I've been interested in this topic, but I wonder about the usefulness of an encryption mechanism in a tape drive, if you have to go to a DR site without the decryption hardware.
My thinking is that you want the keys to be managed by the backup/restore software, and fed into the drive at the point where the encrypted portion of the tape starts. Then, if the hardware encryption was NOT available, a compatible backup or restore could be done by having the backup software use software encryption/decryption instead. I suppose that the encrypting tape drive could be designed so that the tapes were unreadable by non-encrypting drives. The thinking might be that allowing a non-encrypting drive to read the encrypted data allows a thief to try brute force repetition to find the secret key. This kind of architecture would prohibit any software implementations to decode the data even if the key were available to the restore software. Any thoughts on this? Bob Bolch
