My understanding from what I've read (I've never used it) is... Clients set an encryption key (password) on the files they'd like to protect. Files are sent to the TSM server, encrypted. The TSM server does NOT have the encryption key, although the key may be saved to disk on a client's system.** Files are stored on the TSM server's storagepools, encrypted. The TSM database is NOT encrypted during backups. Backups (copystoragepools) of the user data ARE encrypted, because the only version TSM has is encrypted. Restores on the user end REQUIRE the key that was used to encrypt the file, or else the data is lost forever.
** (Although, it can tell that you don't have the correct key, as evidenced by Message # ANS1469E, which is interesting, and probably a weakness, since your adversary will know if they got the correct key in a brute-force attack.) To answer your question more directly... If someone were to 'steal' your tapes and restore the TSM server, they could do so successfully, but they could not decrypt your files without the original key. (Obviously, this doesn't include the possibility of cryptanalysis or brute-force attacks on the encryption method.) The important part to remember is that you suddenly need a key management solution. Backing up your data securely isn't of much value if the only person in the organization who has the keys to those files finds themselves under the wheels of a bus. Here's some suggested reading (TSM 4.1 Manuals) Installing the Clients, Chapter 8, under 'Encryptkey', and Include Options. (You're correct though, documentation on the Encryption methodology is sparse.) If you really want to deeply immerse yourself in this, check out 'Applied Cryptography' and get a feeling for how complex the situation really is. -JD.