Hi Bill, I asked that question a while back to TSM support, and got this in response:
To trace encryption, add to dsm.opt: tracefile \path\traceit.txt traceflag encrypt In the resulting traceit.txt file, the encryption lines are VERY obvious. I was doing this in an early 5.3 client though, and at that time the trace would always say DES-56, not AES128. Dunno if that's fixed yet or not. Anyway, at least yoy can see SOMETHING is taking place. Wanda > I have a client that required certain directories on each file server to > be encrypted. We made the changes to the DSM.OPT to enable > AES128 and the include.encrypt statemsents and did a selective always > backup of those directories so that the active version was an > encrypted version and all the other inactive un-encrypted versions will > roll off based on REtain Extra. Here is a question from the > client. Can anyone give some suggestions on how to prove that data is > encrypted? > > Is there a way that we can report on what's encrypted, maybe as part of > the rules for backing up? The question is, if audited > internally, or externally, how do we prove data's encrypted. > > More importantly, if we lose a tape, how could we prove it if asked if we > need to disclose? > > > Bill Boyer >>Select * from USERS where CLUE>0 > 0 rows returned >
