8 encryption and compression, Encryption, Cryptographic algorithms – HP Data Protector Express Basic-Software User Manual

8 Encryption and Compression

In this chapter

• Encryption for Backup Jobs
• Compression
• Key Management

Encryption

Encryption is the process of changing data into a form that cannot be read until it is deciphered,

protecting the data from unauthorized access and use. Company policy normally determines when

encryption is required.
For example, it may be mandatory for company confidential and financial data, but not for personal data.

Company policy will also define how encryption keys should be generated and managed.

The current version of Data Protector Express provides the user with the ability to encrypt the data that is

written to the media and fully implements the Advanced Encryption Standard (AES) for both hardware

and software encryption.

•

Hardware encryption is supported on some backup devices, such as HP LTO-4 tape drives. It is

faster than software encryption and requires no processing on the backup server. The encryption

strength is determined by the backup device. HP LTO-4 tape drives always provide strong AES-256

encryption. This feature can be managed by a backup application that supports hardware

encryption, such as Data Protector Express.

•

Software encryption uses the encryption algorithms available within Data Protector Express. The

user selects an encryption strength: Low 56 bit, Medium 128-bit or High 256-bit. Each encryption

key size causes the algorithm to behave slightly differently. Increasing software encryption strength

makes the data more secure, but requires more processing power.

If your business requires you to use encryption, Data Protector Express allows you to set the required

encryption types and levels. This chapter contains important information about data encryption.

Cryptographic Algorithms

Cryptographic algorithms are the basic components of cryptographic applications. It is important to

understand that as you increase the complexity of the encryption the information gets closer to impossible

to read and the load on your machine, for software-based encryption, will increase.

Software

Three cryptographic algorithms are provided. These three settings provide three levels of

resistance which require progressively more CPU time to convert the same amount of data. The three

options are for the software encryption mode only.

•

Low – DES 56-bit

•

Medium – AES 128-bit

•

High – AES 256-bit

Hardware

The cryptographic algorithm provided by hardware devices that provide this feature is not

under Data Protector Express control. The hardware provides configuration and operating parameters

via a special encryption command. The device driver adjusts its crypto session settings from this input.

Hardware encryption is an on/off feature, you do not have the ability to adjust the encryption level

through the Data Protector Express interface. By default Data Protector Express will attempt to use the

highest encryption algorithm supported on the device, if the device supports multiple algorithms. If the

User’s Guide

55