With the ENCRYPTKEY GENERATE specified the client creates the key at the beginning of the backup and that key is kept with the data stream stored on the TSM server. When you restore this the key in the data stream is used. I believe they also refer to this as transparent encryption.
The include.encrypt will only effect future backups, not any backups already encrypted and stored on the TSM server. Bill Boyer "There are 10 kinds of people in the world. Those that understand binary and those that don't." - ?? -----Original Message----- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Steven Langdale Sent: Thursday, March 22, 2012 2:21 PM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] More tsm encryption questions They restored because the client had an encryption key, delete that, or possibly the encryptiontype line and you will be prompted for it. As for testing to see if they ARE encrypted, i think the client may say with a q backup (but not sure). The test I used was to try a restore after I had removed the key file. One aside, if you are using tape technology that compresses, the compression will do down the drain. Steven On 22 March 2012 18:01, Lee, Gary <g...@bsu.edu> wrote: > Ok. Think I have encryption working. > > Tried the following experiment. > > 1. Added these lines to dsm.opt > > encryptiontype aes128 > encryptkey generate > include.encrypt "c:\Documents and Settings\glee.BSU\My > Documents\crypt\...\*" > > 2. did an incremental backup to pick up the crypt folder just created > and filled. > > 3. deleted all files starting with "phon" > > 4. restored files starting with phon back to crypt folder, . Went well. > > 5. commented all encryption related lines out of dsm.opt. > > 6. removed phone* from crypt folder again. > > 7. restored phone* back to crypt folder. > > I thought that with encryption lines removed from dsm.opt, either the > encrypted files wouldn't restore, or would be restored as garbage. > Not so. Restored perfectly. > > What have I missed? > Also, is there a way to verify that the specified files are truly > encrypted? > > Thanks again for the assistance. > > > > > Gary Lee > Senior System Programmer > Ball State University > phone: 765-285-1310 > >
