Securing Your Disks with PGP Whole Disk Encryption
I’ve been using various incarnations of PGP (Pretty Good Privacy) encryption software for almost as long as I’ve been a Mac user. I won’t go into PGP’s long and interesting history (for that, see this Wikipedia entry), but since 2002, commercial Mac versions of the software have been available exclusively from PGP Corporation. PGP is commonly used for encrypting email and chat, and the PGP Desktop software can also create encrypted disk images that offer capabilities unavailable with Apple’s Disk Utility.
In addition, for some time PGP Desktop has been capable of encrypting an entire disk or partition – but until recently, you could do this only for non-startup volumes. Now, however, with the release of PGP Whole Disk Encryption for Mac OS X (also included with version 9.9 of PGP Desktop Professional for Mac OS X – though not with PGP Desktop Home), that limitation has finally disappeared. It may sound like a fairly trivial change, but this is something I’ve been waiting for since the days of Mac OS 9, and in my opinion it’s a Pretty Big Deal (PBD). I’ve frankly been surprised that this new capability has
received so little attention, so allow me to do my small part to rectify that.
Why Encrypting a Startup Disk is Interesting — Suppose your Mac’s hard disk contains sensitive information of some sort – confidential business plans, personal financial records, secret love letters, or whatever. You could put all that information on an encrypted disk image, which is plenty secure but potentially awkward to use; you must be careful not to store any private information anywhere other than that disk image, and every time you want to mount it, you must enter your password. Or you could use Apple’s FileVault feature, which encrypts everything in your home folder (including your iTunes music, your iPhoto photos, and so on). That should cover most of the bases, but FileVault introduces some
complications when it comes to backups (in particular, it’s only partially compatible with Time Machine), and the way it stores information makes it potentially susceptible to large-scale data loss from random disk errors. In addition, FileVault must periodically perform time-consuming maintenance to free up disk space, and it doesn’t protect any data stored outside your home folder.
Speaking of backups, I always recommend creating bootable duplicates of your entire startup disk – and, for extra safety, I suggest making two or more copies and keeping one offsite at all times (for example, at a friend’s house). You should do this, of course, even if you have no need to encrypt your Mac’s internal hard disk. But if someone happened upon that offsite backup, there’d be nothing stopping them from reading everything on the disk. Even if you’d used encrypted disk images or FileVault to protect part of the disk’s data, some private information could still be at risk. Although lots of backup programs offer encryption, they invariably do so by wrapping up all the data from your disk in a special archive file or disk image,
preventing the disk from being bootable. So, until recently, the only way to get bootable duplicates that were also totally encrypted was to use one of the few, and expensive, hardware-encrypted enclosures, which require a physical key to unlock your data.
Now suppose you could encrypt every last byte of data on your startup disk – any startup disk, even an external FireWire or USB bootable duplicate – all at once, without fiddling with disk images or FileVault, without any backup caveats, without any intrusive rituals to interrupt your work, and without any performance penalties. As a matter of fact, you could do just this, years ago, with any of several classic Mac programs that encrypted entire disks at the driver level. (My personal favorite was a component of FWB’s Hard Disk Toolkit – may it rest in peace.) But for a variety of reasons, none of these utilities made the jump to Mac OS X. That means ten-year-old Macs (not to mention brand new Windows PCs) could do something that modern
Macs couldn’t do. But earlier this year, for the first time, that changed.
The first company to introduce whole-disk encryption for Mac OS X was Check Point, which released Check Point Full Disk Encryption in May 2008. I haven’t yet tried Check Point’s product, but then, it’s not marketed or sold to individual end users; it’s designed for large-scale deployment in businesses and requires non-trivial setup procedures to be performed by a system administrator. Luckily, PGP released its Whole Disk Encryption products just a few months later, and they’re readily available to ordinary folks like you and me.
Incidentally, both PGP Whole Disk Encryption and Check Point Full Disk Encryption can work their magic only on Intel-based Macs. To be more precise, PGP’s products can run on PowerPC- or Intel-based Macs, and can encrypt entire volumes on either variety of Mac, but encrypting a startup disk requires a Mac with an Intel processor.
How PGP Whole Disk Encryption Works — To encrypt a whole disk (whether a startup volume or not), you open PGP, select PGP Disk in the program’s sidebar, and click Encrypt a Disk. The program then walks you through a few brief steps, such as selecting a passphrase, and begins encrypting the disk in the background using the AES-256 encryption standard. The process takes some time, depending on the speed of your computer, the size of the disk to be encrypted, and how much other work you’re doing. In my case, it took about 10 hours to encrypt a 250 GB disk on a 2.4 GHz MacBook Pro, but I was keeping the machine extremely busy with other tasks at the time (installing Windows in a VMware Fusion virtual machine,
for example). I didn’t find that the encryption slowed me down unreasonably, but if I had, I could have clicked a Pause button and resumed the encryption at my convenience.
When you encrypt an entire disk, you can normally choose between a manually entered passphrase and a public key (which could, for example, let someone else decrypt the disk without your having to know their passphrase). With startup disks, you must always choose a passphrase, but after the disk is encrypted, you can grant access to more users, each of which may use either a passphrase or a public key. (To access a disk encrypted with a public key, someone would use their corresponding private key; see Wikipedia for more on how public-key cryptography works.) If the need arises, you can change the passphrase for any user after the fact without decrypting the disk; you can
also re-encrypt an already encrypted disk in much less time than it would take to start from scratch.
Once your disk is encrypted, nothing special happens until you shut down or restart your computer (or, for a non-startup disk, unmount the disk). When you attempt to start up your Mac, you initially see a special PGP BootGuard Screen, where you enter your passphrase. Once you’ve done so, startup continues normally. (If you mount a non-startup disk while your Mac is running, you see a simple alert dialog with a field to enter the passphrase.)
After you’ve unlocked your Mac with your passphrase, Whole Disk Encryption is normally invisible as you use your Mac. I did not perceive any performance slowdowns in day-to-day use (even with disk-intensive activities), and for all practical purposes, everything behaved exactly as it did before.
You can mount an encrypted disk on another computer – even a Windows computer – as long as it has the appropriate version of PGP Desktop or PGP Whole Disk Encryption installed. If you’ve encrypted an external FireWire or USB drive containing a bootable duplicate, you’ll be prompted to enter your passphrase on any Mac when you use it as a startup disk (since the disk itself contains the PGP software, it need not be installed separately on other computers). Note, though, that because Whole Disk Encryption works only on Intel-based Macs, you can’t use such a drive to start up a PowerPC-based Mac.
If you were to forget your passphrase, your data would ordinarily be gone forever: this is strong encryption, and tricks like using data recovery software will be of no use. However, if (and only if) you’re using PGP Whole Disk Encryption in a managed environment – meaning an administrator centrally deploys and configures the software – there is a fallback plan. Your system administrator can issue a one-time, per-device token that gives a particular user an opportunity to recover data from a single encrypted disk. (That means the administrator could also potentially get at your data, but that’s to be expected in managed settings.) Individual users have no such back-door option.
Qualifications and Gotchas — As convenient and transparent as Whole Disk Encryption is, it comes with some limitations I wasn’t expecting, and which gave me pause. These may or may not be issues for you, but it’s important to be aware of what this software can and can’t do.
First of all, although all the data on your disk is encrypted all the time, it’s freely accessible from the time you turn on your Mac and enter your passphrase on the BootGuard screen until you shut down (or restart) the computer. You can’t turn off access manually without shutting down or restarting. Crucially, Whole Disk Encryption does not disable access to your data when your computer goes to sleep or require entering your passphrase when it wakes up. So, suppose you’ve encrypted your MacBook’s hard disk, but you normally put the computer to sleep when you carry it around. (Like most owners of Mac laptops, I do this to eliminate wasted time waiting for the computer to restart whenever I want to use it.) Now, the unthinkable happens
and someone steals your computer. As long as the thief doesn’t shut it down or restart it, the disk’s encryption is useless – any data on it can be freely accessed directly, or over a network.
You can minimize the risk by choosing a strong login password and by making sure you must enter it when your Mac wakes from sleep (check Require Password to Wake This Computer from Sleep or Screen Saver in the General view of the Security pane of System Preferences), because in order to reset your password without knowing it, an attacker would have to restart your Mac. Still, this situation bugs me because Whole Disk Encryption seems most useful for laptops, and laptops seem most useful when you employ sleep mode rather than shutting them down after each use.
Second, Whole Disk Encryption for startup volumes isn’t compatible with Boot Camp, at least not in this release. If you install Whole Disk Encryption while a Boot Camp partition is present, you’ll see a warning message to the effect that you can still encrypt whole disks, just not your startup volume. If you use Boot Camp Assistant to remove your Boot Camp partition, you can then encrypt your startup disk. But you have to choose between Boot Camp and having your entire disk encrypted.
Third, if your disk requires repair or troubleshooting, you’re going to run into problems. For example, with an encrypted startup disk, you can’t perform a Safe Boot. Holding down the Shift key while restarting normally disables some potentially problematic software, such as third-party kernel extensions, but since Whole Disk Encryption relies on such an extension to provide access to your disk, this won’t work. Furthermore, you can’t use disk repair programs such as Disk Utility and DiskWarrior on an encrypted disk; if you have disk problems, or suspect you might, you must first decrypt the disk and then start up from another volume (say, your Leopard Install DVD) to run disk repair software. Unfortunately, the process of
decrypting a disk is quite time-consuming – for me, it took considerably longer than encrypting the disk in the first place. So you could be looking at a 24-hour period to decrypt, repair, and re-encrypt a disk – not fun.
I also encountered a couple of less-serious annoyances. The first time I restarted my computer after encrypting its disk and tried to enter my passphrase, I had a moment of panic that Whole Disk Encryption wouldn’t let me in. I had chosen a 32-character passphrase, and as I typed it, the cursor in the PGP BootGuard Screen moved incrementally across the passphrase field (though without displaying bullet or asterisk characters, as is often the case). After I typed the 21st character, the cursor was all the way to the end of the field and didn’t move any further as I typed the remaining characters, so I got no feedback that my input was being registered. It was, and everything was fine after I finished blindly typing the passphrase, but I
didn’t like the fact that feedback is registered for a maximum of 21 characters when passphrases can contain up to 255.
I had also set up Carbon Copy Cloner to duplicate my Mac’s hard drive to a network volume on a daily schedule, and the first time this backup ran after I encrypted my disk, it failed. Consulting the logs, and cross-referencing them with the support material on PGP’s Web site, I discovered that the problem was an invisible file called PGPWDE01, which PGP stores at the root level of any encrypted volume. This file can’t ordinarily be read or written by backup software, so you must exclude it manually if your backup software complains (some backup programs, like Time Machine, already ignore the file).
Recommendations — When I first heard about Whole Disk Encryption, I allowed my excitement to get ahead of reality, and I pictured a complete solution to all my encryption problems; I had the idea that this product, by itself, would eliminate the need for all the other sorts of file encryption I’d tried. As it turns out, although it solves a couple of problems brilliantly, it’s still just one piece of the puzzle. It does indeed provide virtually bulletproof data protection in cases where a computer is shut down when it falls into the wrong hands, at least if you’ve chosen a good passphrase and taken care to prevent anyone else from learning it. It also eliminates the need to encrypt virtual memory separately
(which you can otherwise do in the Security pane of System Preferences by checking Use Secure Virtual Memory), because that happens automatically. And it makes encrypted bootable duplicates incredibly easy to create.
Nevertheless, PGP recommends continuing to use multiple layers of protection, such as encrypted disk images (whether generated by PGP Desktop or otherwise) and FileVault, depending on your needs. Part of the reason is that PGP’s whole-disk protection doesn’t help when your computer is running or asleep; another part is that even if a determined or clever attacker could find a way to get past one layer of encryption, getting past multiple layers is much less likely. Keeping especially sensitive information on an obscurely named disk image also makes it at least a bit harder to find in the event that someone did obtain access to a still-unlocked encrypted volume.
Obtaining PGP Whole Disk Encryption — You can buy PGP Whole Disk Encryption as a stand-alone product, which costs $119 for what PGP calls a “perpetual” license – that is, a license that lets you use the version you purchased indefinitely, but which only provides free support and updates for one year. All the capabilities of Whole Disk Encryption are also built into PGP Desktop Professional (which includes encryption for email and chat, as well as support for creating encrypted disk images). Two kinds of licenses are available for PGP Desktop Professional – the perpetual license
for $199, and a subscription license, which costs $83 per year. With the subscription license, you can only use the software for as long as you have the subscription. If you haven’t renewed it within 90 days after its expiration, PGP automatically decrypts all your encrypted disks (after alerting you that it’s about to do so), which is a potential security risk. PGP Desktop Professional 9.9 is available in a 30-day trial version, a 30.1 MB download; no trial version of PGP Whole Disk Encryption alone is offered.