Standalone backup agent for Microsoft Windows servers and workstations (formerly Veeam Endpoint Backup FREE)
Post Reply
Dieter
Novice
Posts: 5
Liked: 3 times
Joined: Apr 09, 2017 4:48 pm
Full Name: Dieter
Contact:

Encryption used?

Post by Dieter »

Veeam Agent for Windows 2.0 Beta claims to support backup encryption. However I have not found any info on the encryption used, e.g. encryption algorithm, key length, mode of operation, security white paper, ... . Is there at least some basic info available during the beta phase?
nielsengelen
Product Manager
Posts: 5619
Liked: 1177 times
Joined: Jul 15, 2013 11:09 am
Full Name: Niels Engelen
Contact:

Re: Encryption used?

Post by nielsengelen »

The documentation will be available upon release. If you send backups to the Veeam repository you can find more info on the encryption via the helpcenter.
Personal blog: https://foonet.be
GitHub: https://github.com/nielsengelen
Dima P.
Product Manager
Posts: 14396
Liked: 1568 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Encryption used?

Post by Dima P. »

Niels is right. Encryption engine is absolutely identical to Veeam Backup and Replication, so the provided link should help. In addition, here is the link to current verion of Help Center for VAW 2.0, keep in mind that it's not final.
SaschaH
Influencer
Posts: 12
Liked: 7 times
Joined: Aug 20, 2015 10:23 am
Full Name: Sascha Hoehne
Contact:

[MERGED] VAW 2.0 - Encryption

Post by SaschaH »

Hi,

I just read this at the helpcenter regarding the encryption settings:
If you lose a password that was specified for encryption, you can change the password in the encryption settings. The new password can be used for performing data restore form all restore points in the backup chain, including restore points that were encrypted with an old password.
That leaves me puzzled. So, if I forget the password (or someone has my backups) I just set a new password and can restore files? Well, I don't think so - so what do I miss here?!
Maybe someone can tell a little more about the encryption in VAW (what algorithm for example)?

Thank you!
Sascha
Dima P.
Product Manager
Posts: 14396
Liked: 1568 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Encryption used?

Post by Dima P. »

Hi Sascha,

Agent decryption key stores locally. Such approach allows perform restore without typing the password on local computer where VAW is installed. However, if you take this backup file to another VAW it will prompt you for the password.
SaschaH
Influencer
Posts: 12
Liked: 7 times
Joined: Aug 20, 2015 10:23 am
Full Name: Sascha Hoehne
Contact:

Re: Encryption used?

Post by SaschaH »

Hi Dima,

thanks for clearing this up. And thanks for merging those threads, I must have missed Dieters thread. ;)

Regards,
Sascha
marcus@vision1.org
Novice
Posts: 4
Liked: never
Joined: May 20, 2017 3:13 pm
Full Name: Marcus Winston
Contact:

Re: Encryption used?

Post by marcus@vision1.org »

Hello,

I'm new to Veeam and VAW 2.0. Not new to encryption in windows. Reading this thread....I'm curious where & how the decryption keys are stored ("locally")? If they're not stored securely, seems like there's a potential chink in the armor here. ?

thanks.
-marcus
Mike Resseler
Product Manager
Posts: 8044
Liked: 1263 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Encryption used?

Post by Mike Resseler »

Hi Marcus,

For more information on the encryption that we are using: https://helpcenter.veeam.com/docs/backu ... tml?ver=95
You can ignore the information on Enterprise Manager as I have read from your previous thread that you are backing up to a removable device.

For the keys: VAW uses 4 types of keys (Session key, Storage Key, User Key and Metakey). The exact procedure of which key is used when and where it is stored can be found here: https://helpcenter.veeam.com/docs/agent ... tml?ver=20

Hope it helps
Mike
marcus@vision1.org
Novice
Posts: 4
Liked: never
Joined: May 20, 2017 3:13 pm
Full Name: Marcus Winston
Contact:

Re: Encryption used?

Post by marcus@vision1.org »

Thanks for that! Very helpful.

So I conclude two things: a) the user key, and other derives keys, are stored in a database on the machine's HDD ("VAW database"), and b) the user key is not stored on the backup target, only encrypted "derived" keys (storage, meta, and session) are. True?

-marcus
Mike Resseler
Product Manager
Posts: 8044
Liked: 1263 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Encryption used?

Post by Mike Resseler »

Correct
Post Reply

Who is online

Users browsing this forum: No registered users and 47 guests