Video Screencast Help

Backup Exec encrypting data that is already encrypted

Created: 21 May 2013 | 3 comments
longryder's picture


Does anyone have any experience of encrypting data with BE2012 software encryption that has already been encrypted with another peice of encryption software (TrueCrypt) ?

I have a functional request for this within Backup Exec 2012 but I'm not convinced that it is a good idea to be layering multi-level encryption, or indeed if it is possible ?

Any thoughts opinions greatly received.

Operating Systems:

Comments 3 CommentsJump to latest comment

CraigV's picture


To be honest I wouldn't do this...lose 1 encryption key and you're dead in the water. Also, you need to take into account any issues you might run into when backing up that data.


Alternative ways to access Backup Exec Technical Support:

Colin Weaver's picture

Having had a quick look at the website for TrueCrypt - I don't think you will be encrypting twice.

This is because it looks like TrueCrypt is intended to be transarent to both users and services that might run in the operating system. As such BE will be reading the files one at a time as if they are not encrypted as we are dynamically reading via the filter driver that decrypts the files on the fly.

As such if you do not turn on BE encryption then you will almost certainly be in the odd position of the source being encrypted but the backup media not.

A few points to think about however

1) Do no encrypt a volume containing a Backup Exec Deduplication Storage Folder

2) Probably not a good idea to encrypt a volume containing a Disk Storage Device either

3) We do not test BE protecting TrueCrypt so any assistenace from Symantec Support might be 'reasonable busienss efforts only'

longryder's picture

Colin / Craig,

Thanks for your comments. I agree that it is less than ideal to have two encryption keys to manage.

I guess with "encrption on the fly" the Backup Exec services will read the data in the same manner as if it were not encrypted. However if the data is "encrypted at rest" then there is little likelihood of BUE being able to read the data to begin with and therefore a non-starter.

Thanks again for your opinions