Encryption Standards

Veeam Backup & Replication uses the following industry-standard data encryption algorithms:

Data Encryption

For data encryption consider the following:

  • Backup files archived to tape devices. For more information, see Tape Devices Support.
  • Backup files stored in archive tier. For more information, see Archive Tier.
  • Backup files stored in capacity tier. For more information, see Capacity Tier.
  • To generate a key based on a password, Veeam Backup & Replication uses the Password-Based Key Derivation Function, PKCS #5 version 2.0. Veeam Backup & Replication uses 600,000 HMAC-SHA256 iterations and a 512-bit salt. For more information, see Recommendation for Password-Based Key Derivation.

Enterprise Manager Keys

For Veeam Backup Enterprise Manager consider the following:

For more information, see RSA Cryptography Specifications.

Hashing Algorithms

Veeam Backup & Replication uses the following hashing algorithms:

Encryption Libraries

For Linux-based components and services, Veeam Backup & Replication uses Veeam Cryptographic Module.

For Veeam Data Movers installed on Microsoft Windows-based machines, Veeam Backup & Replication also uses Veeam Cryptographic Module. For other Microsoft Windows-based components and services, Veeam Backup & Replication uses Microsoft Crypto API.

Veeam Backup & Replication uses the following cryptographic service providers:

  • Microsoft Base Cryptographic Provider. For more information, see Microsoft Docs.
  • Microsoft Enhanced RSA and AES Cryptographic Provider. For more information, see Microsoft Docs.
  • Microsoft Enhanced Cryptographic Provider. For more information, see Microsoft Docs.

If you need Veeam Cryptographic Module and Microsoft Crypto API to be compliant with the Federal Information Processing Standards (FIPS 140), enable FIPS compliance as described in section FIPS Compliance.

Veeam Backup & Replication encrypts stored credentials using the Data Protection API (DPAPI) mechanisms. For more information, see Microsoft Docs.

Page updated 1/23/2024

Page content applies to build 12.1.1.56