licensing agreement. Click Continue and then Agree to proceed.
Select the hard drive on which you wish to install PGP. This is typically called "Macintosh HD", unless you have changed it. Click on Continue.
The install will then present a summary screen about how much disk space is required and onto which hard drive it will be installing PGP. Click on Install to being installation
Enter in yourcomputer administrative password (what is shown is merely and example) and click OK
You must restart your computer after installation is complete. Click Continue Installation to verify that you wish to install the software now
Your computer will now proceed with installation and you should see screenshots similar to the ones below
Click Restart to reboot your computer and finish installation
Enrolling the computer with the Partners PGP Universal Server
After you reboot your Mac, the enrollment process should automatically begin. If it does NOT, please connect your Mac to the internet and reboot.
You will need your Partners User name and password to continue enrolling your computer with the Partners PGP Universal Server. If you do not have a Partners user name, please contact the Partners Helpdesk at 617-732-5927
Enter in yourPartners User name and Password (what you see here is only an example) and click Continue
If this is the first time that you have ever used PGP, you will then be prompted to create a "PGP Key File". Select New Key and click Continue
You should now be prompted to create a passphrase (aka password). This PGP passphrase is separate from your Partners password and does not remain in sync. Choose a password that is at least 8 charactres in length. When you are done, click Create
You will now be asked to create 5 security questions/answer similar to the screen below. Due to an idiosyncrasy in the PGP system, you must make your answers at least 6 character long. You can use the drop down menus to create questions that will make it easy for you to recall if you should ever need to retrieve a forgotten PGP Key File.
You will now be prompted to enter your PGP Passphrase. While your PHS account should be listed, the passphrase you enter here is the one you just created, not your Partners one. It is recommended that you Save your passphrase in your Mac's Keychain so that your Mac does not prompt you for this passphrase everytime you boot up your Mac.
If you entered your passphrase in correctly, you should now see a screen similar to the following. PGP WDE proceeds immediately following this screen shot. Contrary to the screenshot instructions, you do not need to have your email client open
Encrypting your drive
Note: These steps should proceed immediately and automatically following the generation of your PGP Key File passphrase steps above.
After enrollment and after the creation of your PGP Key file, you will see the following Welcome to PGP Desktop window. The default choice, I am a new user should be selected. Click Continue
PGP will then display where on your computer it will store your public and private keys. Click Continue
You will then receive a warning that PGP will be encrypting the System Disk and that your machine may need to be restarted. Click Continue to move to the next step.
At this point, PGP will prompt you to Add [a] PGP Whole Disk User. This user is different from the Partners login you used earlier and different from your PGP Key file user you created during enrollment. The user field is automatically populated by the currently logged in user of your computer, and the passphrase you enter in this dialogue box is the one you will use to gain access to your computer once it is encrypted.
Enter your passphrase once in the bottom and top sections and click Continue
You will then be presented with a summary window indicating which hard drive will be encrypted as well as some other bits of information. Click on Encrypt to begin the encryption process
You will be prompted to enter your PGP WDE passphrase. This is the passphrase you created in step 4 above
Once PGP has begun encryption, you will see this last screen to inform you that it has begun the encryption of your drive. You can click Close to close out of PGP Desktop. Your computer is usable during the encryption process, though it will run slower until it is done.
That's it! You can check our the encryption progress by following these instructions. Once your disk has finished encrypting you will need to use your WDE Passphrase that you created in step 4 during the "Encrypting your drive" subsection to gain access to your computer following a reboot.
"Partners HealthCare requires that all laptops, tablets and netbooks used to conduct Partners business or access Partners network resources be encrypted. Every time you change your Partners password, you will be required to attest to our encryption status."