Changing Client side encryption password.

[AlanDavenport]

Is it possible to change the password used for client side encryption? Auditors have asked this question of me. My take is that I could deleted the stored, encrypted password and back up a file to generate a new one but this would then cause previously encrypted backups to become unrecoverable. is thsi correct?

Al

 

[moon-buddy]

Is it possible to change the password used for client side encryption? Auditors have asked this question of me. My take is that I could deleted the stored, encrypted password and back up a file to generate a new one but this would then cause previously encrypted backups to become unrecoverable. is thsi correct?

Al

Are you referring to the built in TSM Client data (not node password encryption) encryption around DES or AES?

If this is what you are referring to, the key, I believe, is created around the node's unique Global UID and is created at the node's registration time. Essentially, the key cannot be changed (but don't quote me on this, I may be remembering it wrong), and changing the node's password (regenerating it) does not affect any data previously stored.

Does anyone know more about this?

 

[AlanDavenport]

Are you referring to the built in TSM Client data (not node password encryption) encryption around DES or AES?

Yes, that is what I am referring to.

 

[Jacob_6]

Don't quote me on this, but if I recall correctly, if you change the encryption password, it will affect any data stored after the change. Data previously backed up encrypted will query for the original encryption password it was backed up with. It has been awhile since I researched this for a client.

If you don't have the previous encryption key, the data will not be restoreable.