Veeam Backup & Replication 10
User Guide for VMware vSphere
Related documents

Backup Server Keys

Eavesdroppers may potentially use Veeam Backup Enterprise Manager to unlock files encrypted with Veeam Backup & Replication. If the eavesdropper intercepts an encrypted file, s/he may generate a request for file unlocking and send such request to Veeam Backup Enterprise Manager Administrators. Having received a response from Veeam Backup Enterprise Manager, the eavesdropper will be able unlock the encrypted file without a password.

To protect you against the “man-in-the-middle” attack, Veeam Backup & Replication uses backup server keys. Backup server keys are a pair of RSA keys, public and private, that are generated on the backup server.

  • The public backup server key is sent to Veeam Backup Enterprise Manager to which the backup server is connected, and saved in the Veeam Backup Enterprise Manager configuration database.
  • The private backup server key is kept on the backup server in the Veeam Backup & Replication configuration database.

Backup server keys are used to authenticate the identity of the request sender. When the backup server generates a request to unlock a file, it adds a signature encrypted with the private backup server key to this request.

When Veeam Backup Enterprise Manager processes the request, it uses the public backup server key to decrypt the signature and identify the request sender. If the backup server used for request generation is not added to Veeam Backup Enterprise Manager, Veeam Backup Enterprise Manager will not find a matching public key in its database. As a result, Veeam Backup Enterprise Manager will not be able to identify the sender and the storage key decryption process will fail.

This Document Help Center
User Guide for VMware vSphereUser Guide for Microsoft Hyper-VVeeam Backup Enterprise Manager GuideVeeam Agent Management GuideVeeam Cloud Connect GuideVeeam Explorers User GuideVeeam Plug-ins for Enterprise Applications GuideVeeam PowerShell ReferenceVeeam Explorers PowerShell ReferenceVeeam RESTful API ReferenceRequired Permissions for VMware vSphereQuick Start Guide for VMware vSphereQuick Start Guide for Microsoft Hyper-VVeeam ONE DocumentationVeeam Agent for Windows DocumentationVeeam Agent for Linux DocumentationVeeam Backup for AWS DocumentationVeeam Backup for Microsoft Azure DocumentationVeeam Backup for Nutanix AHV User GuideVeeam Backup for Microsoft Office 365 DocumentationVeeam Management Pack Documentation
I want to report a typo

There is a misspelling right here:


I want to let the Veeam Documentation Team know about that.