During a backup of a client using the aes directive, the NetWorker server provides the value assigned to its Datazone pass phrase to the client being backed up. The pass phrase is used to encrypt the data on the client as the save stream is generated. If the Datazone pass phrase attribute has no value, the default pass phrase is used.
During recovery of encrypted data, the value of the Datazone pass phrase attribute is used for decryption. If decryption fails, another attempt to decrypt the data is made using the default pass phrase. If that decryption fails, the recovery will fail.
If an incorrect pass phrase or no pass phrase is entered, encrypted data is not recovered. Instead, the filenames will be created without data. However, if unencrypted data is also selected for recovery, it will be recovered.
To recover data backed up when a different pass phrase was in effect, you must run the recover program with the –p option and specify the pass phrase in effect at the time of the backup. For this reason, it is suggested that the pass phrase not be changed.
For example:
recover -p pass_phrase
winworkr -p pass_phrase
To enter multiple pass phrases with the -p option, type:
The files which cannot be recovered successfully could be encrypted by another ass phrase. To recover these files, please put in the pass phrase that was used/present during backup.
Excelent answer!!! If the Password field has never been filled, nothing be required to recover backed up data into the same Datazone, am I right? By the way, if the data needs to be recover outside the datazone, is a pass phrase required? If yes, how can we know the default pass phrase? However, our customer has a weird issue: all data was backed up in the same way, but only few files cannot be recovered without encryption key.
Password field has never been filled, nothing be required to recover backed up data into the same Datazone, am I right? By the way, if the data needs to be recover outside the datazone, is a pass phrase required? If yes, how can we know the default pass phrase?
TimQuan
4 Operator
•
1.2K Posts
1
November 24th, 2011 20:00
Hi,
During a backup of a client using the aes directive, the NetWorker server provides the value assigned to its Datazone pass phrase to the client being backed up. The pass phrase is used to encrypt the data on the client as the save stream is generated. If the Datazone pass phrase attribute has no value, the default pass phrase is used.
During recovery of encrypted data, the value of the Datazone pass phrase attribute is used for decryption. If decryption fails, another attempt to decrypt the data is made using the default pass phrase. If that decryption fails, the recovery will fail.
If an incorrect pass phrase or no pass phrase is entered, encrypted data is not recovered. Instead, the filenames will be created without data. However, if unencrypted data is also selected for recovery, it will be recovered.
To recover data backed up when a different pass phrase was in effect, you must run the recover program with the –p option and specify the pass phrase in effect at the time of the backup. For this reason, it is suggested that the pass phrase not be changed.
For example:
recover -p pass_phrase
winworkr -p pass_phrase
To enter multiple pass phrases with the -p option, type:
recover -p pass_phrase1 -p pass_phrase2 -p pass_phrase3
The files which cannot be recovered successfully could be encrypted by another ass phrase. To recover these files, please put in the pass phrase that was used/present during backup.
http://solutions.emc.com/emcsolutionview.asp?id=esg116157
Regards,
Tim
Polska1422
2 Intern
•
128 Posts
1
November 25th, 2011 03:00
Hi Tim,
Excelent answer!!! If the Password field has never been filled, nothing be required to recover backed up data into the same Datazone, am I right? By the way, if the data needs to be recover outside the datazone, is a pass phrase required? If yes, how can we know the default pass phrase? However, our customer has a weird issue: all data was backed up in the same way, but only few files cannot be recovered without encryption key.
Regards
Claudio
ble1
4 Operator
•
14.4K Posts
2
November 26th, 2011 06:00
1) Correct
2) Yes
3) Owner of data should know what the key is