Forum Discussion

InsentraCameron's avatar
10 years ago

DLO 7.6 - Encryption Keys Question

Hello,

This is a question from one of my customers:

A further note, within the DLO Admin Guide (v7.6), it mentions the following:

  • DLO encrypts user data using a user-specific, randomly generated encryption-key.  The encryption-keys are stored in DLO's configuration database on the DLO Administration Server. The encryption-keys are also stored in encrypted form on the File Server as explained in the next section.

It looks like the passphrase configured in the Admin Console is used for encrypting the encryption keys, but the keys themselves are internally generated by DLO.  Is it possible to get further information on the process for generating the encryption keys? 

Does Symantec have a white paper on this process? If not, is it possible to explain exactly what happens.

NB: These questions are coming from the security team who are trying to protect the backups of their executives' data.

Cheers,

Cameron

 

  • Cameron

    DLO uses active directory for user authentication. For each user it generates unique key (user key). User key gets encrypted twice first with AES-256 encryption and then key is encrypted again using Global Recovery Key (public key) before it travels over a wire. Algorithm used for second encryption is RSA-OAEP (MGF1 with SHA1). Public key in use is generated using global recovery credentials. With this mechanism every user has a unique two fold encryption layer security for their data.

     

    If you need further details request to me on my e-mail id.