Drag to the Recipients list any keys for people you're authorising to decrypt the files. If the files are for your eyes only, leave your key on the list as is and click OK. The file will be coded, and its icon will now show a lock. Note that this does not erase the original unencrypted file, in case you'll be attaching the encrypted file to an e-mail but leaving the original in plaintext. If you store the file on disk, don't just delete it later; be sure to select Wipe Original during encryption wipe. The wipe process is secure because the data is completely overwritten and not left on the hard drive as it is in a simple delete process.
To decrypt an encrypted file, double-click the filename or icon and type in your passphrase. PGP will create an unencrypted copy and leave the coded original in place. For security reasons, wipe the copy rather than simply deleting it when you're finished. The easiest way to do this is to right-click the filename in Windows Explorer and choose PGP | Wipe
You can also wipe all free space on your media by clicking the PGPmail button Freespace Wipe. Overwriting free space prevents file remnants left on your drives from being recovered. When you click the button, a wizard opens and allows you to choose the drive to clean up and the number of times to overwrite the free space. Three times is the suggested minimum number of passes, but keep in mind that advanced forensic techniques allegedly can recover data wiped up to nine times.
Choose more wipes depending on your data's sensitivity and your paranoia level. PGP defines paranoia as follows:three passes, good for personal use; 10 passes, commercial; 18 passes, military; 26 passes, maximum security. Naturally, the more passes you choose, the longer the wipe takes to run. At high levels, take a break to read a novel or remodel your home. And be sure to turn off file sharing and close all applications accessing the volume or disk before running the wipe.
Remember to periodically overwrite your free space, since data is left there during normal disk activity. You can schedule Freespace Wipe to run automatically.
Creating a PGPdisk
What PGPmail can do for file and e-mail security, PGPdisk can do for hard drives and other writable media. PGPdisk creates a file that acts as a drive. When a PGPdisk is mounted, you can open, edit, save, and perform any other file functions just as you can with any disk with a drive letter. When a PGPdisk is unmounted, it is encrypted and therefore protected. Mounting an encrypted disk requires entering a passphrase.
Start PGPdisk by clicking on the PGP Tray icon and choosing PGPdisk | New Disk. This will launch a wizard. You'll be asked for a location and size for your disk, as shown in Figure H. Fill in the information and click Next.
| Figure H |
 |
| Configure your PGPdisk using this wizard. |
Click Advanced Options to choose the following:
- Drive letter (I use Z: for clarity.)
- Whether the drive should be a directory on an NTFS volume (available in Windows 2000 and XP)
- The encryption algorithm to use
- The type of file system (FAT or NTFS)
You can also choose whether to mount the disk automatically at startup. The next screen asks whether you prefer to use a public key or invent a new passphrase to encrypt the PGP drive. Choose your method and click Next. You'll either be prompted to enter a passphrase or choose a public key from your keyring. Either way, you'll be asked for a passphrase when mounting the drive, so remember which one you used. When you click Next, PGP encrypts and formats the drive, showing the program's progress. Click Next and then click Finish.
You can unmount the disk by right-clicking it in Windows Explorer and choosing PGP | Unmount. You can mount the disk by clicking the PGP Tray icon and choosing PGPdisk | Mount. Browse to the file location of the disk, click Open, and enter your passphrase.
More features
PGP Desktop contains many features not detailed here, such as the ability to create distribution groups of recipients, create self-extracting decryption files (it's still secure, requiring a passphrase to decrypt), work with smart cards and ICQ, and even to display decrypted text in a window secure from TEMPEST interceptions (even though some think the screen-image stealing threat is a myth).
PGP is a great option for security-conscious computer users. It contains an excellent user guide and introduction to cryptography. It is frank about its intentions and possible vulnerabilities. Zimmermann, the inventor of PGP, remains a technical advisor to the company, adding credibility to the program. By studying the user guide and properly configuring PGP, you'll be able to control your privacy with relative ease and a high degree of security.
TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to firewalls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.
©2003 TechRepublic, Inc.
16%
7%
