ARCHIVED: Change your passphrase when you use PGP

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

On this page:


Overview

Note:

Symantec PGP Whole Disk Encryption (WDE) was retired from use at Indiana University on June 11, 2021. Several alternatives exist for most platforms; for example:

If you use PGP Whole Disk Encryption (WDE) on Windows, follow these additional steps when changing your Indiana University passphrase.

If you have any trouble with this process, contact your department's IT Pro for help. Your IT Pro can contact Support Center Tier 2 if further assistance is needed.

Before changing your passphrase

  1. If needed, quit Microsoft Outlook and log out of Skype for Business, but remain connected to the IU network.
  2. Turn off any other computers, tablet devices, and smartphones that connect to IU accounts or services.
  3. Before proceeding further, review Precautions when changing your passphrase.

Passphrase change while using your PGP WDE encrypted system

  1. If your system is not connected to the IU network, connect using Ethernet, wireless, or VPN, depending on your location.
  2. After changing your passphrase, wait 20 minutes for the change to propagate throughout the various IU systems. During this time, remain logged into your system and connected to the IU network, but do not open email or try to connect to other IU resources.
  3. If you are using the IU VPN, disconnect, and then reconnect using your new passphrase.
  4. Without restarting your system or logging out of Windows, lock your system from the Start menu, and then unlock it using your new passphrase. This ensures your Windows system is using your new passphrase.
  5. Open Symantec Endpoint Encryption (PGP). If you are prompted for a passphrase, try your previous passphrase first.
  6. Under "PGP Keys", select All Keys, right-click the key that displays your name, and then select Key Properties. The selected key should be the top-level key, not one of the individual keys that may appear under it.
  7. Near the top of the "Key Properties" window, select Change Passphrase.
  8. In the Passphrase Assistant, enter your previous passphrase in the passphrase box; on the next screen, enter your new passphrase in both boxes, finish the process, and then close the "Key Properties" window.
  9. In the "PGP Desktop" window, from the Tools menu, select Synchronize All Keys.
  10. Restart your system and use your new passphrase at the boot screen unlock. If your new passphrase does not work, try your previous one. If neither passphrase works, consult with your department's IT Pro for assistance.

Systems encrypted with PGP WDE but not used during passphrase change

If your system was running and connected to the IU network during your passphrase change, your new passphrase may be active for Windows login and for the PGP boot. If your system was not connected to the IU network, your previous passphrase should work for the Windows and PGP boot logins. In the process below, use the appropriate passphrase.

  1. Restart (or start up) your system, and then log in.
    Note:
    If you are on campus, and your Windows and PGP boot logins used your previous passphrase, your automatic wireless network login will fail and may cause your IU account to be locked. In this situation, make sure to disconnect from the wireless network, and then manually change your wireless login credentials through the Control Panel or System Preferences.
  2. Once you log into your system, connect to the IU network via Ethernet, wireless, or VPN, depending on your location. For wireless or VPN connections, log in using your new passphrase.
  3. Without restarting your system or logging out of Windows, lock your system from the Start menu, and then unlock it using your new passphrase. This ensures your Windows system is using your new passphrase.
  4. Open Symantec Endpoint Encryption (PGP). If you are prompted for a passphrase, try your previous passphrase first.
  5. Under "PGP Keys", select All Keys, right-click the key that displays your name, and then select Key Properties. The selected key should be the top-level key, not one of the individual keys that may appear under it.
  6. Near the top of the "Key Properties" window, select Change Passphrase.
  7. In the Passphrase Assistant, enter your previous passphrase in the passphrase box; on the next screen, enter your new passphrase in both boxes, finish the process, and then close the "Key Properties" window.
  8. In the "PGP Desktop" window, from the Tools menu, select Synchronize All Keys.
  9. Restart your system and use your new passphrase at the boot screen unlock. If your new passphrase does not work, try your previous one. If neither passphrase works, consult with your department's IT Pro for assistance.

This is document bckm in the Knowledge Base.
Last modified on 2021-09-07 17:13:27.