Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Sally3

4 Posts

1576

July 21st, 2010 00:00

How to verify that the backup files are encrypted?

Hi,

I have enabled AES pass phrase in the master server and also created the encryption directives "<< / >> +aes:* ". I have apply the global directive to individual clients by using the Directive attribute of the Client resource. The questions is: how do I verify that the client backup files are really encrypted. The messages files do not have any information on encryption.

Best Regards,

Sally

Daniea3

123 Posts

July 21st, 2010 02:00

Hi Sally,

     
           Currently, when an AES encrypted backup occurs we do not see any indication of this in the logs files.  To determine if AES encryption is in fact working, perform the following test:

  1. Create a text file in the directory that the aes directive has been configure to for.

  2. Edit this file and type something in it. Save the file.

  3. Backup this file via a client using the AES directive.

  4. When backup has completed, change the pass phrase on the NetWorker server.

  5. Recover the file.

  6. Edit the recovered file and confirm that its contents is empty.

When the backup is initially done, it is encrypted with the passphrase at the time of backup. If the passphrase has changed since the time of the backup and a recover is attempted of these files, the files are restored with what appears to be an accurate file size but they are in fact 0 byte files.  Initiating a recover will not prompt for a passphrase to be entered, so if the passphrase at the time of recover is different from the one used at the time of backup, you must start the recover with a -p .

For Windows clients, initiate a recover with the command:

winworkr -p original_passphrase
or
recover -p original_passphrase

For UNIX clients initiate a recover with:

recover -p original_passphrase

The nwrecover cannot be launched with the -p flag as it fails with a syntax problem.

usage: nwrecover [ -s server ] [ -c client ] [ -x indexnamespace ]
[ -T browse time ] [ ] [ path ]

The passphrase can be passed through once the nwrecover GUI is open select the data to be recovered, click recover and in the upper left click "Basic options" from the pop up select "Advanced options". The advanced options has a section for "Encryption Pass Phrases" type the phrase on the line with the "Add" radio button, then click add.
Regards,
Arun

coganb

736 Posts

July 21st, 2010 08:00

Hi,

Arun, this is an internal-only knowlegebase article so the link will not work.  However, there is no reason for this content to be internal-only.  I will look into getting this changed.  Thanks for bringing this issue to our attention Sally and let us know if you have any further issues with it.

-Bobby

Daniea3

123 Posts

July 21st, 2010 09:00

Hi Bobby,

     I didnt see it marked internal only anywhere. But thanks for the update. As you mentioned I dont see any resons why it is internally only.

Arun

Sally3

4 Posts

July 21st, 2010 19:00

Hi,

I'm using version 7.4 SP2. I tried to restore using a wrong pass phrase.

The restoration complains that a wrong pass phrase is using. However,

the files are actually restored. Why did it happen? Please advise.

Best Regards,

Sally Low

Anonymous

5 Practitioner

 • 

274.2K Posts

July 22nd, 2010 00:00

Hi Sally,

If you tried with wrong pass phrase, still the recovery will complete, but the content of these files wont be restored.

Usualy these recovered files will be a empty files.

Please confirm whether you can see the content of these files.

Prajith

Sally3

4 Posts

July 22nd, 2010 01:00

Hi  Prajith,

I have checked the restored data. It contains data. I tried in another set of machines using 7.5.3 with exactly the same method and it works. Is there a bug in 7.4.2?

Sally

Daniea3

123 Posts

July 22nd, 2010 02:00

Hi Sally,

    As mentioned by Prajith it will restore but the folders will be 0KB. But not sure what is happening in your case. I would suggest you to open a case with the support team so that we can investigate further on this. 

Regards,

Arun

coganb

736 Posts

July 28th, 2010 03:00

The above-mentioned Knowledgebase article is now visible to all:

http://solutions.emc.com/EMCSolutionView.asp?id=esg74888&usertype=C

As regards the issue you are experiencing, there was a similar issue reported in NetWorker 7.4.2 (reference
LGTsc18937) but it looks like the problem was with the usage rather than a bug.  If you need this to work in 7.4.2, you'll
need to open a case with Support and we'll look into it in more detail.

-Bobby

View More

View All

No Events found!

Top