3. PGP Desktop Integration

The final feature of PGP Universal that I examined was the integration with the PGP Desktop product. PGP Desktop (Figure 7) is a stand-alone encryption application that allows an individual user to encrypt his or her own email or files without PGP Universal. But it is also available integrated into PGP Universal Series 500.

Figure 7: PGP Desktop
(Click image for more detail)

A wizard (Figure 8) walked me through the process of setting up PGP Desktop and generating keys for a user. A basic 2048-bit RSA key pair is generated by default after a passphrase is entered, but any aspect of this key (such as key length, type, ciphers, hashes, etc) can be changed with the click of the Advanced button.

Figure 8: PGP Desktop key generation
(Click image for more detail)

PGP Desktop provides a nice companion to PGP Universal since it puts control of encryption in the hands of the user. It can sync up with a PGP Universal server automatically and download encryption policies, or a user can define his or her own policies. It also allows users to encrypt files right from the desktop before transmitting them over the network .

Desktop also allows encryption for AOL Instant Messanger conversations. But this feature requires the user on the other end to also have PGP Desktop installed, and I didn't think it offered significant advantages over free encrypted IM solutions such as Off the Record and Trillian.

Possibly the most useful feature of PGP Desktop, next to its email encryption capabilities, is the ability to securely delete files. The PGP Shredder feature uses up to 28 passes of writing pseudo-random garbage characters and zeros over the data, protecting it from all but the most skilled recovery techniques.

Figure 8: PGP Shredder

While PGP Universal was designed for employees within the workplace, PGP Desktop seems designed more as a companion for employees on the road. Encrypting files from the desktop ensures that they will be secure even if a user connects from, say, an unsecured wireless access point. Whole-disk and folder encryption also allows mobile employees to keep data safe even if their laptop is stolen. While all this encryption may seem a bit over-the-top and only for the very paranoid, for organizational road warriors this level of protection can spell the difference between a sealed business deal and unsealed company information.