Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section III. Encryption of data at rest
  7. Data at rest encryption security
  9. About NetBackup client encryption
  11. NetBackup standard encryption restore process
NetBackup™ Security and Encryption Guide

NetBackup standard encryption restore process

The prerequisites for restoring a standard encrypted backup are as follows:

  • The encryption software must be loaded onto the client.

    Note:

    The encryption software is automatically installed with the NetBackup UNIX server and client installations.

  • A key file must exist. The key file is created when you run the bpkeyutil command from the server or from the client.

When the restore occurs, the server determines from the backup image whether the backup was encrypted. The server then connects to bpcd on the client to initiate the restore. The server sends to the client an encryption flag on the restore request.

When a backup takes place properly, the restore occurs as follows:

  • The server sends file names, attributes, and encrypted file data to the client to be restored.

  • If the client reads an encryption tar header, the client compares the checksum in the header with the checksums of the keys in the key file. If the one of the keys' checksum matches the header's checksum, NetBackup uses that key to decrypt the file data. It uses the cipher that is defined in the header.

  • The file is decrypted and restored if a key and cipher are available. If the key or cipher is not available, the file is not restored and an error message is generated.

Feedback

Was this page helpful?
Previous

Legacy encryption backup process

Next

NetBackup legacy encryption restore process

Feedback

Was this page helpful?