Two methods are available to encrypt data: application-managed encryption and Tivoli® Storage Manager client encryption.
Select and use only one of these methods to encrypt data. The methods are mutually exclusive and if you encrypt data by using both methods, you will be unable to restore or retrieve some data. For example, assume that an application uses application-managed encryption to encrypt object A, and then uses Tivoli Storage Manager client encryption to encrypt object B. During a restore operation, if the application sets the option to use Tivoli Storage Manager client encryption and it tries to restore both objects, only object B can be restored; object A cannot be restored because it was encrypted by the application, not by the client.
Regardless of the encryption method that is used, the Tivoli Storage Manager must enable password authentication. By default, the server uses SET AUTHENTICATION ON.
The API uses either AES 128-bit or AES 256-bit encryption. AES 256-bit data encryption provides a higher level of data encryption than AES 128-bit data encryption. Files that are backed up by using AES 256-bit encryption cannot be restored with an earlier client. Encryption can be enabled with or without compression. If you use encryption, you cannot use the partial object restore and retrieve and buffer copy elimination functions.