Veeam Backup & Replication 10 [Archived]
User Guide for VMware vSphere
Related documents
Search
This is an archive version of the document. To get the most up-to-date information, see the current version.

Encryption Standards

Veeam Backup & Replication uses the following industry-standard data encryption algorithms:

Data Encryption

  • To encrypt data blocks in backup files and files archived to tape, Veeam Backup & Replication uses the 256-bit AES with a 256-bit key length in the CBC-mode. For more information, see Advanced Encryption Standard (AES).
  • To generate a key based on a password, Veeam Backup & Replication uses the Password-Based Key Derivation Function, PKCS #5 version 2.0. Veeam Backup & Replication uses 10,000 HMAC-SHA1 iterations and a 512-bit salt. For more information, see Recommendation for Password-Based Key Derivation.

Enterprise Manager Keys

  • To generate Enterprise Manager keys required for data restore without a password, Veeam Backup & Replication uses the RSA algorithm with a 4096-bit key length.
  • To generate a request for data restore from a backup server, Veeam Backup & Replication uses the RSA algorithm with a 2048-bit key length.

For more information, see RSA Cryptography Specifications.

Hashing Algorithms

Veeam Backup & Replication uses the following hashing algorithms:

  • For digital signature generation: SHA-1, SHA-256
  • For HMAC generation: HMAC_SHA-1
  • For random number generation: SHA-1

Encryption Libraries

For Microsoft Windows-based repositories and software-based encryption for tapes, Veeam Backup & Replication uses the Windows Crypto API complying with the Federal Information Processing Standards (FIPS 140). For more information, see this Microsoft article.

Veeam Backup & Replication uses the following cryptographic service providers:

  • Microsoft Base Cryptographic Provider. For more information, see Microsoft Docs.
  • Microsoft Enhanced RSA and AES Cryptographic Provider. For more information, see Microsoft Docs.
  • Microsoft Enhanced Cryptographic Provider. For more information, see Microsoft Docs.

For Linux-based repositories, Veeam Backup & Replication uses a statically linked OpenSSL encryption library, without the FIPS 140 support. For more information, see OpenSSL.

Veeam Backup & Replication encrypts stored credentials using the Data Protection API (DPAPI) mechanisms. For more information, see Microsoft Docs.

View all results across Veeam
Back to document search