The encrypted backup copy task entails the following stages if you utilise a direct data path to transfer backups to the target backup repository:

You choose a password and enable encryption for a backup copy process.

The necessary keys to secure the backup files created by the backup copy job are generated by Veeam Backup & Replication.

Data blocks are encrypted on the source side and sent to the destination backup repository by Veeam Backup & Replication.

Encrypted data blocks are saved to a resultant backup file on the destination backup repository.

Job Encryption for Backup Copies

An encrypted backup file may be used as a source in an encrypted backup copy job. Veeam Backup & Replication doesn’t use double encryption in this case. The following are included in the backup copy job steps:

The encrypted source backup file’s data blocks are decrypted by Veeam Backup & Replication. It uses the configuration database’s meta keys and the storage key for the decryption operation.

The necessary keys to secure the backup files created by the backup copy job are generated by Veeam Backup & Replication.

These keys are used by Veeam Backup & Replication to encrypt data blocks on the source side before transferring them to the target backup repository.

Encrypted data blocks are saved to a resultant backup file on the destination backup repository.

Veeam Backup & Replication will decode data blocks of the encrypted source backup files even if encryption is turned off in the backup copy job.

Job Encryption for Backup Copies

The technique for restoring backups created by backup copy tasks is the same for use as a backup source.

WAN accelerators need to read data from the target side. Because of this, when using WAN accelerators for backup copy jobs, encryption is done on the destination side.