API encryption

Two methods are available to encrypt data: application-managed encryption and IBM Spectrum Protect™ client encryption.

Select and use only one of these methods to encrypt data. The methods are mutually exclusive and if you encrypt data by using both methods, you will be unable to restore or retrieve some data. For example, assume that an application uses application-managed encryption to encrypt object A, and then uses IBM Spectrum Protect client encryption to encrypt object B. During a restore operation, if the application sets the option to use IBM Spectrum Protect client encryption and it tries to restore both objects, only object B can be restored; object A cannot be restored because it was encrypted by the application, not by the client.

Regardless of the encryption method that is used, the IBM Spectrum Protect must enable password authentication. By default, the server uses SET AUTHENTICATION ON.

The API uses either AES 128-bit or AES 256-bit encryption. AES 256-bit data encryption provides a higher level of data encryption than AES 128-bit data encryption. Files that are backed up by using AES 256-bit encryption cannot be restored with an earlier client. Encryption can be enabled with or without compression. If you use encryption, you cannot use the partial object restore and retrieve and buffer copy elimination functions.