We have a group of TSM clients which has been encrypting its backup data using the ENCRYPTKEY=SAVE option. Now the administration of those clients is moving to a different team, and the old team does not wish to give the new team the original encryption key because it is used for several dozen other clients. However, the new team may need to restore files backed up with the old key. Is there a way to remove or replace the encryption key on already backed-up files?
If the ENCRYPTKEY option was changed to GENERATE would that retroactively change the encryption key on the already backed up files so they could be restored by the new team? If not, is there another solution? Our TSM server is running on Linux at release 5.5.3. The Linux TSM clients are at release 5.3, but would be upgraded to 5/5 to utilize ENCRYPTKEY=GENERATE. Thank you, Keith Arbogast Indiana University
