Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section III. Encryption of data at rest
  7. Data at rest encryption security
  9. Configuring legacy encryption on clients
  11. Additional legacy key file security for UNIX clients
  13. Running the bpcd -keyfile command
NetBackup™ Security and Encryption Guide

Running the bpcd -keyfile command

This topic describes running the bpcd command as a stand-alone program.

To run bpcd as a stand-alone program

  1. Use the -change_key_file_pass_phrase (or -ckfpp) option on the bpkeyfile command to change the key file pass phrase, as in the following example:
    bpkeyfile -ckfpp /usr/openv/var/keyfile
Enter old keyfile pass phrase: (standard keyfile pass phrase)
Enter new keyfile pass phrase: (standard keyfile pass phrase)
******
Re-enter new keyfile pass phrase: (standard keyfile pass
phrase) ******

    If you type a carriage return at the prompt, NetBackup uses the standard key file pass phrase.

  2. Stop the existing bpcd by issuing the bpcd -terminate command.
  3. Initiate the bpcd command with the -keyfile option. Enter the new key file pass phrase when prompted.
    bpcd -keyfile
Please enter keyfile pass phrase: ******

    bpcd now runs in the background, and waits for requests from the NetBackup server.

    You can change the key file pass phrase at any time with the bpkeyfile command and the -ckfpp option. The new key file pass phrase does not take effect until the next time you start bpcd.

    You can also change the NetBackup pass phrase that is used to generate the DES keys to encrypt backups. Change this phrase at any time with the bpkeyfile command and the -cnpp option. Note, however, that the new NetBackup pass phrase does not take effect until you kill the current bpcd process and restart bpcd.

Feedback

Was this page helpful?
Previous

Additional legacy key file security for UNIX clients

Next

Terminating bpcd on UNIX clients

Feedback

Was this page helpful?