Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

7 Whole-Disk Encryption Apps Put A Lock On Data: Page 7 of 8

Messaging controls how PGP Desktop deals with e-mail. Out of the box, PGP Desktop can encrypt standard SMTP/POP e-mail, Exchange/MAPI mail, and Lotus Notes mail. Instead of modifying the e-mail client, PGP Desktop proxies and monitors e-mail traffic in both directions and acts as needed. Messages sent to you that have been encrypted with a key in your keyring will be decrypted automatically. You can also create policies that describe how mail is to be intercepted and encrypted -- for instance, mail to all but a particular domain can be sent in the clear. The IM encryption system (which also works through a local proxy) supports only AOL Instant Messenger and Trillian; other programs that use AIM's protocols may work but PGP can't vouch for them. IM encryption uses 1024-bit one-time RSA keys for each logon; messages are encrypted with AES 256-bit symmetric keys.

The PGP Zip tab lets you create encrypted archives, which can be extracted with PGP at the other end or packaged as self-extracting archives. The resulting archive can also be signed and encrypted with either a passphrase or a recipient's key (if they have one). The whole PGP suite isn't needed for just creating password-protected and encrypted archives -- you can use many standalone compression apps to do that -- but the signing and key-usage features are generally not found elsewhere.

PGP Disk is the suite's whole-disk or virtual-volume encryption solution. Virtual volumes work a lot like TrueCrypt or FreeOTFE: the volume can be in any file, although with PGP the volume(s) in question can be encrypted (using AES, CAST5, or Twofish) with a user key as well as protected with a passphrase.

If you use whole-disk encryption, there's a couple of options you can select during the encryption process: maximum CPU utilization, to save time; and power-failure safety options to keep the system from getting trashed if the lights go out during the encryption process. Encrypted disks can use TPM hardware (if you have it), USB flash drives to store a keyfile, or some combination thereof. Another bonus feature included with PGP Disk is a data shredder tool, similar to the freeware Eraser product, which can erase files or simply scrub an existing disk's free space.

The NetShare feature (available in the PGP Desktop Storage and PGP Desktop Corporate editions) lets you share encrypted files on a portable drive or net-connected drive. All the decryption takes place at the user's end, so nothing sensitive is ever transmitted in the clear, and no special software is required on the file server. NetShare can also integrate with Active Directory for finer-grained management over who can access what. It's also possible to encrypt individual files outside of a designated protected folder, although this feature needs to be enabled separately (it's not on by default).