Encryption Automation Overview & Lab

Encryption Automation – Overview & Lab

Matt Dawdy Senior Principal Field Enablement Manager

Encryption Automation – Overview & Lab 1

SYMANTEC VISION 2013

Agenda

Encryption Automation – Overview & Lab 2

What You Need To Know 1

Introduction To Command Line 2

Command Line Operation 3


What You Need to Know – Skill sets required to operate PGP Command Line

3 Encryption Automation – Overview & Lab

SYMANTEC VISION 2013 4 Encryption Automation – Overview & Lab

Alice Bob

Public key Matching Private key

File transfer


Introduction to Command Line Operation – Command Line installation, system requirements, important directories, files, and services



What Is PGP Command Line?

• An application that can automate cryptography

– Use local and keyserver-based keys

– Creates keys

– Encryption and decryption

– Digital signatures

– Secure file deletion



Command Line – Common Use Cases

Data Distribution

File Transfer

Data Backup

> pgp –es dbdump.sql – r admin@company_a.com

dbdump.sql:encrypt (0:output file dbdump.sql.pgp)



Command Line - In Action

Human Resources

Protect Personal Identifiable Information (PII) by encrypting files being transferred to another

location.

Legal

Enable the end-to-end secure transfer of intellectual property, and proprietary and client

confidential information to third parties.

Healthcare

Secure Personal Health Information (PHI) of patient records, images and related files

transferred to partner organizations.



• Execute an installer package and follow the prompts

• Windows:

– %PROGRAMFILES%\PGP Corporation\PGP Command Line

• Mac OS X:

– /usr/bin

• All other platforms:

– /opt/pgp/bin

Installation



• Windows

• HP-UX 11i and above

• IBM AIX 5.3 and 6.1 PowerPC

• Red Hat Enterprise Linux 5.4, 5.5, 6.0, 6.2

• SUSE Linux Enterprise Server 10 and 11

• Solaris 9 and 10

• Apple Mac OS X 10.5.x and Mac OS X 10.6.x

Up-to-date platform details:

http://www.symantec.com/command-line/system-requirements

System Requirements: Operating Systems



• RAM

– 64 MB - 1 GB

• Hard disk

– 600 MB - 1.5 GB (dependant on host OS)

• Additional space is required for temporary and output files

System Requirements: Resources



• Keyrings (all platforms):

– pubring.pkr

– secring.skr

• Configuration files

– All other platforms:

• PGPprefs.xml

– Mac OS X:

• com.pgp.desktop.plist

Important Files



• Command Line utilizes a home directory

– Location of the configuration file

– Created automatically when running a command

– Can be shared by multiple users

• Windows default location:

– %APPDATA%\PGP Corporation\PGP

• Mac OS X default location:

– $HOME/Documents/PGP


– $HOME/.pgp

Important Directories (1 of 2)



• Command Line users have a personal directory

– Location of keyring files

– Automatically created on first use of Command Line

• Windows default location:

– %USERPROFILE%\My Documents\PGP

• Mac OS X default location:

– $HOME/Documents/PGP (same as the home directory)


– $HOME/.pgp (same as the home directory)

Important Directories (2 of 2)



Common Command Line Environment Variables • PGP_HOME_DIR

– Overrides the default home directory

• PGP_TEMP_DIR

– Sets the temporary directory used by PGP Command Line

• Defaults to the current directory

• PGP_LOCAL_MODE

– Disables caching of keyring files and passphrases

– Do not use this setting if multiple instances of PGP Command Line are required

>_



Command Line Operation – An introduction to syntax, basic commands, and usage scenarios



• Each operation has four basic requirements

1. One command

2. Spaces are required between elements

3. Some flags require an argument

4. Put arguments with spaces inside quotation marks

pgp ––encrypt file.txt --recipient bob

pgp ––recipient bob --encrypt file.txt

pgp ––recipient "robert paulson" --encrypt file.txt

Command Line Syntax (1 of 2)



Command Line Syntax (2 of 2)

C:\Files>pgp --encrypt finances.xls

--recipient Bob

Finances.xls:encrypt <0:output file

finances.xls.pgp>


Command

Result


• Long form commands

– pgp --encrypt

– pgp --version

– pgp --list-keys @symantec

– pgp --fingerprint Alice

• Short form commands

– pgp –e (encrypt)

– pgp –r (recipient)

– pgp –l (list-keys)

– pgp –er Alice confidential.doc (encrypt and recipient)

Basic Commands



pgp --encrypt Confidential_Data.rar --recipient

"Archival Key"

scp Confidential_Data.rar.pgp

[email protected]:~<current date>

/Confidential_Data.rar

pgp --wipe Confidential_Data.rar --wipe-passes 3

Usage Example – Secure Off-site Backup


Onsite Server

Archival Public key

SCP

Remote Server


Key Management Services


Data process

Key Management

4

4 Data Srv 1

USP

Key 1


Key Management Services – Key Permissions


Key Management

Data Srv 1

USP

Data Srv 2

Key 1

Key 1

✖ Not allowed for

Srv 2

Key 2

Data process

4

4


Key Management Services – Symmetric Keys


Key Management

Data Srv 3

USP

Monday key

Daily Data process

4 4

Tuesday key

Wednesday key


• Key points

– In this lesson, you learned about encryption basics required for operating Command Line

– An introduction to Command Line and various use cases.

– Finally, you learned some basic commands and syntax and had a basic introduction to Key Management Services

• Reference materials

– Overview

– Technical Information

– Documentation

Lesson Summary


http://www.symantec.com/command-line

http://www.symantec.com/business/support/index?page=landing&key=59287&locale=en_us

http://www.symantec.com/business/support/index?page=content&channel=DOCUMENTATION&key=59287&locale=en_us

Symantec Encryption Education Offerings

27


Symantec Encryption Product Training

Optimize product functionality

Shorten your implementations and spend less time with support

Leverage your investment in Symantec technology to the fullest

Learn at your convenience via the web

For more information on Encryption training offerings, visit: http://education.symantec.com


Symantec Education offers training to help you and your team get the most from your Symantec investment…

Course Duration Delivery

Symantec Encryption products Administration course

5 day Instructor-Led Training or Virtual Academy

Symantec Encryption products Administration Web-based training

~4 hours •Self-Paced annual Subscription

Unsure if your team needs training? Symantec Education offers a free skills assessment on Symantec PGP Universal Server for individuals or teams to help you identify strengths and skills gaps.

Go to www.symantec.com/assess or contact your Symantec Education Specialist today to set up a free group assessment.

29

Training for Encryption products

http://www.symantec.com/assess

Thank you!

Copyright © 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

30

Matt Dawdy

[email protected]

Encryption Automation – Overview & Lab

mailto:[email protected]

mailto:[email protected]

Encryption Automation Overview & Lab

Documents

Transcript of Encryption Automation Overview & Lab