The PGP Whole Disk Encryption (WDE) tools have a command line interface for both OS X and Windows. The options are mostly the same across the two. We’ll focus on two for the purposes of this little article. The first is –list-user and the second is –change-passphrase, although there are a number of other options. A general breakdown of the options include the following:
OK, so disk 0 is my only volume and it’s bootable. Nothing has been encrypted yet. So let’s confirm by looking at –disk-status:
pgpwde --disk-status --disk 0
Now, let’s see who’s got access to that disk:
pgpwde --list-user --disk 0
Then, let’s enable BootGuard on our volume:
pgpwde --instrument --disk 0
And then add user cedge to be able to unlock that volume, with a passphrase of krypted:
pgpwde --add-user cedge --passphrase krypted --disk 0
And then let’s encrypt it:
pgpwde --encrypt --passphrase krypted --disk 0
And finally, to change the password of that cedge account to something more secure:
pgpwde --change-passphrase --disk 0 -u cedge --passphrase krypted --new-passphrase "!Ab@nK$Ru13z"
To make scripting this a bit easier, you can also choose to skip the whole –passphrase option (since you might not know the current passphrase since they’re not typically reversible) you can use the –recovery-token option (assuming you have a token).
Note: No passwords were hurt in the writing of this article.
krypted February 14th, 2014