We have implemented secure encryption for all backups and restores. These tape backups can only be restored from the DPM install in our secure cage at the Network access point.

The SSL certificate is generated from our Certificate authority only for the DPM server in question. It is installed for both backups and restores. This certificate is only issued for authentication purposes and uses a SHA1 RSA signing algorithm. The public key is an RSA 1024 bit encryption standard and the encryption itself is a SHA1 hash algorithm. Details on the features of DPM as well as a brief summary on the encryption of tape backups can be found here:

http://technet.microsoft.com/en-us/dpm/bb798076.aspx
http://technet.microsoft.com/en-us/magazine/cc137717(TechNet.10).aspx