Veeam Backup & Replication 10
User Guide for VMware vSphere
Related documents

Session Keys and Metakeys

The session key is the lowest layer in the encryption key hierarchy. When Veeam Backup & Replication encrypts data, it first encodes every data block in a file with a session key. For session keys, Veeam Backup & Replication uses the AES algorithm with a 256-bit key length in the CBC-mode.

Veeam Backup & Replication generates a new session key for every job session. For example, if you have created an encrypted backup job and run 3 job sessions, Veeam Backup & Replication will produce 3 backup files that will be encrypted with 3 different session keys:

  • Full backup file encrypted with session key 1
  • Incremental backup file encrypted with session key 2
  • Incremental backup file encrypted with session key 3

Session Keys and Metakeys 

The session key is used to encrypt only data blocks in backup files or files archived to tape. To encrypt backup metadata, Veeam Backup & Replication applies a separate key — metakey. Use of a metakey for metadata raises the security level of encrypted backups.

For every job session, Veeam Backup & Replication generates a new metakey. For example, if you have run 3 job sessions, Veeam Backup & Replication will encrypt metadata with 3 metakeys.

Session Keys and Metakeys 

In the encryption process, session keys and metakeys are encrypted with keys of a higher layer — storage keys. Cryptograms of session keys and metakeys are stored to the resulting file next to encrypted data blocks. Metakeys are additionally kept in the configuration database.

This Document Help Center
User Guide for VMware vSphereUser Guide for Microsoft Hyper-VVeeam Backup Enterprise Manager GuideVeeam Agent Management GuideVeeam Cloud Connect GuideVeeam Explorers User GuideVeeam Plug-ins for Enterprise Applications GuideIntegration with Veeam Backup for AWS User GuideVeeam PowerShell ReferenceVeeam Explorers PowerShell ReferenceVeeam RESTful API ReferenceRequired Permissions for VMware vSphereQuick Start Guide for VMware vSphereQuick Start Guide for Microsoft Hyper-VVeeam ONE DocumentationVeeam Agent for Windows DocumentationVeeam Agent for Linux DocumentationVeeam Backup for AWS DocumentationVeeam Backup for Microsoft Azure DocumentationVeeam Backup for Nutanix AHV User GuideVeeam Backup for Microsoft Office 365 DocumentationVeeam Management Pack Documentation
I want to report a typo

There is a misspelling right here:

 

I want to let the Veeam Documentation Team know about that.