Encrypt data

These user guides will help you to secure encrypted data on your Windows computer on servers of the University of Vienna. 

To increase data security, IBM Spectrum Protect offers the option of data encryption. 128-bit AES encryption is used as standard, but you can optionally increase this to 256-bit. Activated data encryption does not affect the amount of data that is transferred to and from the backup servers.

 Note

To encrypt the files, you must enter an encryption key password. If the password is lost, the encrypted data can no longer be restored. There is also no possibility on the server side to read out the password or to set a new one.

Activating encryption

Open the IBM Spectrum Protect program and select Edit – Client Preferences.

Screenshot – Client preferences


Click Authorization on the left, then select the preferred option for the Encryption Key password:

  • Prompt for encryption key password: The encryption password must be entered for every backup and restore process. 
  • Save encryption key password: The encryption key password is saved locally and encrypted on your computer and therefore does not have to be entered for every backup and restore process.

 Note

For an automated backup, you must select Save encryption key password and set the option Password Generate under Password access.


Click OK. In the following pop up window, confirm with OK again.

Screenshot - activate encryption

Select files for encryption

Files or folders must be explicitly selected for encryption. In IBM Spectrum Protect, choose Edit – Client Preferences from the menu.

Screenshot - client preferences


On the left side, select Include/Exclude and click Add... on the right side.

Screenshot - include/exclude


To add a file, enter it in the File or Pattern field and select the following options: 

  • Category: Backup
  • Type: Include.Encryption

Screenshot - add file


To add a folder, enter it in the File or Pattern field and select the following options:

  • Category: Backup
  • Type: Include.Encryption

Screenshot - add folder


Confirm with OK. 

As soon as you have added all files and folders that you want to encrypt during the data backup, close the client preferences window with OK as well.

Backup with encryption

Start a backup as usual (see user guides for Store data). Depending on the selected settings, you have to set an encryption password for the first backup or for each backup. This password is freely selectable.

Screenshot - type in password

 Note

If you want to restore the backed up files, you will need this password again. For example, if you use a different password every day, you must also enter the password form the previous day to restore a file backed up the day before. The set password applies to all files that are encrypted and backed up in a session.