bpkeyfile — run the legacy key file utility that is used for NetBackup standard encryption


<admin_dir_path>bpkeyfile [-stdin] [-change_key_file_pass_phrase] [-change_netbackup_pass_phrase] [-display] key_file_path

On Windows systems, <admin_dir_path> is <install_path>\NetBackup\bin\admincmd\


The bpkeyfile command is available only with the NetBackup Encryption option.


bpkeyfile creates or updates a file that contains the information that is used to generate DES encryption keys. The information is generated based on a NetBackup phrase that you supply. You supply a key-file pass phrase to encrypt the key file.

NetBackup client software uses an encryption key that is calculated from the key file information to encrypt files during backups or decrypt files during restores.

If the file exists, you are prompted to enter the current key-file pass phrase.

If you specify -change_key_file_pass_phrase, you are prompted for a new key-file pass phrase. If you enter an empty pass phrase, a standard key-file pass phrase is used.

If you use the standard key-file pass phrase, bpcd runs automatically. If you use your own key-file pass phrase, start bpcd with the -keyfile argument.

For more information on how to start bpcd with the -keyfile argument, refer to the NetBackup Security and Encryption Guide.



Reads pass phrases from standard input. By default, bpkeyfile reads the pass phrases that you are prompted to input from your terminal window.

-change_key_file_pass_phrase (or -ckfpp)

Changes the pass phrase that is used to encrypt the key file.

-change_netbackup_pass_phrase (or -cnpp)

Changes the pass phrase that is used to encrypt NetBackup backups and archives on this client.


Displays information about the key file.


The path of the key file that bpkeyfile creates or updates.


The pass phrases that NetBackup uses can be from 0 to 63 characters long. To avoid compatibility problems between systems, restrict the characters in a pass phrase to printable ASCII characters: from the Space character (code 32) to the tilde character (code 126).

The bpkeyfile command is used for legacy encryption.


Client encryption key file:

Windows systems: install_path\NetBackup\bin\keyfile.dat