WellingtonIS
asked on
Symantec Backup Exec 2010 encryption key
I can't seem to find my encryption key for my backups. I need to restore something and of course what I need to restore is asking me for that key. Is there any possible way to recover this????
Last Comment
If you are using (for the restore operation) the same system used for the backup operation, the system shouldn't ask for any key since it's already known.
But, if you are using another system you must have that encryption key. That is what the encryption key is for: preventing unauthorized people from reading your backups.
You are authorized but the fact you are missing the key makes you unauthorized for the system.
But, if you are using another system you must have that encryption key. That is what the encryption key is for: preventing unauthorized people from reading your backups.
You are authorized but the fact you are missing the key makes you unauthorized for the system.
ASKER
I am using the same everything. I lost my disk in an array so I need to restore the data, however, I can't even look at that data without the key.
check about the encryption key management..
http://www.symantec.com/business/support/index?page=content&id=HOWTO73394#v53895134
http://community.spiceworks.com/topic/335506-replace-backup-exec-encryption-key
all the best
http://www.symantec.com/business/support/index?page=content&id=HOWTO73394#v53895134
http://community.spiceworks.com/topic/335506-replace-backup-exec-encryption-key
all the best
The key should be on the Backup Exec itself if you didn't remove it or changed it. If it's asking you for such key and you don't have it you mostly won't be able to unencrypt your backup.
There is no "back door" to tape encryption systems, or they wouldn't be secure enough to be called encrypting systems. If the system is asking you for the key, you will need to find it somewhere or somehow.
It's been said that encryption is now easy -- it's key management that is hard.
Your problem points out one of the reasons why doing tests of your ability to restore is so important -- had you done a test restore to a different BE environment as a test, you would have discovered that you needed the key -- and at that point you could have either made sure you had it, or you could have stopped backing up with the useless unknown key, and started using a new key that you kept good care of.
How do you protect your keys? Big systems have secure, fully-functional appliances called key managers that help them manage many keys across an enterprise -- but these are expensive (say, $100,000 range and up).
Medium businesses with tape libraries or autoloaders (say, HP MSL class) will often have a hardware token that stores keys and provides a second key for redundancy -- but these tokens have their own access key that you've got to know, or you're stuck once again. These encryption token kits cost a $3,000, =/-.
What does the really small business owner do? Some ideas:
- Store the key in a notebook in a home safe.
- Store the key in an encrypted file on a memory stick -- using a key that you'll never forget. The hint that only you will know could be in a text file on that device.
- Save the key in a 'note' file in two or more of your personal email accounts (Yahoo has a "notepad" function, for instance).
The important points in key management are:
- Make sure you can retrieve the key
- Make sure only you (or only authorized users) can retrieve the key
- Make sure the key is stored in multiple places (if you're counting your brain as one, "multiple" means "at least three")
- Make sure you can retrieve the key even in times of stress and extreme circumstances (i.e., don't only store the key in the server room, because if the server room floods, burns up, is destroyed in an explosion, etc., you're out of luck. Always remember that stress (caused, for instance, by a disaster that makes the server unavailable) makes us forget things... like encryption keys.)
Oh -- if you think the key was a string or phrase that meant something to you at one time (and which you just can't remember) as opposed to some random or pseudo-random machine-generated key, you might consider hypnosis. Honest. It might not work, but there's no other way I know of to recover the key from your brain in a short period of time.
It's been said that encryption is now easy -- it's key management that is hard.
Your problem points out one of the reasons why doing tests of your ability to restore is so important -- had you done a test restore to a different BE environment as a test, you would have discovered that you needed the key -- and at that point you could have either made sure you had it, or you could have stopped backing up with the useless unknown key, and started using a new key that you kept good care of.
How do you protect your keys? Big systems have secure, fully-functional appliances called key managers that help them manage many keys across an enterprise -- but these are expensive (say, $100,000 range and up).
Medium businesses with tape libraries or autoloaders (say, HP MSL class) will often have a hardware token that stores keys and provides a second key for redundancy -- but these tokens have their own access key that you've got to know, or you're stuck once again. These encryption token kits cost a $3,000, =/-.
What does the really small business owner do? Some ideas:
- Store the key in a notebook in a home safe.
- Store the key in an encrypted file on a memory stick -- using a key that you'll never forget. The hint that only you will know could be in a text file on that device.
- Save the key in a 'note' file in two or more of your personal email accounts (Yahoo has a "notepad" function, for instance).
The important points in key management are:
- Make sure you can retrieve the key
- Make sure only you (or only authorized users) can retrieve the key
- Make sure the key is stored in multiple places (if you're counting your brain as one, "multiple" means "at least three")
- Make sure you can retrieve the key even in times of stress and extreme circumstances (i.e., don't only store the key in the server room, because if the server room floods, burns up, is destroyed in an explosion, etc., you're out of luck. Always remember that stress (caused, for instance, by a disaster that makes the server unavailable) makes us forget things... like encryption keys.)
Oh -- if you think the key was a string or phrase that meant something to you at one time (and which you just can't remember) as opposed to some random or pseudo-random machine-generated key, you might consider hypnosis. Honest. It might not work, but there's no other way I know of to recover the key from your brain in a short period of time.
ASKER
Actually good point however, in my case it's more of the disk drive died and that's why the key is gone. I'm working with Symantec to generate a new one so I don't lose what I have.. Thanks for the comments. The only "stupid" thing i did was lose the darn key!!! I'm still kicking myself for this one...
Good luck with Symantec! Really!
I hope I'm wrong (for you) but even Symantec shouldn't be able to generate a new one capable of recovering your data.
I hope I'm wrong (for you) but even Symantec shouldn't be able to generate a new one capable of recovering your data.
ASKER
Fingers crossed! :)
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I got in touch with Symantec and they got me though this.
Windows Server 2003
Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).
129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
Here is an article for Backup Exec 11d but I believe it uses the same principle.
How to create, replace or delete an Encryption Key in Backup Exec 11d and above
Hope this helps