Help Center
Choose product document...
Veeam Backup & Replication 9.5 Update 4
User Guide for VMware vSphere

Backup Server Keys

Eavesdroppers may potentially use Veeam Backup Enterprise Manager to unlock files encrypted with Veeam Backup & Replication. If the eavesdropper intercepts an encrypted file, s/he may generate a request for file unlocking and send such request to Veeam Backup Enterprise Manager Administrators. Having received a response from Veeam Backup Enterprise Manager, the eavesdropper will be able unlock the encrypted file without a password.

To protect you against the “man-in-the-middle” attack, Veeam Backup & Replication uses backup server keys. Backup server keys are a pair of RSA keys, public and private, that are generated on the backup server.

  • The public backup server key is sent to Veeam Backup Enterprise Manager to which the backup server is connected, and saved in the Veeam Backup Enterprise Manager configuration database.
  • The private backup server key is kept on the backup server in the Veeam Backup & Replication configuration database.

Backup server keys are used to authenticate the identity of the request sender. When the backup server generates a request to unlock a file, it adds a signature encrypted with the private backup server key to this request.

When Veeam Backup Enterprise Manager processes the request, it uses the public backup server key to decrypt the signature and identify the request sender. If the backup server used for request generation is not added to Veeam Backup Enterprise Manager, Veeam Backup Enterprise Manager will not find a matching public key in its database. As a result, Veeam Backup Enterprise Manager will not be able to identify the sender and the storage key decryption process will fail.

Veeam Large Logo

User Guide for VMware vSphere

User Guide for Microsoft Hyper-V

Enterprise Manager User Guide

Veeam Cloud Connect Guide

Veeam Agent Management Guide

Veeam Explorers User Guide

Backup and Restore of SQL Server Databases

Veeam Plug-ins for Enterprise Applications

PowerShell Reference

Veeam Explorers PowerShell Reference

RESTful API Reference

Required Permissions Reference

Quick Start Guide for VMware vSphere

Quick Start Guide for Microsoft Hyper-V

Veeam Availability for Nutanix AHV Documentation

Veeam Backup for Microsoft Office 365 Documentation

Veeam ONE Documentation

Veeam Agent for Windows Documentation

Veeam Agent for Linux Documentation

Veeam Management Pack Documentation