The Tivoli® Storage Manager client supports the option to encrypt files being backed up or archived to the Tivoli Storage Manager server. This option is enabled with the include.encrypt option.
All files matching the pattern on the include.encrypt specification are encrypted before the data is sent to the server. There are three options for managing the key used to encrypt the files (prompt, save, and generate). All three options can be used with either the backup-archive client or the Tivoli Storage Manager API.
The encryption key password is case-sensitive and can be up to 63 characters in length and include the following characters:
This option is valid for all clients. The server can also define this option.
Place this option in the dsm.sys file within a server stanza. You can set this option on the Authorization tab, Encryption Key Password section of the Preferences editor.
Place this option in the client options file (dsm.opt). You can set this option on the Authorization tab, Encryption Key Password section of the Preferences editor.
.-save-----. >>-ENCRYPTKey--+----------+------------------------------------>< +-prompt---+ '-generate-'
When the save option is specified for an API application, the initial key password must be provided by the application using the API in the dsmInitEx function call. The API itself does not issue a prompt to the user but relies on the application to prompt the user as necessary.
When the save option is specified for an API application (does not apply to Mac OS X), the initial key password must be provided by the application using the API in the dsmInitEx function call. The API itself does not issue a prompt to the user but relies on the application to prompt the user as necessary.
This is the default.
When the prompt option is specified for an API application, the key password must be provided by the application using the API in the dsmInitEx function call. The API itself does not issue a prompt to the user but relies on the application to prompt the user as necessary.
When the prompt option is specified for an API application (does not apply to Mac OS X), the key password must be provided by the application using the API in the dsmInitEx function call. The API itself does not issue a prompt to the user but relies on the application to prompt the user as necessary.