Upload
dolien
View
226
Download
0
Embed Size (px)
Citation preview
Encryption Automation – Overview & Lab
Matt Dawdy Senior Principal Field Enablement Manager
Encryption Automation – Overview & Lab 1
SYMANTEC VISION 2013
Agenda
Encryption Automation – Overview & Lab 2
What You Need To Know 1
Introduction To Command Line 2
Command Line Operation 3
SYMANTEC VISION 2013
What You Need to Know – Skill sets required to operate PGP Command Line
3 Encryption Automation – Overview & Lab
SYMANTEC VISION 2013 4 Encryption Automation – Overview & Lab
Alice Bob
Public key Matching Private key
File transfer
SYMANTEC VISION 2013
Introduction to Command Line Operation – Command Line installation, system requirements, important directories, files, and services
7 Encryption Automation – Overview & Lab
SYMANTEC VISION 2013
What Is PGP Command Line?
• An application that can automate cryptography
– Use local and keyserver-based keys
– Creates keys
– Encryption and decryption
– Digital signatures
– Secure file deletion
8 Encryption Automation – Overview & Lab
SYMANTEC VISION 2013
Command Line – Common Use Cases
Data Distribution
File Transfer
Data Backup
> pgp –es dbdump.sql – r admin@company_a.com
dbdump.sql:encrypt (0:output file dbdump.sql.pgp)
9 Encryption Automation – Overview & Lab
SYMANTEC VISION 2013
Command Line - In Action
Human Resources
Protect Personal Identifiable Information (PII) by encrypting files being transferred to another
location.
Legal
Enable the end-to-end secure transfer of intellectual property, and proprietary and client
confidential information to third parties.
Healthcare
Secure Personal Health Information (PHI) of patient records, images and related files
transferred to partner organizations.
10 Encryption Automation – Overview & Lab
SYMANTEC VISION 2013
• Execute an installer package and follow the prompts
• Windows:
– %PROGRAMFILES%\PGP Corporation\PGP Command Line
• Mac OS X:
– /usr/bin
• All other platforms:
– /opt/pgp/bin
Installation
11 Encryption Automation – Overview & Lab
SYMANTEC VISION 2013
• Windows
• HP-UX 11i and above
• IBM AIX 5.3 and 6.1 PowerPC
• Red Hat Enterprise Linux 5.4, 5.5, 6.0, 6.2
• SUSE Linux Enterprise Server 10 and 11
• Solaris 9 and 10
• Apple Mac OS X 10.5.x and Mac OS X 10.6.x
Up-to-date platform details:
http://www.symantec.com/command-line/system-requirements
System Requirements: Operating Systems
12 Encryption Automation – Overview & Lab
SYMANTEC VISION 2013
• RAM
– 64 MB - 1 GB
• Hard disk
– 600 MB - 1.5 GB (dependant on host OS)
• Additional space is required for temporary and output files
System Requirements: Resources
13 Encryption Automation – Overview & Lab
SYMANTEC VISION 2013
• Keyrings (all platforms):
– pubring.pkr
– secring.skr
• Configuration files
– All other platforms:
• PGPprefs.xml
– Mac OS X:
• com.pgp.desktop.plist
Important Files
14 Encryption Automation – Overview & Lab
SYMANTEC VISION 2013
• Command Line utilizes a home directory
– Location of the configuration file
– Created automatically when running a command
– Can be shared by multiple users
• Windows default location:
– %APPDATA%\PGP Corporation\PGP
• Mac OS X default location:
– $HOME/Documents/PGP
• All other platforms:
– $HOME/.pgp
Important Directories (1 of 2)
15 Encryption Automation – Overview & Lab
SYMANTEC VISION 2013
• Command Line users have a personal directory
– Location of keyring files
– Automatically created on first use of Command Line
• Windows default location:
– %USERPROFILE%\My Documents\PGP
• Mac OS X default location:
– $HOME/Documents/PGP (same as the home directory)
• All other platforms:
– $HOME/.pgp (same as the home directory)
Important Directories (2 of 2)
16 Encryption Automation – Overview & Lab
SYMANTEC VISION 2013
Common Command Line Environment Variables • PGP_HOME_DIR
– Overrides the default home directory
• PGP_TEMP_DIR
– Sets the temporary directory used by PGP Command Line
• Defaults to the current directory
• PGP_LOCAL_MODE
– Disables caching of keyring files and passphrases
– Do not use this setting if multiple instances of PGP Command Line are required
>_
17 Encryption Automation – Overview & Lab
SYMANTEC VISION 2013
Command Line Operation – An introduction to syntax, basic commands, and usage scenarios
18 Encryption Automation – Overview & Lab
SYMANTEC VISION 2013
• Each operation has four basic requirements
1. One command
2. Spaces are required between elements
3. Some flags require an argument
4. Put arguments with spaces inside quotation marks
pgp ––encrypt file.txt --recipient bob
pgp ––recipient bob --encrypt file.txt
pgp ––recipient "robert paulson" --encrypt file.txt
Command Line Syntax (1 of 2)
19 Encryption Automation – Overview & Lab
SYMANTEC VISION 2013
Command Line Syntax (2 of 2)
C:\Files>pgp --encrypt finances.xls
--recipient Bob
Finances.xls:encrypt <0:output file
finances.xls.pgp>
20 Encryption Automation – Overview & Lab
Command
Result
SYMANTEC VISION 2013
• Long form commands
– pgp --encrypt
– pgp --version
– pgp --list-keys @symantec
– pgp --fingerprint Alice
• Short form commands
– pgp –e (encrypt)
– pgp –r (recipient)
– pgp –l (list-keys)
– pgp –er Alice confidential.doc (encrypt and recipient)
Basic Commands
21 Encryption Automation – Overview & Lab
SYMANTEC VISION 2013
pgp --encrypt Confidential_Data.rar --recipient
"Archival Key"
scp Confidential_Data.rar.pgp
[email protected]:~<current date>
/Confidential_Data.rar
pgp --wipe Confidential_Data.rar --wipe-passes 3
Usage Example – Secure Off-site Backup
22 Encryption Automation – Overview & Lab
Onsite Server
Archival Public key
SCP
Remote Server
SYMANTEC VISION 2013
Key Management Services
23 Encryption Automation – Overview & Lab
Data process
Key Management
4
4 Data Srv 1
USP
Key 1
SYMANTEC VISION 2013
Key Management Services – Key Permissions
24 Encryption Automation – Overview & Lab
Key Management
Data Srv 1
USP
Data Srv 2
Key 1
Key 1
✖ Not allowed for
Srv 2
Key 2
Data process
4
4
SYMANTEC VISION 2013
Key Management Services – Symmetric Keys
25 Encryption Automation – Overview & Lab
Key Management
Data Srv 3
USP
Monday key
Daily Data process
4 4
Tuesday key
Wednesday key
SYMANTEC VISION 2013
• Key points
– In this lesson, you learned about encryption basics required for operating Command Line
– An introduction to Command Line and various use cases.
– Finally, you learned some basic commands and syntax and had a basic introduction to Key Management Services
• Reference materials
– Overview
– Technical Information
– Documentation
Lesson Summary
26 Encryption Automation – Overview & Lab
SYMANTEC VISION 2013
Symantec Encryption Product Training
Optimize product functionality
Shorten your implementations and spend less time with support
Leverage your investment in Symantec technology to the fullest
Learn at your convenience via the web
For more information on Encryption training offerings, visit: http://education.symantec.com
SYMANTEC VISION 2013
Symantec Education offers training to help you and your team get the most from your Symantec investment…
Course Duration Delivery
Symantec Encryption products Administration course
5 day Instructor-Led Training or Virtual Academy
Symantec Encryption products Administration Web-based training
~4 hours •Self-Paced annual Subscription
Unsure if your team needs training? Symantec Education offers a free skills assessment on Symantec PGP Universal Server for individuals or teams to help you identify strengths and skills gaps.
Go to www.symantec.com/assess or contact your Symantec Education Specialist today to set up a free group assessment.
29
Training for Encryption products
Thank you!
Copyright © 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
30
Matt Dawdy
Encryption Automation – Overview & Lab