Hi Bill,

I asked that question a while back to TSM support, and got this in response:

To trace encryption, add to dsm.opt:

tracefile \path\traceit.txt
traceflag encrypt

In the resulting traceit.txt file, the encryption lines are VERY obvious.
I was doing this in an early 5.3 client though, and at that time the trace
would always say DES-56, not AES128.  Dunno if that's fixed yet or not.

Anyway, at least yoy can see SOMETHING is taking place.

Wanda






> I have a client that required certain directories on each file server to
> be encrypted. We made the changes to the DSM.OPT to enable
> AES128 and the include.encrypt statemsents and did a selective always
> backup of those directories so that the active version was an
> encrypted version and all the other inactive un-encrypted versions will
> roll off based on REtain Extra. Here is a question from the
> client. Can anyone give some suggestions on how to prove that data is
> encrypted?
>
> Is there a way that we can report on what's encrypted, maybe as part of
> the rules for backing up? The question is, if audited
> internally, or externally, how do we prove data's encrypted.
>
> More importantly, if we lose a tape, how could we prove it if asked if we
> need to disclose?
>
>
> Bill Boyer
>>Select * from USERS where CLUE>0
> 0 rows returned
>