Encrypt data
These user guides will help you to secure encrypted data on your Mac on servers of the University of Vienna.
To increase data security, IBM Storage Protect offers the option of data encryption. 128-bit AES encryption is used as standard, but you can optionally increase this to 256-bit. Activated data encryption does not affect the amount of data that is transferred to and from the backup servers.
Note
To encrypt the files, you must enter an encryption key password. If the password is lost, the encrypted data can no longer be restored. There is also no possibility on the server side to read out the password or to set a new one.
Activating encryption
Open the IBM Storage Protect program and select Edit – Client Preferences.
Click Authorization on the left, then select the preferred option for the Encryption Key password:
- Prompt for encryption key password: The encryption password must be entered for every backup and restore process.
- Save encryption key password locally: The encryption key password is saved locally and encrypted on your computer and therefore does not have to be entered for every backup and restore process.
Note
For an automated backup, you must select Save encryption key password and set the option Password Generate under Password access.
Click OK. In the following pop up window, confirm with OK again.
Select files for encryption
Files or folders must be explicitly selected for encryption. In IBM Storage Protect, choose Edit – Client Preferences from the menu.
On the left side, select Include/Exclude and click Add... on the right side.
To add a file, enter it in the File or Pattern field and select the following options:
- Category: Backup
- Type: Include.Encryption
To add a folder, enter it in the File or Pattern field and select the following options:
- Category: Backup
- Type: Include.Encryption
Confirm with OK.
As soon as you have added all files and folders that you want to encrypt during the data backup, close the client preferences window with OK as well.
Backup with encryption
Start a backup as usual (see user guides for Store data). Depending on the selected settings, you have to set an encryption password for the first backup or for each backup. This password is freely selectable.
Note
If you want to restore the backed up files, you will need this password again. For example, if you use a different password every day, you must also enter the password form the previous day to restore a file backed up the day before. The set password applies to all files that are encrypted and backed up in a session.