Encryption Software - FAQ

Last Updated: 02/19/2016

General FAQ

Can I encrypt my smartphone, iPod or digital camera?

No. You should never encrypt devices that you use independently of your computer such as phones, iPods, or digital cameras. Encryption would make this kind of removable media inoperable.

Can I use PGP whole disk encryption to encrypt removable media such as external drives?

Yes, PGP does support encrypting removable media such as thumb drives or external hard drives. Please note that PGP must be installed on any computer that you wish to use with the removable media so that you can decrypt the data on it.

Can Mac OS 10 users use PGP Whole Disk Encryption?

Yes, PGP Whole Disk Encryption is compatible with OSX 10.4.10 and later on Intel based Macs.

Can Unix/Linux users use PGP Whole Disk Encryption?

No. PGP Whole Disk Encryption is available for Windows and Mac (Intel-based) operating systems only.

Does CU-Boulder offer encryption services?

Yes. Our campus offers PGP whole-disk encryption, which is strongly encouraged for all faculty laptops. Encryption is required for laptops and workstations that store private data such as grades or educational records.

How do I obtain the PGP software?

The IT Security Office will be contacting departments that are known to have stores of private data to help install PGP on laptops. Departments with OIT-provided desktop support will also be proactively contacted to install the software. You may also download and install the software yourself or contact the IT Service Center for help with this process (help@colorado.edu or 303-735-4357). Please note that admin access is required for installation of PGP.

I hear that using PGP involves passphrases. What are they and do I need to use them?

Similar to a password, a passphrase uses a sentence and a neumonic reminder that aids in creating and remembering strong passwords. PGP on a Mac uses passphrases to authenticate your identity. OIT recommends that PGP on Windows be synchronized to your Windows logon credentials instead of creating a passphrase. See step 14 in the Windows Installation, Configuration, and Encryption document.

Is PGP Whole Disk Encryption compatible with Windows 64-bit operating systems?

Yes, a 64-bit version of the client exists for Windows.

My PGP password is set up to synchronize with my Windows login, which is snapped into the AD. What happens when I change my IdentiKey password in Identity Manager?

After successfully changing your IdentiKey password in Identity Manager, your AD password is automatically synchronized. To synchronize this new password with PGP, follow these steps:

  1. Start your computer, and when prompted by the PGP login screen, enter your OLD password (or passphrase).
  2. The old password (or passphrase) will no be accepted by Windows and will fail. So now you must manually log into Windows with the new password you have just set in Identity Manager.
  3. Once you have successfully logged into Windows with the new password, PGP will automatically synchronize to it and function normally again the next time you restart your computer.
On what operating systems does PGP work?

PGP whole disk encryption is currently only available for Windows and Mac (Intel-based) operating systems; however, PGP is reportedly developing a Linux-compatible option.

Should I synchronize the PGP Boot Passphrase with my Windows login?

Yes. OIT highly recommends that faculty and staff with Windows laptops synchronize their PGP boot passphrase with their Windows login. See step 14 of PGP on Windows Installation, Configuration, and Encryption document.

What if I forget my passphrase?

In the event you forget your password or passphrase, a recovery token may be used to gain access to your machine. Please contact the IT Service Center (5-HELP) for assistance.

What is encryption?

At its essence, encryption is the transformation of information into a form that is only readable by those with particular knowledge or technology. In the case of computer encryption generally passwords, passphrases and/or keys are used to protect information at rest on a computer or sent by that computer.

What is whole disk encryption?

The encryption of a physical disk’s entire contents.

Why should I encrypt?

In the event your laptop is lost or stolen, encryption prevents anyone else from gaining access to your data. This is particularly important if your laptop contains student grades and other educational records. It should be noted that the storage of private data is addressed by university administrative policy and that private data such as grades and educational records should only be stored on workstations or portable devices when specifically needed for business purposes. If there is a business need to store other types of private data mentioned in the APS (Social Security numbers, healthcare records, etc.), please contact the IT Security Office for guidance on how to properly secure that data according to minimum security standards.

Can I get encryption enabled for my @Colorado.edu email?

The encryption software has an "opportunistic encryption" setting that allows the user to get encryption but this feature is not supported by our enterprise PGP offering.