Two methods are available to encrypt data: application-managed encryption and Tivoli® Storage Manager client encryption.
Tivoli Storage Manager client encryption was previously called transparent encryption. Select and use only one of these methods to encrypt data. The methods are mutually exclusive and if you encrypt data by using both methods, you will be unable to restore or retrieve some data. For example, assume that an application uses application-managed encryption to encrypt object A, and then uses Tivoli Storage Manager client encryption to encrypt object B. During a restore operation, if the application sets the option to use Tivoli Storage Manager client encryption and it tries to restore both objects, only object B can be restored; object A cannot be restored because it was encrypted by the application, not by the client.
The API returns DSM_CR_ENCR_NOT_ALLOWED if both encryption methods are used by an application, in the same API session.
Regardless of the encryption method that is used, the Tivoli Storage Manager must enable password authentication. By default, the server uses SET AUTHENTICATION ON.
The API uses 128-bit AES encryption. Encryption can be enabled with or without compression. Partial object restore and retrieve and buffer copy elimination are not supported when you use encryption.