Showing results for 
Search instead for 
Did you mean: 

The question of MSEO Encryption and decryption

Level 3

Hi all,

I have a problem about the MSEO(media server encryption option).

backup environment like below:



Master server: SHAA2SNBU38

Media server: SHAA2SNBU38

first backup data to DD640,then vault to tape in i500.


Master server: SHAA2SNBU38(the same DC site master server)

Media server: SHAA5SNBU61

backup type like DC SITE


Now i have problem:

Vault to tape is through encryption by mseo(media server of SHAA2SNBU38).Then i take the tape to DR site and recovery the tape from media server(SHAA5SNBU61) successfully.But the site of DR(SHAA5SNBU61) is out of mseo agent. why it does sucessfully?

additional query:Recovery data what backup through MSEO must need media server installing MSEO agent?




Level 6
Employee Accredited

Is the backup actually encrypted ?

If you look in the meso log you should see if it is really encrypted:


Another way to test, is take one of the backups on the Live site, stop mseo services and try to restore - it should fail.  Restart mseo, restore agin and it should work.

Level 3

Hi mph999,

It is windows env,so is't log in windows event log?And how to know is it encryption successfully?


Level 6
Partner    VIP    Accredited Certified

If you want to use the MSEO encription at the other site, you have to install the MSEO agent. But it seems that MSEO is not working now.

check the logs and run the command "cgconfig list" to check if the devices have encription option enabled.

Do you use the DD as VTL or as OST (or nfs)?

I'm not sure if the MSEO is working with duplicated tapes. How do you enable the encription during the duplication?

If the cgconfig command shows that your drives are encreption enabled try to run a backup directly to i500 and see what will happen at the DR site.


One more question. What drive types you are using at the i500 and the i40?


Level 6
Employee Accredited

Not sure where the log is on windows, just do a search on the mseo server for mseo.log

It is difficult to tell if iyt is encrypted, as mseo 'happens after' NBU - the easiest way is to stop the mseo services and try a restore.


Partner    VIP   

Have you consider using Netbackup KMS (tape drived base encryption) insted of MSO ?

LTO4 and newer all support hardware encryption (MSO is software based encryption).

Level 4

i want to which type of key combination use by veritas to encrypt or decrypt the file because I apply the key to decrypt it but it not happen and why it is doesnot ask for key while decrypting bkffile, why in veritas folder in driver no paste option available.

Level 6
Employee Accredited

You need to start a new post clearly explaining what your issue is, as opposed to just adding to a thread several years old.

You have not explained what you are trying to do, what type of encryption you are using.

Using vertias tool I created a bkf encrypted file and I know the key and pass phrase of the file.

I m using this encrypted file for my project  in which i have to decrypt the bkf file using  algo through project not any third party tool and save it but when i use key or pass phrase to decrypt it it not possible , so i want to know which algo veritas using to decrypt the bkf file because when i decrypt it through veritas it does not ask for key and for same file same key encrypted data is different, so can you tell me what procedure veritas usage to decrypt the bkf file or which type of key combination it usage to decrypt it.

regarding pervious blog 

I m using AES128,AES256 encryption decryption algo.

Hi @veritas8 

How are you using the "veritas tool" to encrypt a file? This doesn't really make sense as NetBackup encrypts backups not files. Also depending on the where the encryption is being implemented by NetBackup will vary how the process is done (for instance encryption to tape is performed differently to encrytion to MSDP). 

If you explain what it is you have encrypted and how (provide commands used, or explain the process you used) then maybe we can help. 



Thanks for replying me, I m using a TAPE file and the process is I take a backup of bkf file and then give a command to encrypted it and where i get to choose option for 128 or 256 and key, pass phrase after apply all the procedure i encrypted my bkf file. So i just want how to decrypt that file data using another tool which key combination will be used, because when i  m using key or pass phrase to decrypt it did not give the desired result 

Like this how i take a backup it shown in picture

Screenshot (2).png

Hi @veritas8 

Okay - you are using Backup Exec, maybe you should ask this question (in a new post) in that forum. 

This one is for NetBackup.


Ok thanks