Well, there you go. you're spot on there Bill! I'm struggling to see what use generate is, What't the point of encrypting the data when the key is handed out whenever a restore is performed?
That must be why I've only ever used "encryptkey save" in the past. On 22 March 2012 19:57, Bill Boyer <bjdbo...@comcast.net> wrote: > With the ENCRYPTKEY GENERATE specified the client creates the key at the > beginning of the backup and that key is kept with the data stream stored on > the TSM server. When you restore this the key in the data stream is used. I > believe they also refer to this as transparent encryption. > > The include.encrypt will only effect future backups, not any backups > already > encrypted and stored on the TSM server. > > > Bill Boyer > "There are 10 kinds of people in the world. Those that understand binary > and > those that don't." - ?? > > > > > -----Original Message----- > From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of > Steven Langdale > Sent: Thursday, March 22, 2012 2:21 PM > To: ADSM-L@VM.MARIST.EDU > Subject: Re: [ADSM-L] More tsm encryption questions > > They restored because the client had an encryption key, delete that, or > possibly the encryptiontype line and you will be prompted for it. > > As for testing to see if they ARE encrypted, i think the client may say > with > a q backup (but not sure). The test I used was to try a restore after I > had > removed the key file. > > One aside, if you are using tape technology that compresses, the > compression > will do down the drain. > > Steven > > > > On 22 March 2012 18:01, Lee, Gary <g...@bsu.edu> wrote: > > > Ok. Think I have encryption working. > > > > Tried the following experiment. > > > > 1. Added these lines to dsm.opt > > > > encryptiontype aes128 > > encryptkey generate > > include.encrypt "c:\Documents and Settings\glee.BSU\My > > Documents\crypt\...\*" > > > > 2. did an incremental backup to pick up the crypt folder just created > > and filled. > > > > 3. deleted all files starting with "phon" > > > > 4. restored files starting with phon back to crypt folder, . Went well. > > > > 5. commented all encryption related lines out of dsm.opt. > > > > 6. removed phone* from crypt folder again. > > > > 7. restored phone* back to crypt folder. > > > > I thought that with encryption lines removed from dsm.opt, either the > > encrypted files wouldn't restore, or would be restored as garbage. > > Not so. Restored perfectly. > > > > What have I missed? > > Also, is there a way to verify that the specified files are truly > > encrypted? > > > > Thanks again for the assistance. > > > > > > > > > > Gary Lee > > Senior System Programmer > > Ball State University > > phone: 765-285-1310 > > > > >
