This article originally appeared in TidBITS on 2010-05-14 at 6:14 a.m.
The permanent URL for this article is:
Include images: Off

PGP Whole Disk Encryption and PGP Desktop Professional 10.0

by Joe Kissell

About a year and a half ago, I reviewed the initial release of PGP Whole Disk Encryption (WDE) for Mac (see "Securing Your Disk with PGP Whole Disk Encryption [1]," 31 October 2008). At the time, this security software was notable for being among the first products that could encrypt an entire startup volume on an Intel-based Mac.

When WDE appeared on the scene, it already faced competition from Check Point Full Disk Encryption [2], and soon thereafter was joined by a Mac version of WinMagic SecureDoc [3]. However, both of these other products were at that time marketed solely to the enterprise market, whereas WDE was also readily available to ordinary end users. (Individuals can now buy WinMagic SecureDoc online, a welcome change; Check Point Full Disk Encryption is still targeted only at large organizations.) So, for about a year, WDE was the most logical choice for individual Mac users wanting to encrypt a startup disk.

Unfortunately, WDE was incompatible with Mac OS X 10.6 Snow Leopard when it first appeared in August 2009, and the fact that PGP hadn't warned its customers about this issue prior to Snow Leopard's release caused a certain amount of consternation. The company was appropriately apologetic for this misstep, although an updated version didn't appear until January 2010 - meaning that for more than four months, PGP customers had to choose between upgrading to Snow Leopard and keeping their disks encrypted. Since my work for TidBITS and Take Control obligated me to be an early adopter of Snow Leopard, I was among those who had to forgo an encrypted boot drive for a while.

Happily, those dark days are behind me, and I'm now once again using WDE. Although Snow Leopard compatibility was the big news in version 10.0, quite a few other changes occurred too. Now that I've spent some time with the latest version (10.0.2 as I write this), I want to share some observations and advice that may be useful to anyone else flirting with the idea of encrypting their primary hard disk.

First, a small clarification: PGP's Whole Disk Encryption is available both as a stand-alone product [4] ($149) and as part of PGP Desktop Professional [5] ($239), which also offers encryption for email, instant messaging, and disk images, among other features. Although the rest of PGP Desktop Pro for Mac hasn't changed dramatically since version 9.9 (see the complete release notes [6], in PDF form, on PGP's Web site), I do comment on some of its features a bit later.

WDE Basics -- In my initial review I went into some detail about why encrypting an entire startup volume is interesting, but for me, two main reasons stick out. First, convenience: whole-disk encryption is more flexible and reliable than using FileVault, while being less cumbersome than using encrypted disk images. And second, I can use it to make a fully encrypted bootable duplicate. That means I can carry my duplicate with me or store it offsite without having to worry that someone will steal or find my backup and be able to read all my files - but I can still boot from the drive if I need to.

Setup is simple. After you install WDE and restart, turning on encryption is a matter of a few clicks - open the application, select your volume, enter and confirm a passphrase, and then let it run. I tested version 10.0 on a slightly faster Mac than I used with version 9.9, so I expected to see only a minor speed improvement. But WDE 10.0 took only about 13 hours to encrypt a 500 GB disk, compared to the 10 hours version 9.9 took to encrypt a mere 250 GB. I found that speed improvement quite impressive. By the way, you can continue to use your Mac while encryption takes place in the background, and you can also pause and resume encryption if the need arises. As previously, once the disk was fully encrypted, my Mac didn't seem any less responsive in ordinary use than it did without encryption.

Because WDE encrypts every file on your disk, it has to add an authentication screen (called PGP BootGuard), which appears immediately when you turn on or restart your Mac - before Mac OS X itself has loaded. In my review of version 9.9, I complained that this screen fails to show feedback for passwords over 21 characters in length, leading users to worry that longer passwords weren't being accepted. This problem still exists, which I find rather astonishing since the company knew about it and a fix should have been easy. On the bright side, you can now press the Tab key to see your entire passphrase as you type it - this provides reassurance, although it also reduces security in public or shared environments. Another welcome change is that you can now choose from among half a dozen international keyboard layouts, a big plus for people unaccustomed to the U.S. English layout.

After you get past the BootGuard screen, PGP WDE is basically invisible. But it's important to keep in mind that whole-disk encryption is only for data "at rest," as industry lingo has it. That is, once you've entered your passphrase and booted your Mac, it behaves as though the data isn't encrypted - anyone with physical or network access to your Mac can access all its files exactly as they could on an unencrypted disk. Merely locking the screen or putting your Mac to sleep does nothing; you must shut down or restart the computer to protect your data. Once you've done so, your disk is effectively impenetrable without your passphrase, assuming you've chosen a good one. (If you don't know what constitutes a good passphrase, I can recommend a good book [7].)

With version 9.9, if you wanted to use software such as Carbon Copy Cloner to duplicate an encrypted volume, you first had to deselect the invisible files PGPWDE01 and PGPWDE02 at the root level of your disk manually; failing to do so would result in error messages and failed backups. This problem no longer exists - I successfully used Carbon Copy Cloner to duplicate an entire encrypted volume, and then started up from the duplicate, even though the files PGPWDE01 and PGPWDE02 were present. However, since WDE, Carbon Copy Cloner, and Mac OS X have all changed since I last tested this procedure, I don't know which one was responsible for resolving the problem.

Boot Camp Support -- Another of my criticisms of WDE version 9.9 was its incompatibility with Boot Camp, but PGP claimed to have fixed that in version 10 and I was eager to try it out. In fact, I was a bit too eager - I didn't bother to read the instructions first, which turned out to be a serious mistake. My test Mac didn't already have a Boot Camp partition, and I figured I'd simply install PGP, encrypt the disk, and then set up Boot Camp later. But when I tried to do so, Boot Camp Assistant informed me that my disk couldn't be used. When I checked PGP's documentation, I discovered that you have to set up Boot Camp first and then install PGP. Ah.

So I had to decrypt my disk (another 13 hours), uninstall PGP completely, and restart. But even then, Boot Camp Assistant refused to partition my disk, with a different error message that said, "The disk cannot be partitioned because some files cannot be moved," and invited me to back up, reformat, and restore my disk before trying again. I can only assume the PGP installer made some low-level changes to the disk that weren't undone by the uninstaller. So I spent several additional hours cloning, reformatting, and restoring the disk; then I ran Boot Camp Assistant again, installed Windows 7, installed PGP WDE under Windows and then under Mac OS X (as I was instructed to do in a PGP support document referenced in the online help), and finally repeated the 13-hour encryption of my disk. Whew!

After all that time and effort, I confirmed that WDE does indeed work with Boot Camp. Mostly. That is, my Mac lets me boot into either operating system; whichever one I use, I'm prompted for my PGP passphrase, after which I can log in and freely access all my files just as I normally would. However, there are a couple of gotchas. First, if I ever decide to remove my Boot Camp partition, I must first decrypt my disk (and later re-encrypt it), because Boot Camp Assistant won't work properly on an encrypted disk.

And second, switching between operating systems isn't as easy as it should be. When I'm running Mac OS X, I can open the Startup Disk pane of System Preferences, select my Windows volume, and click Restart; but when I'm running Windows, the analogous procedure doesn't work - although I can select my Mac volume as the startup disk in the Boot Camp control panel, that setting doesn't stick. I have to restart, hold down the Option key, and select my Mac volume on the Startup Manager screen. And, if I want to remain in Mac OS X after subsequent restarts, I must either manually change my startup disk back to the Mac volume in System Preferences or hold down the Option key again during each boot.

All this makes me feel slightly uneasy running Boot Camp and PGP WDE together, and reinforces my preference for using virtualization software such as VMware Fusion or Parallels Desktop, instead of Boot Camp, when the need to run Windows arises. But if you do decide to use both, remember to set up Boot Camp before letting PGP WDE anywhere near your disk - and read all the instructions carefully!

Less-Pretty Things -- A few other irritations I'd pointed out in version 9.9 are still present in 10.0, alas. With your startup disk encrypted, you can't perform a Safe Boot (holding down the Shift key while restarting to disable third-party kernel extensions and certain other software that may cause startup problems). And if your disk develops errors, you'll have to decrypt it before running a disk-repair application (such as Disk Utility or DiskWarrior) unless the startup volume containing that software also has WDE installed.

There were also some new annoyances. I was surprised to read in WDE's release notes that it's incompatible with Fast User Switching - a limitation that wasn't present in (or at least wasn't mentioned in the release notes for) version 9.9. When I asked about this limitation, a PGP representative replied as follows:

The incompatibility most often occurs when a disk is in the process of being encrypted (or paused while encrypting). During encryption, the UI and PGP Engine are polling the disk driver to find out the current status of the disk. Access to the driver is done using a launchd process that runs as root. There is only one launchd process.

When there are two PGP Engine applications running (by way of Fast User Switching), then both applications are polling the disk and both are accessing the launchd process. Due to the architecture of the launchd process access, the application thinks there is a problem and tries to fix the problem by self-healing and reinstalling the launchd process. This causes an authentication dialog because the installation process requires admin access. This happens over and over again. Annoying either or both users.

After a disk has been encrypted, this is not usually a problem as access to the launchd process is not as active.

In other words, it's not so much that WDE is incompatible with Fast User Switching as that the initial encryption process is.

Another odd item in the release notes was this: "The Mac mini does not have boot time support for the new thin aluminum Apple keyboards." A PGP rep told me this applies only to wireless keyboards - the wired aluminum keyboards should work just fine. I didn't test this, but Mac mini users who want to use WDE should consider having a wired keyboard on hand just in case.

I should also mention that PGP's recommended best practice when upgrading to a new version of Mac OS X is to decrypt the disk first, then upgrade, then re-encrypt. If you take this advice, upgrading could easily grow from a 30-minute process to a two-day process; on the other hand, if you ignore the advice and your Mac won't boot afterward, you'll be looking at spending at least a few hours restoring your Mac's disk from the bootable duplicate you wisely made just before upgrading. Either way, upgrades could take longer.

Getting the Message -- The other parts of PGP Desktop Professional look and act pretty much the way they did in previous versions, but I wanted to point out two interesting things about PGP Messaging, which lets you encrypt and decrypt email.

First, PGP Desktop Professional includes a new application called PGP Viewer, which lets you view encrypted email messages that you've already downloaded (or that you received in an email client that's not directly compatible with PGP). Ordinarily, PGP Messaging functions as a proxy server, intercepting both incoming and outgoing email messages between your email client and the mail server and transparently encrypting or decrypting them according to a user-defined policy. This scheme is easy to use, but if someone were to send you a message when PGP is turned off or uninstalled, you'd get an unreadable attachment. PGP Viewer opens such attachments and other PGP-encrypted messages that are on your disk but didn't come through a PGP-mediated mail stream.

I first noticed PGP Viewer when I sent myself an encrypted test message and, despite the fact that PGP Messaging was active, the message came through as an attachment. (I then simply clicked the attachment, and it opened in PGP Viewer, which decrypted it automatically.) The reason was that I'd changed a hidden setting to force Mail to display the plain-text version of all incoming messages. When I reset Mail's behavior to its default, newly decrypted messages began appearing inline.

The second interesting thing is that even though both Mail and Entourage support Microsoft Exchange accounts, PGP doesn't. It does work with accounts on Exchange servers that are accessed (in either email application) via IMAP, but if you use the default configuration in either Mail or Entourage, which relies instead on Exchange Web Services (EWS), PGP is unable to serve as a proxy for incoming and outgoing mail. This is apparently because EWS uses port 80, the default port for Web access. Although many people with Exchange accounts can switch to IMAP instead with no significant loss of functionality, not everyone can.

I didn't set out to review PGP Messaging in detail, but I would like to mention one important tip for new users. The default configuration for any email account you set up includes something called opportunistic encryption. This means whenever you send mail, PGP checks the company's global keyserver to see if any of the recipients have public keys stored there, and if so, it automatically encrypts the messages to those people. The assumption is that only people who have installed PGP would have public keys on the keyserver, so they must therefore be able to decrypt encrypted messages. However, users may read their messages on a device (such as an iPhone or iPad) that doesn't support PGP; they can also uninstall or deactivate PGP without removing their keys from the server. If any of these things happens, they'll be unable to read your messages.

I was reminded of this when, during my testing, I happened to send Glenn Fleishman an email message, which was duly encrypted because Glenn's public key was on the server, but couldn't be read because Glenn wasn't using PGP on the device with which he was reading his mail. So my suggestion is to select each account and deselect the Opportunistic Encryption checkbox; you can then use any of several other methods to encrypt messages on demand.

Conclusions -- PGP Whole Disk Encryption 10.0 is a distinct improvement over version 9.9. It now works under Snow Leopard, has at least some support for Boot Camp, and removes a few limitations and annoyances. It's not an earth-shattering upgrade, and not without some irritating quirks, but it's still the easiest way for a Mac user to protect the entire contents of a hard disk.

As for PGP Desktop Professional, it combines WDE with an elegant way to encrypt email and instant messaging, assuming the people you're corresponding with also use a PGP-compatible product. But if $239 seems like too great a price to pay for encrypted email, it's possible to get that capability for free with Apple Mail, a personal certificate, and a bit of extra effort, as I explain in "Take Control of Apple Mail in Snow Leopard [8]."