Creating encryption keys

Last published : Apr 02, 2026
When you create an encryption key, you select the type of encryption to use.
To create an encryption key
  1. Click the Backup Exec button, select Configuration and Settings, and then clickBackup Exec Settings.
  2. In the left pane, select Network and Security.
  3. Click Manage Keys.
  4. Click New.
  5. In the Key name field, type a unique name for this key. The name can include up to 256 characters.
  6. In the Encryption type field, select the encryption type to use for this key. Your choices are 128-bit AES or 256-bit AES.
The default type is 256-bit AES. The 256-bit AES encryption provides a stronger level of security than 128-bit AES encryption. However, backup jobs may process more slowly with 256-bit AES encryption than with 128-bit AES encryption. Hardware encryption that uses the T10 standard requires 256-bit AES.
  1. In the Pass phrase field, type a pass phrase for this key. You can use only printable ASCII characters.
For 128-bit AES encryption, the pass phrase must be at least eight characters. For 256-bit AES encryption, the pass phrase must be at least 16 characters.
Veritas recommends that you use more than the minimum number of characters.
Warning: If an encryption key that is used in a backup is no longer available, you must provide the pass phrase during restore. Without the pass phrase, the data cannot be accessed.
  1. In the Confirm pass phrase field, type the pass phrase again to confirm it.
  2. In the Encryption key type group box, select whether you want to create a common or restricted encryption key.
If a key is common, any user of this installation of Backup Exec can use the key to back up and restore data. If a key is restricted, anyone can use the key to back up data. But only the key owner or a user who knows the pass phrase can use the restricted key to restore the encrypted data.
  1. Click OK.
More Information
Encryption key management
Using encryption with Backup Exec
Related information