Encryption used?

Dieter · Post by **Dieter** » Apr 09, 2017 4:54 pm this post

Veeam Agent for Windows 2.0 Beta claims to support backup encryption. However I have not found any info on the encryption used, e.g. encryption algorithm, key length, mode of operation, security white paper, ... . Is there at least some basic info available during the beta phase?

Post by **nielsengelen** » Apr 09, 2017 8:01 pm this post

The documentation will be available upon release. If you send backups to the Veeam repository you can find more info on the encryption via the helpcenter.

Post by **Dima P.** » Apr 10, 2017 5:35 pm this post

Niels is right. Encryption engine is absolutely identical to Veeam Backup and Replication, so the provided link should help. In addition, here is the link to current verion of Help Center for VAW 2.0, keep in mind that it's not final.

SaschaH · Post by **SaschaH** » May 03, 2017 2:56 pm this post

Hi,

I just read this at the helpcenter regarding the encryption settings:

If you lose a password that was specified for encryption, you can change the password in the encryption settings. The new password can be used for performing data restore form all restore points in the backup chain, including restore points that were encrypted with an old password.

That leaves me puzzled. So, if I forget the password (or someone has my backups) I just set a new password and can restore files? Well, I don't think so - so what do I miss here?!
Maybe someone can tell a little more about the encryption in VAW (what algorithm for example)?

Thank you!
Sascha

Post by **Dima P.** » May 03, 2017 11:08 pm this post

Hi Sascha,

Agent decryption key stores locally. Such approach allows perform restore without typing the password on local computer where VAW is installed. However, if you take this backup file to another VAW it will prompt you for the password.

SaschaH · Post by **SaschaH** » May 04, 2017 8:41 am this post

Hi Dima,

thanks for clearing this up. And thanks for merging those threads, I must have missed Dieters thread.

Regards,
Sascha

marcus@vision1.org · May 23, 2017 4:16 am

Hello,

I'm new to Veeam and VAW 2.0. Not new to encryption in windows. Reading this thread....I'm curious where & how the decryption keys are stored ("locally")? If they're not stored securely, seems like there's a potential chink in the armor here. ?

thanks.
-marcus

Post by **Mike Resseler** » May 23, 2017 5:09 am this post

Hi Marcus,

For more information on the encryption that we are using: https://helpcenter.veeam.com/docs/backu ... tml?ver=95
You can ignore the information on Enterprise Manager as I have read from your previous thread that you are backing up to a removable device.

For the keys: VAW uses 4 types of keys (Session key, Storage Key, User Key and Metakey). The exact procedure of which key is used when and where it is stored can be found here: https://helpcenter.veeam.com/docs/agent ... tml?ver=20

Hope it helps
Mike

marcus@vision1.org · May 23, 2017 12:42 pm

Thanks for that! Very helpful.

So I conclude two things: a) the user key, and other derives keys, are stored in a database on the machine's HDD ("VAW database"), and b) the user key is not stored on the backup target, only encrypted "derived" keys (storage, meta, and session) are. True?

-marcus

May 23, 2017 12:47 pm

Correct

R&D Forums

Encryption used?

Re: Encryption used?

Re: Encryption used?

[MERGED] VAW 2.0 - Encryption

Re: Encryption used?

Re: Encryption used?

Re: Encryption used?

Re: Encryption used?

Re: Encryption used?

Re: Encryption used?

Who is online