Convert devices to passphrase-based encryption
If you have lost or forgotten the security code/encryption key for a backup device, or simply no longer wish to individually manage security codes/encryption keys for your list of backup devices, Backup Manager offers the function to convert backup devices to use a passphrase-based encryption method.
Differences between encryption methods
- Private key encryption relies on encryption keys/security codes that are defined by users during Backup Manager installation. The encryption key/security code is set once and cannot be changed or retrieved afterwards.
- Passphrase-based encryption uses a system-generated encryption key that is securely accessible from the management console.
- Backup Manager version 17.11 or later must be installed and functional on the system you wish to convert.
- The system must be running on Windows.
- The system must be intact (the conversion process will not work after a system is lost, destroyed or infected).
- Access to run the Command Prompt as an administrator is required on each system you wish to convert.
- Backups should not be actively running during this process.
Step 1. Get a partner UID for conversion
- Log in to the Console under a SuperUser account with security officer permissions
- In the left navigation bar, click Customer management
- Select the customer containing backup devices you want to convert
- Enable the Automatic Deployment option (if it is disabled)
- Click Save
You will now be given a customer UID
- Copy the UID for later use
Step 2. Perform conversion on each device
Run the below command on each Windows device you plan to convert to passphrase-based encryption.
- Log in to the system on which the backup device is installed.
- Start the Command Prompt as an administrator and run the following command.
Here is what the command contains:
- ClientTool.exe – an executable file included into all Backup Manager installations. It lets you operate the Backup Manager through the command line.
C:\Program Files\Backup Manager\ - is the default installation directory of the Backup Manager. Make sure you edit the path if the Backup Manager is installed at a custom location.
takeover – a command that moves a backup device to another category (to another customer or to passphrase-based encryption)
partner-uid – the UID you copied at step 1.