MegaSack DRAW - This year's winner is user - rgwb
We will be in touch
Work have given us PGP encryption for partitions or disks. What I want is to split the drive in half and have two partitions - the main drive encrypted via PGP, and the other drive dedicated to holding a system image, so I can easily restore.
Now - if I use PGP to encrypt the second partition, that's going to cause problems if I want to restore, isn't it? How would I get the Windows recovery USB to decrypt a PGP drive?
Are there any other ways to encrypt the system image that will allow Windows recovery to use it? I could have both a PGP decrypt USB and a Windows recovery one but decrypting the drive takes frigging hours.
Truecrypt.
Even though the site says obselete thats incorrect.bluff.
GIBSON reasearch has proved its still good.
https://www.grc.com/misc/truecrypt/truecrypt.htm
I'd take Steve Gibson with a council gritter's worth of salt, but Truecrypt is very good.
However, I think what you need here is Bitlocker.
This is W7 Professional, so I don't think I can use bitlocker...?
I can't see a way round this. Even if you left the Windows recovery partition unencrypted. In all probability you would be wanting the recovery because Windows was not booting and therefore you would be unable to access the PGP desktop, so a PGP recovery disk would be the only way to get access to that partition. Unless you left the system and recovery partitions unencrypted and only encrypted a data partition.
At least not encrypting the windows recovery partition would reduce decrypt time.
I'm not talking about the recovery partition - I'm talking about the partition where the image is stored.
Whatever software you use, there will need to be a set of private keys that unlock the encrypted partition. Learning how the software you decide to use works and knowing you need to be able to keep and restore these keys to access the encrypted data is what matters.
If you have only a partition encrypted, then the OS can be easily replaced but you will need to put the keys back in place before you can access your data partition, that’s all.
The only caveat with not encrypting the OS disk is that it likely uses a swap file and lots of temporary files that will not be encrypted but will still likely be storing lots of lovely data. You need to think through whether that’s acceptable.
I use an encrypted disk all the time, though it is on Mac OS X so not useable by you, and the private key is stored in the non-volatile RAM of the EFI, along with a special encryption identity chip on the motherboard. How Windows encryption software achieves the storage of keys outside the encrypted disk, I have no idea.
Rachel
The idea was to store the system image on an *unencrypted* disk, but in some kind of encrypted form.. that Windows recovery would understand or at least allow the decryption thereof.
Any reason you have to have your image locally? If the HDD goes breasts uppermost you'll lose both the running OS and your restore image.
I could - but still doesn't help much.
I have a hardware encrypted portable drive I could use, but I wanted to leave that at home with backups on it, since if I carry it and the computer around in the same bag I'm vulnerable to bag loss.
I could then leave the image at home, but if my OS cocks up when I'm out and about I won't be able to access it.
Maybe I could carry the portable and then find some other way of storing it at home.
Linux pendrive? Then you've at least got [i]something[/i] as an OS in the field if the HDD dies?
Well for that matter a bootable Linux on the other drive... That would get around the issue I had when the Linux update wiped out the pgp MBR...
Truecrypt. Does what you ask.
Another vote for TrueCrypt. We've been using it for a good while at work with no problems.