About changing your passphrase when you use PGP

If you use PGP Whole Disk Encryption (WDE) on Windows, follow these additional steps when changing your Network ID passphrase.

If you have any trouble with this process, contact your department's IT Professional for assistance. Your IT Professional can contact Support Center Tier 2 if further assistance is needed.

On this page:


Before changing your passphrase

  1. If needed, quit Microsoft Outlook and log out of Skype for Business/Lync.
  2. Turn off any other computers, tablet devices, and smartphones that connect to IU accounts or services.
  3. Before proceeding further, review What precautions should I take when changing my passphrase?

    Remain connected to IU Secure or SSL VPN if you are using either service.

Passphrase change while using your PGP WDE encrypted system

  1. If you are not on the IU network, make a connection to IU, using Ethernet, IU Secure, or SSL VPN, depending on your location.
  2. After changing your passphrase, wait 20 minutes for the change to propagate throughout the various IU systems. During this time, remain logged into your system and connected to the IU network. Do not open email or attempt to connect to other IU resources.
  3. If you were using SSL VPN, log out of the session, and then log in again using your new passphrase.
  4. Without restarting or logging out of Windows, lock your system from the Start Menu; then unlock it using your new passphrase. This ensures your Windows system is using your new passphrase.
  5. Open Symantec Endpoint Encryption (PGP). If you are prompted for a passphrase, try your previous passphrase first.
  6. Under "PGP Keys", select All Keys. Right-click the key that displays your name, and select Key Properties. The selected key should be the top level key, and not one of the individual keys that may appear under it.
  7. Near the top of the "Key Properties" window, select Change Passphrase.
  8. In the Passphrase Assistant, enter your previous passphrase in the passphrase box. At the next screen, enter your new passphrase in both boxes, and finish the process.
  9. Close the "Key Properties" window.
  10. In the "PGP Desktop" window, from the Tools menu, select Synchronize All Keys.
  11. Restart your system and use your new passphrase at the boot screen unlock. If your new passphrase does not work, try your previous one. If neither passphrase works, consult with your department's IT Professional for assistance.

Systems encrypted with PGP WDE but not used during passphrase change

If the system was running and connected to the IU network with Ethernet, IU Secure, or SSL VPN during your passphrase change, your new passphrase may be active for Windows login and for the PGP boot. If the system was not connected to the IU network, your previous passphrase should work for the PGP boot login and for Windows login. In the process below, use the appropriate passphrase.

  1. Restart or start up the system and login.
    Note:
    If you are on an IU campus and your PGP boot and Windows logins used your previous passphrase, your automatic IU Secure login will fail and can cause your IU account to be locked. In this situation, be sure to disconnect from IU Secure and manually change your IU Secure login credentials through the Control Panel or System Preferences.
  2. Once you log into your system, make a connection to the IU network. If you are on an IU campus, connect through IU Secure using your new passphrase. If you are off campus, make an SSL VPN connection using your new passphrase.
  3. Without restarting or logging out of Windows, lock your system from the Start menu, and then unlock it using your new passphrase. This ensures your Windows system is using your new passphrase.
  4. Open Symantec Endpoint Encryption (PGP). If you are prompted for a passphrase, try your previous passphrase first.
  5. Under "PGP Keys", select All Keys. Right-click the key that displays your name, and select Key Properties. The selected key should be the top level key and not one of the individual keys that may appear under it.
  6. Near the top of the "Key Properties" window, select Change Passphrase.
  7. In the Passphrase Assistant, enter your previous passphrase in the passphrase box. At the next screen, enter your new passphrase in both boxes and finish the process.
  8. Close the "Key Properties" window.
  9. In the "PGP Desktop" window, from the Tools menu, select Synchronize All Keys.
  10. Restart your system and use your new passphrase at the boot screen unlock. If your new passphrase does not work, try your previous one. If neither passphrase works, consult with your department's IT Professional for assistance.

This is document bckm in the Knowledge Base.
Last modified on 2017-05-16 12:12:27.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.