Re: Encrption (333 Views)
Reply
Advisor
asshaheen
Posts: 33
Registered: ‎06-25-2013
Message 1 of 2 (356 Views)

Encrption

Hi All,

 

 questions
1- what is different from AES and encode?
2-How to export and import keystore file?

 

 

many thanx :-)

HP Expert
Bob_Clark
Posts: 1,475
Registered: ‎08-14-2013
Message 2 of 2 (333 Views)

Re: Encrption

Encode

Data Protector offers a simple built-in XOR algorithm implemented in a shared C program library. Since Data Protector provides the API used by the Disk Agent to interface with the data encoding module, you can substitute your own internal data encoding algorithms for greater security. Do this by writing your own data encoding module, compiling it into a library, and substituting the new library for the default Data Protector library. Note that after changing the encoding library, a full backup should be performed.

 

AES 256

The Data Protector software encryption, based on the AES-CTR (Advanced Encryption Standard in Counter Mode) encryption algorithm that uses random keys of 256-bit length. The same key is used for both encryption and decryption. With AES 256-bit encryption, data is encrypted before it is transferred over a network and before it is written to media.

 

The short answer here is that if you just use 'Encode' and do not write your own encryption algorithms, and facility that has DP installed  would be able to decode your backups.  The AES-256 method is much more secure

 

In the Command Line Interpreter (CLI) Guide, in section iM, review the options for 'omnikeytool' command

 

    omnikeytool -export [CSV File] [export options]

Exports encryption key records into the specified comma separated values (CSV) file. The file

is exported only to the directory

 

Program Data\Omniback\Config\Server\export\keys (Windows Server  2008),

Program Files\Omniback\Config\Server\export\keys (other Windows systems),

or

/var/opt/omni/server/export/keys (UNIX systems).

 

Example:

To export the active encryption key "10B53673B8232747A806000001000000

5B9381955B 9381955B9381955B938321" to a comma-separated values (CSV) file "a.csv",

 

run:

omnikeytool -export a.csv -keyid 10B53673B8232747A806000001000000

5B9381955B 9381955B9381955B938321

 

Exporting does not delete encryption keys from the keystore.

 

     omnikeytool -import [CSV File]

Imports encryption key record matching the key number from the specified keystore file. The

file is imported to the directory

 

ProgramData\Omniback\Config\Server\import\keys (Windows Server 2008),

Program Files\Omniback\Config\Server\import\keys (other Windows systems),

or

/var/opt/omni/server/import/keys (UNIX systems

 

 

All of this information is available by, in the GUI, clicking on HELP -> List Topic for the AES information, and

Help -> Guides -> CLI Guide

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.