DOCUMENTATION: What is the default location for the NetBackup Encryption key file? Does the CRYPT_KEYFILE setting change this location?

Article:TECH56707  |  Created: 2009-01-09  |  Updated: 2009-01-09  |  Article URL http://www.symantec.com/docs/TECH56707
Article Type
Technical Solution

Product(s)

Environment

Issue



DOCUMENTATION: What is the default location for the NetBackup Encryption key file? Does the CRYPT_KEYFILE setting change this location?

Solution



Manuals:
NetBackup 6.0 System Administrator's Guide, Volume II for UNIX and Linux
NetBackup 6.0 System Administrator's Guide, Volume II for Windows
NetBackup 6.0 Encryption System Administrator's Guide for UNIX and Windows
NetBackup 6.5 Administrator's Guide, Volume II for UNIX and Linux
NetBackup 6.5 Administrator's Guide, Volume II for Windows
NetBackup 6.5 Security and Encryption Guide

Modification Type: Correction/Addition

Modification:
The key file for Standard Encryption (NetBackup Encryption Option 5.1 and above) can only be found at the following paths:
UNIX: /usr/openv/var/keyfile.dat
Macintosh (5.1 only): /usr/openv/netbackup/var/keyfile.dat
Macintosh (6.0 and above): /usr/openv/var/keyfile.dat
Windows: C:\Program Files\VERITAS\NetBackup\var\keyfile.dat

The default location of the key file for Legacy Encryption (also known as 40-bit or 56-bit encryption, NetBackup Encryption 5.0) is:
UNIX: /usr/openv/netbackup/keyfile
Windows: C:\Program Files\VERITAS\NetBackup\bin\keyfile.dat

The manuals listed above do not make precise distinctions between Legacy and Standard Encryption when discussing the keyfile.dat file, often presenting only the default location for Legacy Encryption, which may not be in use.  For Standard Encryption, the path to keyfile.dat cannot be changed and will always be the default listed above.

The Commands Guides (linked below) correctly differentiate between the two locations, depending on the type of encryption used, in the man pages for bpkeyfile and bpkeyutil.

Note: Do not attempt to use the CRYPT_KEYFILE registry key (Windows - HKEY_LOCAL_MACHINE\SOFTWARE\VERITAS\NetBackup\CurrentVersion\Config\CRYPT_KEYFILE) or bp.conf setting (UNIX) with Standard Encryption.  This variable is only used with Legacy Encryption - setting or altering it will have no effect on the path NetBackup uses to find keyfile.dat for encrypted backups using Standard Encryption.

For Legacy Encryption, it is recommended that this setting only be changed through the GUI interface (Host Properties > Clients > Encryption > Legacy DES Encryption > Encryption key file) rather than by manually editing the registry or bp.conf file.



Legacy ID



295656


Article URL http://www.symantec.com/docs/TECH56707


Terms of use for this information are found in Legal Notices