Windows Vista Support
PGP WDE now supports all 64-bit versions of Microsoft's Vista operating system.

Increased Authentication Options
Performs pre-boot authentication using smart cards such as the RSA SID800.

Trusted Platform Module (TPM) Support
Protects encryption keys against unauthorized access.

For (optional) use in a Centrally Managed Environment with PGP Universal Server:
Expanded Client Controls
Enable the organization to better meet security requirements by locking down which features are enabled, visible to the user, and enforced.

Enhanced Status Logging & Reporting
Tracks and reports on the state of protection in the organization to satisfy regulatory requirements and help prevent a data breach.

Rapid Deployment Process
Speeds deployment by automating the installation and configuration process.

Centrally Defined Folder Protection
Defines policy to protect files stored in specific directories, enforcing security without impacting user behavior.

Administration Role Delegation
Centrally controls which users can change permissions on protected folders.

PGP NetShare Command Line
Most PGP NetShare functions can now be scripted. This utility is documented in the PGP NetShare Command Line Programmer's Guide.

Full Disk Protection
PGP Whole Disk Encryption locks down the entire contents of a laptop, desktop, external drive, or USB flash drive, including boot sectors, system, and swap files. The encryption is transparent to the user, automatically protecting data while the system is in use, with no changes required to user behavior or workflow.

Persistent File Encryption on Network Servers
PGP NetShare extends file server access controls to include strong end-to-end encryption, allowing content owners or security administrators to specify access rights for specific groups or individuals. Authorized users save and share files on file servers and continue to use all applications as before. Content such as documents, spreadsheets, and presentations is automatically encrypted when saved to a PGP NetShare-protected folder.

Transparent to Users
Once PGP NetShare folders are created, users create, save and share documents as before. No change in user behavior or training is needed. Users simply click on a .doc, .xls, or .ppt file.

Support for All Common Document Formats
PGP NetShare supports all common digital formats-document, spreadsheet, presentation, Web, video, and audio-without modification.

Encryption that Follows the File
Files remain encrypted from the desktop, across the network, and when stored on the server. Encryption and access rights remain with files on the server, when downloaded or copied to local desktops, and when backed up or archived.

Multiple Ways to Share Data
Users can create storage-independent encrypted containers for transport and sharing of specific files using PGP Self-Decrypting Archive, PGP Virtual Disk, and PGP Zip.

• PGP Self-Decrypting Archives (SDAs) - Puts files and folders into an encrypted, compressed package that can be opened on a Windows system that does not have PGP Messaging or PGP Desktop installed. SDAs are the perfect solution for securely exchanging files with someone who does not have PGP software installed.
• PGP Virtual Disk volumes - Uses part of the hard drive space as an encrypted virtual disk volume with its own drive letter. A PGP Virtual Disk is the perfect place for storing sensitive files; it is as if they are stored in a safe. When the door of the safe is open (when the volume is mounted), files can be changed, taken out or moved into it. Otherwise (when the volume is unmounted), all the data on the volume is protected. PGP Virtual Disks are also self-expanding: they automatically grow to accommodate increases in data size, eliminating initial space allocation constraints.
• PGP Zip - Adds any combination of files and folders to an encrypted, compressed, portable archive. PGP Desktop must be installed on a system to create or open a PGP Zip archive. PGP Zip is a tool for securely archiving sensitive data, whether to distribute it to others or to back it up.

Secure File Deletion
PGP Shredder completely destroys files and folders so that even file recovery software cannot recover them. Deleting a file using the Windows Recycle Bin does not actually delete it; it sits on the drive and eventually gets overwritten. Until then, it is trivial for an attacker to recover that file. PGP Shredder, in contrast, immediately overwrites files multiple times. This is so effective that even sophisticated disk recovery software cannot recover these files. This feature also completely wipes free space on drives so that deleted data is truly unrecoverable.

Single Sign-on to Windows
Provides simplified login experience using existing Windows' password.

Partition-Based Encryption
Partition-based encryption enables PGP Whole Disk Encryption to encrypt only designated disk partitions, providing added compatibility for systems with multiple operating systems or existing recovery partitions.

For (optional use) in a Centrally Managed Environment with PGP Universal Server:
Centralized Management, Deployment, & Policy
Automate provisioning, user and key management, and policy enforcement across email, disk, and network file encryption using PGP Universal Server's management console. Role-based administrative access enables administrative separation of duties.

Event Logging
Comprehensive logs record all administrative operations for auditing and security best practices.

Directory Access Control Rights
PGP NetShare files and folders have associated access controls. Files are automatically encrypted according to policy, so only authorized users can open files. Unauthorized users who access these files see only ciphertext.

Assured Data Access
Patented PGP Additional Decryption Key (ADK) technology ensures corporate access to encrypted data (according to policy) in the event a key is lost or when required by regulatory mandates.

Role Separation
IT administrators can access PGP NetShare-protected files and folders for management and backup processes without requiring content viewing privileges. With PGP NetShare, personnel who are not explicitly given access rights cannot view documents, including offline copies.

Partition Encryption Deployment
Administrators in a PGP Universal-managed environment may now configure encryption of only the boot partition or only Windows partitions rather than always encrypting entire disks.

Domain Administrator Restart Bypass
Windows System and Administrator account(s) may now engage a mode to bypass WDE authentication on the next restart by utilizing the privileges of the administration account to act as the authenticated user. This feature enables administrators to perform remote software installations requiring a restart of the target computer. Use of this feature is logged to the PGP Universal server.

Supported Operating Systems

• Windows 7 (all 32-bit and 64-bit editions)
• Windows Vista (all 32-bit and 64-bit versions)
• Windows Server 2003 (SP1)*
• Windows XP (SP1 or SP2)
• Windows XP Tablet PC Edition 2005 (keyboard required)
• Windows 2000 (SP4)

* Full disk encryption functionality is not supported on Windows 2000 Server or 2003 Server.

Localization

• English
• German
• Japanese
• Spanish
• French

Authentication Options

• OpenPGP RFC 4880 keys
• X.509 keys

Messaging Security Standards

• PGP/MIME RFC 3156
• OpenPGP RFC 4880
• S/MIME v3 RFC 2633
• X.509 v3

Symmetric Key Algorithms

• AES (up to 256-bit keys)
• CAST
• TripleDES
• IDEA
• Twofish

Symmetric Key Algorithms - PGP Whole Disk Encryption

• AES 256-bit keys

Symmetric Key Algorithms - PGP NetShare

• AES 256-bit keys in EME mode

Hashes

• SHA-2 (up to 512-bit hashes)
• SHA-1
• MD5
• RIPEMD-160

Public Key Algorithms

• Diffie-Hellman
• DSA (1024-bit keys only)
• RSA (up to 4096-bit keys)

Centralized Management Requirements

• PGP Universal Server 2.7*

* PGP Universal Server requires a dedicated server.

Two-Factor Authentication

Supported USB Tokens - PGP NetShare, PGP Virtual Disk, & PGP Zip

PGP Desktop Storage recognizes and works with the following:

• DoD Common Access Cards (CACs) with the ActivCard Gold 2.0 profile
• Athena Smart Card Solutions smart cards, including the ASEKey USB token
• AET SafeSign smart cards, including ASEKey 1.0
• Axalto (formerly Schlumberger) smart cards, including the Cryptoflex 32K
• SafeNet smart cards, including iKey 2032
• Aladdin smart cards, including eToken PRO USB 16K, 32K, and 64K
• GemPlus smart cards, including SafesITe and GemXpresso Pro, using GemSafe Libraries 4.2.0-015 (Gold)

PGP Desktop Storage also recognizes and works with smart cards from other vendors if the vendor includes a standards-based PKCS-11 library in its software drivers.

Supported Pre-Boot Authentication Smart Cards & USB Tokens

The following smart card readers are supported for communicating to a smart card at pre-boot time. These readers can be used with any supported removable smart card (it is not necessary to use the same brand of smart card and reader). Any CCID smart card reader is supported. The following readers have been tested by PGP Corporation:

• OMNIKEY CardMan 3121 USB for desktop systems
• OMNIKEY CardMan 6121 USB for mobile systems
• ActivIdentity USB 2.0 reader
• CyberJack smart card readers
• Reiner SCT CyberJack pinpad
• ASE smart card readers
• Athena ASEDrive IIIe USB reader

PGP Whole Disk Encryption supports the following smart cards for pre-boot authentication:

• ActiveIdentity ActivClientCAC cards, both 2005 and 2002 models
• Aladdin eToken 64K, 2048-bit RSA-capable*
• Aladdin eToken PRO USB Key 32K, 2048-bit RSA-capable¹
• Aladdin eToken PRO without 2048-bit capability (older smart cards)¹
• Athena ASEKey Crypto USB Token for Microsoft ILM²
• Athena ASECard Crypto Smart Card for Microsoft ILM²
• EMC RSA SecurID SID800 Token³
• Charismathics CryptoIdentity plug 'n' crypt Smart Card only stick
• S-Trust StarCOS smart card⁴
• Rainbow iKey 3000

¹ Other Aladdin eTokens, such as tokens with flash, should work provided they are APDU compatible with the supported tokens. OEM versions of Aladdin eTokens, such as those issued by VeriSign, should work provided they are APDU compatible with the supported tokens.

² The Athena tokens are supported only for credential storage.

³ This token is supported only for credential storage. SecurID is not supported.

⁴ S-Trust SECCOS cards are not supported.

PGP Perpetual License
A PGP Perpetual License with PGP Support entitles the customer to use the designated PGP software indefinitely, plus receive all Upgrades and Updates to the licensed software during the valid PGP Support period. One year of PGP Bronze Support is included with the online purchase of a PGP Perpetual License.

PGP Bronze Support provides customers with access to PGP Support Engineers and the PGP Support Site. PGP Support Engineers are available through interactive chat, private forum, and credit card telephone support. PGP Support must be renewed annually.