Home

Macintosh Encryption: How to Install PGP Whole Disk Encryption

Research Computing

Note: Boot Camp is no longer supported with encryption. If you use Boot Camp, we strongly suggest that you convert it to a VM using software such as Parallels Desktop or VMware Fusion.

PGP Whole Disk Encryption (WDE) for Macintosh Install Overview

The process for initially encrypting your Mac's hard drive consists of the following steps. You must complete all of the steps in order to successfully install the PGP client and to encrypt your computer's hard drive
  1. Back up your computer
  2. Securing your computer
  3. Installing the PGP Desktop WDE client
  4. Enrolling the computer with the Partners PGP Universal Server
  5. Constructing a PGP Key File
  6. Creating a PGP WDE passphrase and Encrypting your disk
Prerequisites before you begin the encryption process
  • Mac OS X 10.5 Leopard or 10.6 Snow Leopard only (what version do I have?)
  • Intel based Mac (e.g. Macbook, Macbook Pro)
  • You will need to have an account with administrative privileges (the default account on OS X is an administrator)
  • You need an active Partners logon and password
  • Your laptop should be connected to the internet. Connecting to VPN to enroll and encrypt is not required.
  • Please plug your laptop into a power source. While losing power during encryption did not result in any problems during our testing, it is strongly recommended that you keep your laptop connected to a power source during the encryption process
  • Time. A 500GB drive can take upwards of 12 hours to encrypt. You will, however, be able to use your Mac normally as it is being encrypted.
Notes:
Owners of PowerPC based Macs (e.g. PowerBooks) must use Apple's FileVault instead of PGP
10.4 (Tiger) users on Intel Hardware MUST to upgrade to 10.5 Leopard or higher

 


Backing up your Mac

Before beginning the encryption process on your laptop, you are strongly encouraged to back up the contents of your hard drive. This will allow you to recover your data should anything go wrong. The easiest way to ensure you have a complete backup of your system is to leverage the built in Time Machine backup that comes as part of Leopard (10.5) and Snow Leopard (10.6). For instructions on how to use Time Machine, please reference the following Apple Support Document


Securing your Mac

Second you need to secure your computer by disabling automatic login and enabling the screen saver.


Installing the PGP Desktop WDE client

Installation of the PGP client is no different than installing any other program on your Mac. Simply double click the installer and follow the on-screen instructions. For your reference, we have also included detailed step-by-step instructions for the installation of the PGP client.

After you install the PGP software, proceed to the Enrollment part of this document


Enrolling the computer with the Partners PGP Universal Server

After you reboot your Mac, the enrollment process should automatically begin. If it does NOT, please connect your Mac to the internet and reboot.

You will need your Partners User name and password to continue enrolling your computer with the Partners PGP Universal Server. If you do not have a Partners user name, please contact the Partners Helpdesk at 617-732-5927


  1. Enter in your Partners User name and Password (what you see here is only an example) and click Continue
  2. If this is the first time that you have ever used PGP, you will then be prompted to create a "PGP Key File". Select New Key and click Continue
  3. You should now be prompted to create a passphrase (aka password). This PGP passphrase is separate from your Partners password and does not remain in sync. Choose a password that is at least 8 charactres in length. When you are done, click Create
  4. You will now be asked to create 5 security questions/answer similar to the screen below. Due to an idiosyncrasy in the PGP system, you must make your answers at least 6 character long. You can use the drop down menus to create questions that will make it easy for you to recall if you should ever need to retrieve a forgotten PGP Key File.
  5. You will now be prompted to enter your PGP Passphrase. While your PHS account should be listed, the passphrase you enter here is the one you just created, not your Partners one. It is recommended that you Save your passphrase in your Mac's Keychain so that your Mac does not prompt you for this passphrase everytime you boot up your Mac.
  6. If you entered your passphrase in correctly, you should now see a screen similar to the following. PGP WDE proceeds immediately following this screen shot. Contrary to the screenshot instructions, you do not need to have your email client open



Encrypting your drive

Note: These steps should proceed immediately and automatically following the generation of your PGP Key File passphrase steps above.

 

  1. After enrollment and after the creation of your PGP Key file, you will see the following Welcome to PGP Desktop window. The default choice, I am a new user should be selected. Click Continue
  2. PGP will then display where on your computer it will store your public and private keys. Click Continue
  3. You will then receive a warning that PGP will be encrypting the System Disk and that your machine may need to be restarted. Click Continue to move to the next step.
  4. At this point, PGP will prompt you to Add [a] PGP Whole Disk User. This user is different from the Partners login you used earlier and different from your PGP Key file user you created during enrollment. The user field is automatically populated by the currently logged in user of your computer, and the passphrase you enter in this dialogue box is the one you will use to gain access to your computer once it is encrypted.

    Enter your passphrase once in the bottom and top sections and click Continue
  5. You will then be presented with a summary window indicating which hard drive will be encrypted as well as some other bits of information. Click on Encrypt to begin the encryption process
  6. You will be prompted to enter your PGP WDE passphrase. This is the passphrase you created in step 4 above
  7. Once PGP has begun encryption, you will see this last screen to inform you that it has begun the encryption of your drive. You can click Close to close out of PGP Desktop. Your computer is usable during the encryption process, though it will run slower until it is done.

Next Steps..

That's it! You can check our the encryption progress by following these instructions. Once your disk has finished encrypting you will need to use your WDE Passphrase that you created in step 4 during the "Encrypting your drive" subsection to gain access to your computer following a reboot.


"Partners HealthCare requires that all laptops, tablets and netbooks used to conduct Partners business or access Partners network resources be encrypted. Every time you change your Partners password, you will be required to attest to our encryption status."

 

denotes Intranet links