Macintosh Encryption: How to Install PGP Whole Disk EncryptionResearch Computing
PGP Whole Disk Encryption (WDE) for Macintosh Install Overview
- Back up your computer
- Securing your computer
- Installing the PGP Desktop WDE client
- Enrolling the computer with the Partners PGP Universal Server
- Constructing a PGP Key File
- Creating a PGP WDE passphrase and Encrypting your disk
- Mac OS X 10.5 Leopard or 10.6 Snow Leopard only (what version do I have?)
- Intel based Mac (e.g. Macbook, Macbook Pro)
- You will need to have an account with administrative privileges (the default account on OS X is an administrator)
- You need an active Partners logon and password
- Your laptop should be connected to the internet. Connecting to VPN to enroll and encrypt is not required.
- Please plug your laptop into a power source. While losing power during encryption did not result in any problems during our testing, it is strongly recommended that you keep your laptop connected to a power source during the encryption process
- Time. A 500GB drive can take upwards of 12 hours to encrypt. You will, however, be able to use your Mac normally as it is being encrypted.
- Owners of PowerPC based Macs (e.g. PowerBooks) must use Apple's FileVault instead of PGP
- 10.4 (Tiger) users on Intel Hardware MUST to upgrade to 10.5 Leopard or higher
Backing up your Mac
Securing your Mac
Installing the PGP Desktop WDE client
After you install the PGP software, proceed to the Enrollment part of this document
Enrolling the computer with the Partners PGP Universal Server
You will need your Partners User name and password to continue enrolling your computer with the Partners PGP Universal Server. If you do not have a Partners user name, please contact the Partners Helpdesk at 617-732-5927
- Enter in your Partners User name and Password (what you see here is only an example) and click Continue
- If this is the first time that you have ever used PGP, you will then be prompted to create a "PGP Key File". Select New Key and click Continue
- You should now be prompted to create a passphrase (aka password). This PGP passphrase is separate from your Partners password and does not remain in sync. Choose a password that is at least 8 charactres in length. When you are done, click Create
- You will now be asked to create 5 security questions/answer similar to the screen below. Due to an idiosyncrasy in the PGP system, you must make your answers at least 6 character long. You can use the drop down menus to create questions that will make it easy for you to recall if you should ever need to retrieve a forgotten PGP Key File.
- You will now be prompted to enter your PGP Passphrase. While your PHS account should be listed, the passphrase you enter here is the one you just created, not your Partners one. It is recommended that you Save your passphrase in your Mac's Keychain so that your Mac does not prompt you for this passphrase everytime you boot up your Mac.
- If you entered your passphrase in correctly, you should now see a screen similar to the following. PGP WDE proceeds immediately following this screen shot. Contrary to the screenshot instructions, you do not need to have your email client open
Encrypting your drive
- After enrollment and after the creation of your PGP Key file, you will see the following Welcome to PGP Desktop window. The default choice, I am a new user should be selected. Click Continue
- PGP will then display where on your computer it will store your public and private keys. Click Continue
- You will then receive a warning that PGP will be encrypting the System Disk and that your machine may need to be restarted. Click Continue to move to the next step.
At this point, PGP will prompt you to Add [a] PGP Whole Disk User. This user is different from the Partners login you used earlier and different from your PGP Key file user you created during enrollment. The user field is automatically populated by the currently logged in user of your computer, and the passphrase you enter in this dialogue box is the one you will use to gain access to your computer once it is encrypted.
Enter your passphrase once in the bottom and top sections and click Continue
- You will then be presented with a summary window indicating which hard drive will be encrypted as well as some other bits of information. Click on Encrypt to begin the encryption process
- You will be prompted to enter your PGP WDE passphrase. This is the passphrase you created in step 4 above
- Once PGP has begun encryption, you will see this last screen to inform you that it has begun the encryption of your drive. You can click Close to close out of PGP Desktop. Your computer is usable during the encryption process, though it will run slower until it is done.
That's it! You can check our the encryption progress by following these instructions. Once your disk has finished encrypting you will need to use your WDE Passphrase that you created in step 4 during the "Encrypting your drive" subsection to gain access to your computer following a reboot.
"Partners HealthCare requires that all laptops, tablets and netbooks used to conduct Partners business or access Partners network resources be encrypted. Every time you change your Partners password, you will be required to attest to our encryption status."