Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section III. Encryption of data at rest
  7. Data at rest encryption security
  9. Configuring legacy encryption on clients
  11. About configuring legacy encryption from the client
NetBackup™ Security and Encryption Guide

About configuring legacy encryption from the client

The following table contains the legacy encryption-related configuration options that are on a NetBackup client. Ensure that these options are set to the appropriate values for your client. These are set if you run the bpinst -LEGACY_CRYPT command from the server to the client name.

Table: Legacy encryption configuration options

Option

Value

Description

CRYPT_OPTION = option

Defines the encryption options on NetBackup clients. The possible values for option follow:

denied|DENIED

Specifies that the client does not permit encrypted backups. If the server requests an encrypted backup, it is considered an error.

allowed|ALLOWED

(The default value) Specifies that the client allows either encrypted or unencrypted backups.

required|REQUIRED

Specifies that the client requires encrypted backups. If the server requests an unencrypted backup, it is considered an error.

CRYPT_KIND = kind

Defines the encryption type on NetBackup clients. The possible values for kind follow:

NONE

Neither standard encryption nor legacy encryption is configured on the client.

LEGACY

Specifies the legacy encryption type, either 40-bit DES or 56-bit DES. This option is the default if the legacy encryption type is configured on the client, and the standard encryption type is not configured.

STANDARD

Specifies the cipher encryption type, which can be either 128-bit encryption or 256-bit encryption.

CRYPT_STRENGTH = strength

Defines the encryption strength on NetBackup clients. The possible values for strength follow:

des_40|DES_40

(The default value) Specifies 40-bit DES encryption.

des_56|DES_56

Specifies the 56-bit DES encryption.

CRYPT_LIBPATH = directory_path

Defines the directory that contains the encryption libraries on NetBackup clients.

The install_path is the directory where NetBackup is installed and by default is C:\VERITAS.

/usr/openv/lib/

The default value on UNIX systems.

install_path\NetBackup\bin\

The default value on Windows systems

CRYPT_KEYFILE = file_path

Defines the file that contains the encryption keys on NetBackup clients.

/usr/openv/var/keyfile

The default value on UNIX systems.

install_path\NetBackup\var\keyfile.dat

The default value on Windows systems.

Feedback

Was this page helpful?
Previous

Configuring legacy encryption on clients

Next

Managing legacy encryption key files

Feedback

Was this page helpful?