Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. Veritas NetBackup™ Commands Reference Guide
  5. Appendix A. NetBackup Commands
  7. bpkeyfile
Veritas NetBackup™ Commands Reference Guide

Name

bpkeyfile — run the legacy key file utility that is used for NetBackup standard encryption

SYNOPSIS

bpkeyfile [-stdin] [-change_key_file_pass_phrase] [-change_netbackup_pass_phrase] [-display] key_file_path

On UNIX systems, the directory path to this command is /usr/openv/netbackup/bin/admincmd/

On Windows systems, the directory path to this command is install_path\NetBackup\bin\admincmd\

DESCRIPTION

bpkeyfile creates or updates a file that contains the information that is used to generate DES encryption keys. The information is generated based on a NetBackup phrase that you supply. You supply a key-file pass phrase to encrypt the key file.

NetBackup client software uses an encryption key that is calculated from the key file information to encrypt files during backups or decrypt files during restores.

If the file exists, you are prompted to enter the current key-file pass phrase.

If you specify -change_key_file_pass_phrase, you are prompted for a new key-file pass phrase. If you enter an empty pass phrase, a standard key-file pass phrase is used.

If you use the standard key-file pass phrase, bpcd runs automatically. If you use your own key-file pass phrase, start bpcd with the -keyfile argument.

For more about how to start bpcd with the -keyfile argument, see the NetBackup Security and Encryption Guide.

OPTIONS

-stdin

Reads pass phrases from standard input. By default, bpkeyfile reads the pass phrases that you are prompted to input from your terminal window.

-change_key_file_pass_phrase (or -ckfpp)

Changes the pass phrase that is used to encrypt the key file.

-change_netbackup_pass_phrase (or -cnpp)

Changes the pass phrase that is used to encrypt NetBackup backups and archives on this client.

-display

Displays information about the key file.

key_file_path

The path of the key file that bpkeyfile creates or updates.

NOTES

The pass phrases that NetBackup uses can be from 0 to 63 characters long. To avoid compatibility problems between systems, restrict the characters in a pass phrase to printable ASCII characters: from the Space character (code 32) to the tilde character (code 126).

The bpkeyfile command is used for legacy encryption.

FILES

Client encryption key file:

UNIX systems: /usr/openv/netbackup/keyfile

Windows systems: install_path\NetBackup\bin\keyfile.dat

Feedback

Was this page helpful?
Previous

bpinst

Next

bpkeyutil

Feedback

Was this page helpful?