In Symantec Encryption Management Server (formerly PGP Universal) environments with the appropriate policy, Whole Disk Recovery Tokens (WDRTs) are created automatically when a disk, partition, or removable disk is whole disk encrypted. They are sent to the Management Server, managing security for the disk or partition when they are created.
WDRTs can be used to access the disk or partition in case the passphrase or authentication token is lost. Once a WDRT is used, it cannot be used again, and another WDRT would need to be retrieved from the Management Server.
This article details the steps to authenticate a disk via the command line using a WDRT.
Open a Command Prompt.
Click Start>Run, type cmd and click OK.
Or, click Start and search for "Command Prompt"
Change to the Encryption Desktop directory.
On 32-bit Windows, type: cd C:\Program Files\PGP Corporation\PGP Desktop
On 64-bit Windows, type: cd C:\Program Files (x86)\PGP Corporation\PGP Desktop
To list the visible disks on the system, type pgpwde --enum
Verify the WDRT of the disk by typing pgpwde --disk <Disk #> --verify-user --rt <Whole Disk Recovery token>
Change the disk number depending on which disk you are trying to authenticate
Do not include the <> brackets
To unlock the drive, accessing the data whilst keeping it encrypted, type pgpwde --auth --disk <#> --rt <WDRT>
To decrypt the drive, removing the encryption on it, type pgpwde --decrypt --disk <#> --rt <WDRT>
For example, to decrypt disk 2 with a WDRT, use: pgpwde --disk 2 --decrypt --rt 91J56-ZGYE1-25F06-HUT4V-CQUK2-YJE
Imported Document ID: TECH149487
Subscribing will provide email updates when this Article is updated. Login is required.