Nicholas Schmidt

Nicholas Schmidt

Dad, CTO, and lover of all things 1's and 0's.

PGP for Mac Whole Disk Encryption Review

2 minute read

Wanted to share a quick “how does it work” about PGP WDE for Mac.

http://www.pgp.com/mac/

This is the only solution that does pre-boot and true WDE for the Mac. The software is 189 for a yearly license or 239 for perpetual. The software itself is very “apple-ish” with great wizards and walk through for those not familiar with key based authentication and encryption. Some of the features are:

  • WDE for Intel based Mac running 10.4/10.5, no SL due to the 64bit kernel from the debug trace on my Mac Pro :)

  • Encryption integrates with Apple Mail or Entourage through scripts for PGP authentication on messages

  • Integrates into iChat for encrypted chat – HORRIBLE compared to OTR and Adium IMO

  • Encrypted ZIP – not winzip compatible

  • Encrypted virtual volumes – think truecrypt

  • Secure Wipe – Secure Empty Trash on a Mac doesn’t comply with NISPOM standards last time I checked. They include a Finder integrated tool that works against those standards. Much quicker too than secure erase on standard macs.

Now for QA:

  • Why did you buy it?

  • 2 main reasons are work and security. FileVault is a great tool, but due to the sparse volume approach it shares some technical limitations and issues that I am not willing to accept. Let alone the bugs that refuse to allow default settings within the OS saved for 10.5. In addition with WDE I can perform time machine backups to my WDE firewire drive for total protection

  • What is the performance hit?

  • Once the drive is encrypted it is little to no impact. If you have done cryptfs in Linux, the impact is about the same. Compared to the windows Boeing image the performance is phenomenal. Notice though I said once it was encrypted. My MacBook Pro with a 500GiB drive is still going. Screenshot attached to share my sadness at the speed.

  • How well does it integrate?

  • Very nicely! There is a little icon bar that sits up top near the airport indicator informing you of messages encryption and other status. It is not GROWL integrate (NIH) so that is a little annoying, but the interface overall feels like a full mac product

  • Would you buy again?

  • Since WinMagic STILL has not put SecureDoc out for Mac or Linux this is your only choice right now. I am a little peeved that the product is not FIPS 140-2lvl2 in this day and age, but the encryption suffices. I will say that having used both PGP and SecureDoc, PGP is what I would give to Mom for use.

  • What about Bootcamp?
  • Nope – bootcamp does not work with this product. I know that on the MacPro it wiped out my dual boot gentoo build in one swoop. That was using the EFI based boot (rEFIt), so I am not sure what PBA system they are using. Use Vmware or VirtualBox :)

Updated: