09-23-2013 09:19 AM
Data Protector offers a simple built-in XOR algorithm implemented in a shared C program library. Since Data Protector provides the API used by the Disk Agent to interface with the data encoding module, you can substitute your own internal data encoding algorithms for greater security. Do this by writing your own data encoding module, compiling it into a library, and substituting the new library for the default Data Protector library. Note that after changing the encoding library, a full backup should be performed.
The Data Protector software encryption, based on the AES-CTR (Advanced Encryption Standard in Counter Mode) encryption algorithm that uses random keys of 256-bit length. The same key is used for both encryption and decryption. With AES 256-bit encryption, data is encrypted before it is transferred over a network and before it is written to media.
The short answer here is that if you just use 'Encode' and do not write your own encryption algorithms, and facility that has DP installed would be able to decode your backups. The AES-256 method is much more secure
In the Command Line Interpreter (CLI) Guide, in section iM, review the options for 'omnikeytool' command
omnikeytool -export [CSV File] [export options]
Exports encryption key records into the specified comma separated values (CSV) file. The file
is exported only to the directory
Program Data\Omniback\Config\Server\export\keys (Windows Server 2008),
Program Files\Omniback\Config\Server\export\keys (other Windows systems),
/var/opt/omni/server/export/keys (UNIX systems).
To export the active encryption key "10B53673B8232747A806000001000000
5B9381955B 9381955B9381955B938321" to a comma-separated values (CSV) file "a.csv",
omnikeytool -export a.csv -keyid 10B53673B8232747A806000001000000
Exporting does not delete encryption keys from the keystore.
omnikeytool -import [CSV File]
Imports encryption key record matching the key number from the specified keystore file. The
file is imported to the directory
ProgramData\Omniback\Config\Server\import\keys (Windows Server 2008),
Program Files\Omniback\Config\Server\import\keys (other Windows systems),
/var/opt/omni/server/import/keys (UNIX systems
All of this information is available by, in the GUI, clicking on HELP -> List Topic for the AES information, and
Help -> Guides -> CLI Guide