Help Center
Choose product document...
Veeam Backup & Replication 9.5 Update 4
User Guide for Microsoft Hyper-V

Encryption Standards

Veeam Backup & Replication uses the following industry-standard data encryption algorithms:

Data Encryption

  • To encrypt data blocks in backup files and files archived to tape, Veeam Backup & Replication uses the 256-bit AES with a 256-bit key length in the CBC-mode. For more information, see Advanced Encryption Standard (AES).
  • To generate a key based on a password, Veeam Backup & Replication uses the Password-Based Key Derivation Function, PKCS #5 version 2.0. Veeam Backup & Replication uses 10,000 HMAC-SHA1 iterations and a 512-bit salt. For more information, see Recommendation for Password-Based Key Derivation.

Enterprise Manager Keys

  • To generate Enterprise Manager keys required for data restore without a password, Veeam Backup & Replication uses the RSA algorithm with a 4096-bit key length.
  • To generate a request for data restore from a backup server, Veeam Backup & Replication uses the RSA algorithm with a 2048-bit key length.

For more information, see RSA Cryptography Standard.

Hashing Algorithms

Veeam Backup & Replication uses the following hashing algorithms:

  • For digital signature generation: SHA-1, SHA-256
  • For HMAC generation: HMAC_SHA-1
  • For random number generation: SHA-1

Encryption Libraries

For Microsoft Windows-based repositories and software-based encryption for tapes, Veeam Backup & Replication uses the Windows Crypto API complying with the Federal Information Processing Standards (FIPS 140). For more information, see Cryptographic Module Validation Program.

Veeam Backup & Replication uses the following cryptographic service providers:

  • Microsoft Base Cryptographic Provider. For more information, see Microsoft Docs.
  • Microsoft Enhanced RSA and AES Cryptographic Provider. For more information, see Microsoft Docs.
  • Microsoft Enhanced Cryptographic Provider. For more information, see Microsoft Docs.

For Linux-based repositories, Veeam Backup & Replication uses a statically linked OpenSSL encryption library, without the FIPS 140 support. For more information, see OpenSSL.

Veeam Backup & Replication encrypts stored credentials using the Data Protection API (DPAPI) mechanisms. For more information, see Microsoft Docs.

Veeam Large Logo

User Guide for VMware vSphere

User Guide for Microsoft Hyper-V

Enterprise Manager User Guide

Veeam Cloud Connect Guide

Veeam Agent Management Guide

Veeam Explorers User Guide

Backup and Restore of SQL Server Databases

Veeam Plug-ins for Enterprise Applications

PowerShell Reference

Veeam Explorers PowerShell Reference

RESTful API Reference

Required Permissions Reference

Quick Start Guide for VMware vSphere

Quick Start Guide for Microsoft Hyper-V

Veeam Availability for Nutanix AHV Documentation

Veeam Backup for Microsoft Office 365 Documentation

Veeam ONE Documentation

Veeam Agent for Windows Documentation

Veeam Agent for Linux Documentation

Veeam Management Pack Documentation