Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section III. Encryption of data at rest
  7. NetBackup key management service
  9. KMS database constituents
NetBackup™ Security and Encryption Guide

KMS database constituents

The KMS database consists of three files:

  • The keystore file (KMS_DATA) contains all the key group and key records along with some metadata.

  • The KPK file (KMS_KPKF) contains the KPK that is used to encrypt the ciphertext portions of the key records that are stored in the keystore file.

  • The HMK file (KMS_HMKF) contains the HMK that is used to encrypt the entire contents of the keystore file. The keystore file header is an exception. It contains some metadata like the KPK ID and HMK ID that is not encrypted).

Feedback

Was this page helpful?
Previous

Example of verifying an encryption backup

Next

Creating an empty KMS database

Feedback

Was this page helpful?