Legacy encryption backup process

The prerequisites for encrypting a legacy backup are as follows:

The encryption software must include the appropriate DES library, as follows:
- For 40-bit DES encryption, libvdes40.suffix; the suffix is so, sl, or dll, depending on the client platform.
- For 56-bit DES encryption, libvdes56.suffix; the suffix is so, sl, or dll, depending on the client platform.
  Note:
  The encryption software is automatically installed with the NetBackup UNIX server and client installations.
A key file must exist as specified with the CRYPT_KEYFILE configuration option. You create the key file when you specify a NetBackup pass phrase with the server bpinst command or the client bpkeyfile command.
You must select the Encryption attribute on the NetBackup policy that includes the client.

If the prerequisites are met and the backup is to be encrypted, the following occurs:

The client takes the latest data from its key file and merges it with the current time (the backup time) to generate a DES key. For 40-bit DES, 16 bits of the key are always set to zero.
For each backed-up file, the following occurs:
- The client creates an encryption tar header. The tar header contains a checksum of the DES that NetBackup used for encryption.
- The client writes the file data that was encrypted with the DES key. Note that only file data is encrypted. File names and attributes are not encrypted.
The server reads the file names, attributes, and data from the client and writes them to a backup image on the server. The server DOES NOT perform any encryption or decryption of the data. The backup image on the server includes the backup time and a flag that indicates whether the backup was encrypted.