Mac OS X Pre-Boot Authentication support
PGP WDE now supports Mac OS X boot disks.

Transparent Operation
Once PGP Desktop Professional is deployed, its operation is completely transparent- users simply continue to work as usual. The software automatically encrypts and decrypts data on-the-fly, ensuring data Disk, Volume, and File Protection.

Hard Drive Encryption
PGP Desktop Professional includes PGP® Whole Disk Encryption, which locks down the entire contents of a laptop, desktop, external drive, or USB flash drive, including boot sectors, system, and swap files.

Powerful, End-to-End Email Encryption
PGP® Desktop Email delivers all the encryption functionality necessary for protecting an organization's email communications in a single, easy-to-use and easy-to-manage solution. It enables organizations to automatically secure email communications from the sender's email client to the recipient's-and at all points in between-using centrally defined, policy-based encryption.

Multiple Ways to Share Data Users can create storage-independent encrypted containers for transport and sharing of specific files using PGP Self-Decrypting Archive, PGP Virtual Disk, and PGP Zip.

• PGP Self-Decrypting Archives (SDAs) - Puts files and folders into an encrypted, compressed package that can be opened on a Windows system that does not have PGP Messaging or PGP Desktop installed. SDAs are the perfect solution for securely exchanging files with someone who does not have PGP software installed.
• PGP Virtual Disk volumes - Uses part of the hard drive space as an encrypted virtual disk volume with its own drive letter. A PGP Virtual Disk is the perfect place for storing sensitive files; it is as if they are stored in a safe. When the door of the safe is open (when the volume is mounted), files can be changed, taken out or moved into it. Otherwise (when the volume is unmounted), all the data on the volume is protected. PGP Virtual Disks are also self-expanding: they automatically grow to accommodate increases in data size, eliminating initial space allocation constraints.
• PGP Zip - Adds any combination of files and folders to an encrypted, compressed, portable archive. PGP Desktop must be installed on a system to create or open a PGP Zip archive. PGP Zip is a tool for securely archiving sensitive data, whether to distribute it to others or to back it up.

Secure File Deletion
PGP Shredder completely destroys files and folders so that even file recovery software cannot recover them. Deleting a file using the Windows Recycle Bin does not actually delete it; it sits on the drive and eventually gets overwritten. Until then, it is trivial for an attacker to recover that file. PGP Shredder, in contrast, immediately overwrites files multiple times. This is so effective that even sophisticated disk recovery software cannot recover these files. This feature also completely wipes free space on drives so that deleted data is truly unrecoverable.

Single Sign-on to Windows
Provides simplified login experience using existing Windows' password.

For (optional use) in a Centrally Managed Environment with PGP Universal Server:
Centralized Management, Deployment, & Policy
Automate provisioning, user and key management, and policy enforcement across email, disk, removable media, and network file encryption using PGP Universal Server's Web-based management console. Role-based administrative access enables administrative separation of duties.

Event Logging
Comprehensive logs record all administrative operations for auditing and security best practices.

Recovery Passphrase
Automatic generation and central storage of unique one-time-use recovery passphrase enables remote assistance. Automatically resets the recovery passphrase after each use, reducing administrative overhead.

Policy-Driven Encryption of Removable Media
PGP Whole Disk Encryption users managed by PGP Universal Server automatically apply encryption of removable media according to policy, ensuring consistent data protection for these easily lost devices.

Partition Encryption Deployment
Administrators in a PGP Universal-managed environment may now configure encryption of only the boot partition or only Windows partitions rather than always encrypting entire disks.

Domain Administrator Restart Bypass
Windows System and Administrator account(s) may now engage a mode to bypass WDE authentication on the next restart by utilizing the privileges of the administration account to act as the authenticated user. This feature enables administrators to perform remote software installations requiring a restart of the target computer. Use of this feature is logged to the PGP Universal Server.

Supported Operating Systems

• Windows Vista (all 32-bit and 64-bit versions including Service Pack 1)
• Windows XP Professional 32-bit (Service Pack 1,2 and 3)
• Windows XP Professional 64-bit (Service Pack 1 and 2)
• Windows XP Tablet PC Edition 2005 (attached keyboard required)
• Windows 2000 Professional (Service Pack 4)
• Windows 2003 Server (Service Pack 1)*

* Full disk encryption functionality is not supported on Windows 2000 Server or Windows 2003 Server.

Localization

• English
• German
• Japanese

Authentication Options

• OpenPGP RFC 4880 keys
• X.509 certificates

Messaging Protocols

• POP3
• IMAP
• SMTP
• MAPI
• Lotus Notes

Messaging  Security Standards

• PGP/MIME RFC 3156
• OpenPGP RFC 4880
• S/MIME v3 RFC 2633
• X.509 v3

Supported Email Clients

• Microsoft Outlook 2007 SP1 (Outlook 12)
• Microsoft Outlook 2003 SP3
• Microsoft Outlook XP SP3
• Microsoft Outlook 2000 SP3
• Microsoft Windows Mail 6.0.6000.16386
• Microsoft Outlook Express 6
• Mozilla Thunderbird 2.0
• Lotus Notes 6.5.6, 7.0.3, and 8.0.1
• Novell GroupWise 6.5

Supported IM Clients

• AOL AIM 5.9.x
• AOL AIM 6.5.5 and earlier
• Trillian 3.1 (Basic and Pro)

Symmetric Key Algorithms

• AES (up to 256-bit keys)
• CAST
• TripleDES
• IDEA
• Twofish

Symmetric Key Algorithms - PGP Whole Disk Encryption

• AES 256-bit keys

Hashes

• SHA-2 (up to 512-bit hashes)
• SHA-1
• MD5
• RIPEMD-160

Public Key Algorithms

• Diffie-Hellman
• DSA (1024-bit keys only)
• RSA (up to 4096-bit keys)

Centralized Management Requirements

• PGP Universal Server*

* PGP Universal Server requires a dedicated server.

Two-Factor Authentication

Supported USB Tokens - PGP Desktop Email, PGP Virtual Disk, & PGP Zip

PGP Desktop Professional recognizes and works with the following:

• DoD Common Access Cards (CACs) with the ActivCard Gold 2.0 profile
• Athena Smart Card Solutions smart cards, including the ASEKey USB token
• AET SafeSign smart cards, including ASEKey 1.0
• Axalto (formerly Schlumberger) smart cards, including the Cryptoflex 32K
• SafeNet smart cards, including iKey 2032
• Aladdin smart cards, including eToken PRO USB 16K, 32K, and 64K
• GemPlus smart cards, including SafesITe and GemXpresso Pro, using GemSafe Libraries 4.2.0-015 (Gold)

PGP Desktop Professional also recognizes and works with smart cards from other vendors if the vendor includes a standards-based PKCS-11 library in its software drivers.

Supported Pre-Boot Authentication Smart Cards & USB Tokens

The following smart card readers are supported for communicating to a smart card at pre-boot time. These readers can be used with any supported removable smart card (it is not necessary to use the same brand of smart card and reader). Any CCID smart card reader is supported. The following readers have been tested by PGP Corporation:

• OMNIKEY CardMan 3121 USB for desktop systems
• OMNIKEY CardMan 6121 USB for mobile systems
• ActivIdentity USB 2.0 reader
• CyberJack smart card readers
• Reiner SCT CyberJack pinpad
• ASE smart card readers
• Athena ASEDrive IIIe USB reader

PGP Whole Disk Encryption supports the following smart cards for pre-boot authentication:

• ActiveIdentity ActivClientCAC cards, both 2005 and 2002 models.
• Aladdin eToken 64K, 2048-bit RSA-capable¹
• Aladdin eToken PRO USB Key 32K, 2048-bit RSA-capable¹
• Aladdin eToken PRO without 2048-bit capability (older smart cards)¹
• Athena ASEKey Crypto USB Token for Microsoft ILM²
• Athena ASECard Crypto Smart Card for Microsoft ILM²
• EMC RSA SecurID SID800 Token³
• Charismathics CryptoIdentity plug 'n' crypt Smart Card only stick
• S-Trust StarCOS smart card⁴
• Rainbow iKey 3000

¹ Other Aladdin eTokens, such as tokens with flash, should work provided they are APDU compatible with the supported tokens. OEM versions of Aladdin eTokens, such as those issued by VeriSign, should work provided they are APDU compatible with the supported tokens.

² The Athena tokens are supported only for credential storage.

³ This token is supported only for credential storage. SecurID is not supported.

⁴ S-Trust SECCOS cards are not supported.

PGP Perpetual License
A PGP Perpetual License with PGP Maintenance entitles the customer to use the designated PGP software indefinitely, plus receive all Upgrades and Updates to the licensed software during the valid PGP Maintenance period; PGP Maintenance must be renewed annually. One year of Basic Maintenance is included with the purchase of a PGP Perpetual License. Currently, the annual cost of renewing PGP Basic Maintenance is approximately 18-25% of the Perpetual License cost.

PGP Subscription License
A PGP Subscription License entitles the customer to use the designated PGP software during the subscription period designated on the order, typically 1 year. Customers choosing Subscription Licenses receive the current version of PGP software and all Upgrades and Updates to the licensed software during the subscription period.