Thanks Andy,

From what I understand, you cannot encrypt the systemobjects which would
include the registry, is this the case and if so, is there a way around
this in order to secure that your registry is not sent across the wire
un-encrytpted when you are not using a VPN tunnel or encryption over the
wire?

Should I uncheck "backup the registry" in the GUI.

Thanks


On Tue, 10 Oct 2006, Andrew Raibeck wrote:

> No, you cannot just export/import the registry key.
>
> See the README file for the 5.3.4.x clients and look for the bullet titled
> "ENCRYPTKEY SAVE requirements". Also look up APAR IC48782.
>
> Regards,
>
> Andy
>
> Andy Raibeck
> IBM Software Group
> Tivoli Storage Manager Client Development
> Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
> Internet e-mail: storman AT us.ibm DOT com
>
> IBM Tivoli Storage Manager support web page:
> http://www.ibm.com/software/sysmgmt/products/support/IBMTivoliStorageManager.html
>
> The only dumb question is the one that goes unasked.
> The command line is your friend.
> "Good enough" is the enemy of excellence.
>
> "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 10/08/2006
> 08:44:35 PM:
>
> > Thank you for the info.  I'll look into the MS regedit for
> > exporting/importing and see if the client wants to do this or if they
> > will just keep the password phrase used somewhere and just use that if
> > need be.
> >
> >
> >
> > TSM_User wrote:
> >
> > > To your question you only need the value you typed to generate the
> > key the first time. You will be prompted to type it again and it
> > will then encrypt the key again and store it in the registry.
> > >
> > >   Entries in the registry can be exported and then imported on
> > another server. Exporting the keys from the registry using the MS's
> > regedit on one system and then importing them somewhere else may
> > work but I think Andy may need to chime in on that.
> > >
> > > Roger Silva <rogsilva AT STANFORD DOT EDU> wrote:
> > >   Hi,
> > >
> > > My client has asked me if there is a way to export the EncryptKey but
> I
> > > have not found any documention talking about this. The reason for this
> > > I assume would be in case of a system crash. I know the EncryptKey is
> > > kept on both the client side in the registry and I believe on the
> server
> > > side as well. If the system was to crash, do you still only need the
> > > Encryption Password to restore the data? Would this be just as if you
> > > did not use the "SAVE" option and instead you used the "PROMPT"
> option?
> > >
> > >
> > > Thanks again for your info.
> > >
> > > Roger
> > >
> > >
> > >
> > > ---------------------------------
> > > Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.
> > Great rates starting at 1¢/min.
> > >
>
>