Replacing an encryption key
You can replace one encryption key with another for all backup jobs and duplicate backup set jobs.
Note: You cannot replace an encryption key if it is used in a restore job.
To replace an encryption key
-
Click the Backup Exec button, select Configuration and Settings, and then clickBackup Exec Settings.
-
In the left pane, select Network and Security.
-
Click Manage Keys.
-
Select the key that you want to replace.
-
Click Replace.
-
In the Select an encryption key to replace \<key name\> field, do one of the following:
To use an existing key Select the key from the list. To create a new key Complete the following steps\: - Click New . - In the Key name field, type a unique name for the key. The name can include up to 256 characters. - In the Encryption type field, select the type of encryption to use for this key. You can select 128-bit AES or 256-bit AES. The default type is 256-bit AES. The 256-bit AES encryption provides a stronger level of security than 128-bit AES encryption. However, backup jobs may process more slowly with 256-bit AES encryption than with 128-bit AES encryption. Hardware encryption that uses the T10 standard requires 256-bit AES. - In the Pass phrase field, type a pass phrase for this key. For 128-bit AES encryption, the pass phrase must be at least eight characters. For 256-bit AES encryption, the pass phrase must be at least 16 characters. It is recommended that you use more than the minimum number of characters. You can use only printable ASCII characters. Warning: If an encryption key that is used in a backup is no longer available, you must provide the pass phrase during restore. Without the pass phrase, the data cannot be accessed. - In the Confirm pass phrase field, type the pass phrase again to confirm it. - In the Encryption key type group box, select whether you want to create a common or restricted encryption key. - Click OK . -
Click OK.
More Information
Related information