Veeam Backup & Replication 10
User Guide for VMware vSphere
Related documents

Encryption Standards

Veeam Backup & Replication uses the following industry-standard data encryption algorithms:

Data Encryption

  • To encrypt data blocks in backup files and files archived to tape, Veeam Backup & Replication uses the 256-bit AES with a 256-bit key length in the CBC-mode. For more information, see Advanced Encryption Standard (AES).
  • To generate a key based on a password, Veeam Backup & Replication uses the Password-Based Key Derivation Function, PKCS #5 version 2.0. Veeam Backup & Replication uses 10,000 HMAC-SHA1 iterations and a 512-bit salt. For more information, see Recommendation for Password-Based Key Derivation.

Enterprise Manager Keys

  • To generate Enterprise Manager keys required for data restore without a password, Veeam Backup & Replication uses the RSA algorithm with a 4096-bit key length.
  • To generate a request for data restore from a backup server, Veeam Backup & Replication uses the RSA algorithm with a 2048-bit key length.

For more information, see RSA Cryptography Standard.

Hashing Algorithms

Veeam Backup & Replication uses the following hashing algorithms:

  • For digital signature generation: SHA-1, SHA-256
  • For HMAC generation: HMAC_SHA-1
  • For random number generation: SHA-1

Encryption Libraries

For Microsoft Windows-based repositories and software-based encryption for tapes, Veeam Backup & Replication uses the Windows Crypto API complying with the Federal Information Processing Standards (FIPS 140). For more information, see Cryptographic Module Validation Program.

Veeam Backup & Replication uses the following cryptographic service providers:

  • Microsoft Base Cryptographic Provider. For more information, see Microsoft Docs.
  • Microsoft Enhanced RSA and AES Cryptographic Provider. For more information, see Microsoft Docs.
  • Microsoft Enhanced Cryptographic Provider. For more information, see Microsoft Docs.

For Linux-based repositories, Veeam Backup & Replication uses a statically linked OpenSSL encryption library, without the FIPS 140 support. For more information, see OpenSSL.

Veeam Backup & Replication encrypts stored credentials using the Data Protection API (DPAPI) mechanisms. For more information, see Microsoft Docs.

This Document Help Center
User Guide for VMware vSphereUser Guide for Microsoft Hyper-VVeeam Backup Enterprise Manager GuideVeeam Agent Management GuideVeeam Cloud Connect GuideVeeam Explorers User GuideVeeam Plug-ins for Enterprise Applications GuideVeeam PowerShell ReferenceVeeam Explorers PowerShell ReferenceVeeam RESTful API ReferenceRequired Permissions for VMware vSphereQuick Start Guide for VMware vSphereQuick Start Guide for Microsoft Hyper-VVeeam ONE DocumentationVeeam Agent for Windows DocumentationVeeam Agent for Linux DocumentationVeeam Backup for AWS DocumentationVeeam Backup for Microsoft Azure DocumentationVeeam Backup for Nutanix AHV User GuideVeeam Backup for Microsoft Office 365 DocumentationVeeam Management Pack Documentation
I want to report a typo

There is a misspelling right here:

 

I want to let the Veeam Documentation Team know about that.