Encryption keys and Salt

Last published : Apr 02, 2026

When you create or delete a new data encryption key, information about all keys is exported to a csv in the Backup Exec Data (BEData) folder. The csv file is named EncryptionKeys-<MediaServerMachineName>.csv.

For a PBKDF2 key, the combination of key name, Passphrase, and its associated Salt is required. You can use this option to view the Salt for a PBKDF2 key. Backup Exec requires the Passphrase and the Salt combination if the key is not available on the media server.

The EncryptionKeys-<MediaServerMachineName>.csv file contains the following information:

ProductVersion: Backup Exec version installed
MachineName: Media server name
Key: Contains the following information:
- Name of the key
- Type of key: 128-bit AES, 256-bit AES (SHA-2), or 256-bit AES (PBKDF2)
- Salt Length of the key: Number of characters
- Salt value
- Restricted key or common encryption key

It is recommended that you keep a backup of the csv file, which may be required during a disaster recovery scenario.

Related information

Configuration and settings

PDF Export Options

Share this page

Was this page helpful?