Passphrase, Encryption options – HP Data Protector Express Basic-Software User Manual
Page 56

device does not support encryption, the user will be prompted with an alert telling them that the device
cannot be used since it does not support hardware encryption.
Passphrase
The passphrase is a series of characters that must be provided by the user for input to the cryptographic
key generation process.
•
Passphrases must be no less than 8 logical characters. They may be created by the user or
randomly generated by a separate application.
•
If created by the user, the passphrase should be difficult to guess and should contain a mix of
lowercase/uppercase letters, digits and special characters.
•
The passphrase is one of the components Data Protector Express uses to generate the encryption
key. A longer or random passphrase will increase the strength of the encryption key even more.
•
To aid the user in remembering the passphrase, the user may enter a hint message. The use of
this field is optional and provided to the user as prompt for remembering the passphrase.
•
If a backup job spans multiple media, the same passphrase will be used for all media in the set.
Passphrases for the media are stored in the Data Protector Express catalog. This means the user is able to
read and append to the encrypted media without being prompted for a passphrase as long as it is being
accessed by the instance of Data Protector Express that first encrypted it
Once a media is deleted or exported from the Data Protector Express catalog the passphrase is also
deleted. There are two instances when the user needs to know the passphrase:
•
When importing the media to another machine or another instance of Data Protector Express
•
During disaster recovery
CAUTION:
Managing the passphrase is a critical component of any encryption system. Data may be stored for
months or years, so passphrases must be archived securely. The user should keep a record or backup
of encryption passphrases and store them in a secure place separate from the computer running Data
Protector Express. If the user is unable to supply the passphrase when requested to do so, neither the user
nor Data Protector Express Support will be able to access the encrypted data.
Encryption Options
Encryption is enabled on the job’s Encryption page.
Off
Both hardware and software encryption are disabled.
Automatic
This selection will use hardware encryption, if it is available from the device; otherwise,
software encryption will be used
Software
Software encryption will be used. When Software is selected, the user can choose the
strength of software encryption
Hardware
Hardware encryption will be used, if the device supports it. If it does not support encryption
and this option is selected, the user will be prompted with an alert stating that the device cannot be used
since it does not support hardware encryption.
Software Strength
Options for the software encryption strength are listed below as three selections, low,
medium and high. Low is the easiest method to decipher by outside methods, High is the hardest method
to decipher by outside methods. As you progress from low to high, the encryption algorithm requires
more CPU computations for each block of data to be encrypted, which may slow down the data stream
to the device and will increase CPU loading on the Media Server.
Encryption passphrase / Verify Passphrase
The user supplied portion of the encryption key. Data
Protector Express will use this value, along with other information it generates, to calculate an encryption
key for the media. The passphrase must be entered twice to minimize the change of making a mistake
while typing.
56
Encryption and Compression