> I have some questions for anyone using encryption.
>    How are people maintaining the encryption keys for recoveries,
>    specifically disaster recovery (not stored in the TSM.PWD)?

We ran some tests of TSM encryption when we thought it might be required
for regulatory compliance. We concluded that encryption was not required
before we got as far as implementing a key storage scheme. My thinking
was running in the direction of the secret sharing scheme developed by
Adi Shamir. One can pick any two positive integers m and n, with m not
greater than n, divide a secret into n pieces, and make it possible to
reconstruct the secret using any m pieces. We could, for example, have
entrusted pieces of the encryption keys to five managers, and reconstructed
the keys from any three of the pieces.

>    What effects does it have on backup/restore performance.

We ran some performance tests using relatively slow HP-UX systems
(K 210). The difference between average elapsed time with encryption
and average elapsed time without was smaller than the scatter within
each type of test. The was done with the 5.2 client, which only
supported DES. We have never had occasion to try AES.

>    Is there much impact to the amount of data?

Only if you try to do compression after encryption (in tape drive hardware,
for example). Encrypted data is essentially impossible to compress.
This is not an issue if you use client compression; the compression is
done before the encryption.