Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section III. Encryption of data at rest
  7. NetBackup key management service
  9. About FIPS enabled KMS
NetBackup™ Security and Encryption Guide

About FIPS enabled KMS

NetBackup KMS can now be operated in the FIPS mode, wherein the encryption keys that you create are always FIPS approved. FIPS configuration is enabled by default.

See About Federal Information Processing Standards (FIPS).

When you create a new key, a salt is always generated with the new key. Providing the salt value is mandatory when you want to recover a key.

Consider the following example; hrs09to12hrs is a key created using an older version of NetBackup:

Key Group Name : ENCR_Monday

Supported Cipher : AES_256

Number of Keys : 8

Has Active Key : Yes

Creation Time : Wed Feb 25 22:46:32 2015

Last Modification Time: Wed Feb 25 22:46:32 2015

Description : -

Key Tag : 5e16a6ea988fc8ec7cc9bdbc230811b65583cdc0437748db4521278f9c1bbdf9

Key Name : hrs09to12hrs

Current State : ACTIVE

Creation Time : Wed Feb 25 22:50:01 2015

Last Modification Time: Wed Feb 25 23:14:18 2015

Description : active

The key hrs09to12hrs is moved from key group ENCR_Monday to a new key group ENCR_77.

C:\Program Files\Veritas\NetBackup\bin\admincmd>nbkmsutil -modifykey -keyname hrs09to12hrs -kgname ENCR_Monday -move_to_kgname ENCR_77

Key details are updated successfully

Now list all the keys of the ENCR_77 key group. Note that the new key Fips77 would be FIPS approved, but not hrs09to12hrs that was created using an older version of NetBackup.

C:\Program Files\Veritas\NetBackup\bin\admincmd>nbkmsutil -listkeys -kgname NCR_77

Key Group Name : ENCR_77 Supported

Cipher : AES_256

Number of Keys : 2

Has Active Key : Yes

Creation Time : Thu Feb 26 04:44:12 2015

Last Modification Time: Thu Feb 26 04:44:12 2015

Description : -

Key Tag : 5e16a6ea988fc8ec7cc9bdbc230811b65583cdc0437748db4521278f9c1bbdf9

Key Name : hrs09to12hrs

Current State : ACTIVE

Creation Time : Wed Feb 25 22:50:01 2015

Last Modification Time: Thu Feb 26 04:48:17 2015

Description : active

FIPS Approved Key : No

Key Tag : 4590e304aa53da036a961cd198de97f24be43b212b2a1091f896e2ce3f4269a6

Key Name : Fips77

Current State : INACTIVE

Creation Time : Thu Feb 26 04:44:58 2015

Last Modification Time: Thu Feb 26 04:48:17 2015

Description : active

FIPS Approved Key : Yes

Salt : 53025d5710ab36ac1099194fb97bad318da596e27fdfe1f2

Number of Keys: 2

The new key Fips77 is FIPS approved and also has a Salt value.

KMS with FIPS compliance is supported on the following platforms:

  • MS Windows Server 2012

  • Linux.2.6.16 x86-64 Suse-10

  • Linux.2.6.18 x86-64 RHEL-5

Feedback

Was this page helpful?
Previous

NetBackup key management service

Next

About Federal Information Processing Standards (FIPS)

Feedback

Was this page helpful?