Solved

Upgrade internal PGP-encrypted boot drive?

Posted on 2013-11-09
5
442 Views
Last Modified: 2014-02-21
I have an internal solid state HD in my Windows 7 64-bit laptop, and I need to replace it with a bigger one. There are four partitions on the drive. The C: drive that it boots to is not encypted, but the others are (i.e., the data partitions). If I use a cloning utility, what will happen to the encrypted partitions? Those partitions are fully backed up so I do have the option on not cloning them, and just restoring the data later.

Also, how do the partition sizes get set on the new HD? Wiull I have to expand them after cloning them? My system partition is the one that is almost full.
0
Comment
Question by:bnchester
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 64

Expert Comment

by:btan
ID: 39636770
A backup product that does raw (sector-by-sector) backup can also backup a PGP encrypted system partition, although only when booting from its own boot media.

In particular, casper creates a complete backup of an encrypted drive that retains all of the encrypted data in its original encrypted state, also duplicates an encrypted drive to a larger drive without requiring a laborious and time consuming backup, restore, and re-encryption process.

Importantly, it creates or restores an encrypted backup to a drive that is either smaller or larger than the original.

http://www.caspersecure.com/
0
 

Author Comment

by:bnchester
ID: 39636956
This looks good. So I clone to a 2.5" drive via an external HD enclosure, then just put that drive into the laptop and I'm ready to go?

Followup: I use ShadowProtect to back up my data (and system drive) to a network share, and this seems to have a lot of the same capabilities as Casper. Since the system partition ITSELF isn't encrypted, just the data, might that work?
0
 
LVL 64

Accepted Solution

by:
btan earned 100 total points
ID: 39636994
Plain partition should be as per norm recovery and backup. I did not know about shadowprotect in specific. Also note if the encryption used TPM chip on the  source machine then the key cannot be migrated to another, it needs to be decrypted
0
 
LVL 55

Assisted Solution

by:McKnife
McKnife earned 100 total points
ID: 39638150
Hi.

We did this type of migration many times with PGP WDE 10 fully encrypted disks.
We used drive snapshot ("DS")  http://www.drivesnapshot.de/en/index.htm to do it. After restoring the Image to the new drive, DS resizes the partitions. Reboot the System and re-encrypt it.

We also used clonezilla which does what breadtan mentioned: sector-copying the drive, so we keep it encrypted. Problem: what would clonezilla do with the encryption? Of course it cannot encrypt, so the partitions would have to be extended after cloning... a process which is not supported by PGP. So the best way I see to stretch partitions is doing an image copy as with drive snapshot and then re-encrypt.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 39877781
Please respond or finalize it, this question is growing old :) I think it was obviously solved.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question