Hi

Louth · ‎09-01-2009

My boss is very concerned with encrypting our media. Through my research, it looks like BE keeps the encrytion keys in the database, preventing it from being exported or backed up seperately. Is this the case?

Louth · ‎09-03-2009

Also, how is the key encrypted? What hash is used?

Symboy · ‎09-03-2009

HI

Please check the below link , how encryption works in 11d . It almost works on the same fundamental in later versions.

http://support.veritas.com/docs/285881

Thamks
Zaki Khan

Louth · ‎09-04-2009

Thank you for that. But as a matter of my bosses paranoia, what steps are taken to encrypt the key in the database? Surely it is not help unencrypted in some table? Sorry to be so picky, but I know my boss will pester me about this.

Symboy · ‎09-05-2009

I understand Bosses very well ...ha ha ha

Encryption keys are safely stored inside of the Backup Exec database (BEDB) in an encrypted

format. The pass phrase itself is not stored in the database; only the key generated by the pass

phrase is stored

Following is the process involved in the same

1. The Backup Exec 11d media server sends the encryption keys to the Backup Exec Remote

Agent installed on the client system. The keys are protected via asymmetric encryption during

this transfer.

2. Data is encrypted at the Backup Exec 11d Remote Agent client with symmetric encryption

using the specified AES 128-bit or 256-bit key.

3. Data is sent encrypted over the network to the Backup Exec 11d media server and written to

the backup device specified in the backup job.

If a Backup Exec database becomes corrupted on a media server and is replaced by a new

database, you must manually re-create all of the encryption keys that were stored on the original

database. If you move a database from one media server to another, the encryption keys remain

intact as long as the new media server has the same user accounts and is in the same domain as

the original media server.

VOX

Encryption questions