Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section III. Encryption of data at rest
  4. Data at rest encryption security
  5. Configuring legacy encryption on clients
  6. Restoring a legacy encrypted backup created on another client
NetBackup™ Security and Encryption Guide

Restoring a legacy encrypted backup created on another client

If a server allows redirected restores, you (the user) must be authorized to perform such restores.

Refer to the NetBackup Administrator's Guide, Volume I for details on redirected restores.

To restore an encrypted backup that was created on another client:

  1. Obtain the pass phrase that was used on the other client when the encrypted backup was made. Without that pass phrase, you cannot restore the files.

    Note if the pass phrase is the same on both clients, skip to step 4.

  2. To preserve your own (current) key file, move or rename it.
  3. Use the bpkeyfile command to create a key file that matches the other client's. When the bpkeyutil process prompts you for the pass phrase, specify the other client's pass phrase.
    bpkeyfile -change_key_file_pass_phrase key_file_path

    The key_file_path is the path for a new key file on your client. This key file matches the other client's.

    After you enter the command, bpkeyfile prompts you for the client's pass phrase (obtained in step 1).

    For more information about the bpkeyfile command, refer to the NetBackup Commands Reference Guide.

  4. Restore the files to the other client.

    After you restore the encrypted files from the client, rename or delete the key file that you created in step 3.

    Next, you move or rename the original key file to its original location or name. If you do not re-establish your key file to its original location and name, you may not be able to restore your own encrypted backups.

Feedback

Was this page helpful?
Previous

About pushing the legacy encryption pass phrases to clients

Next

About setting legacy encryption attribute in policies

Feedback

Was this page helpful?