I'm answering this, and I'm making it a community wiki, since I am copying and pasting from an existing document.

For the record, I use Amanda Enterprise as my backup solution, and I don't use the tape encryption that it provides, for the very reasons that you mention.

I was researching tape encryption, and I came across a great whitepaper from HP talking about LTO-4 encryption, and included are many possibilities for key management. Here's a basic rundown of the available options that are presented:

• Native mode encryption (sometimes referred to as set and forget). This method controls the LTO4 encryption from within the tape drive library. There is one key that is set by way of the library management interface (Web GUO or Operator Control Panel). This method encrypts all tapes with the same key, with the downside of negatively impacting the security level.

• Software-based encryption encrypts the data before it leaves the server and keys are stored in the internal database or catalog of the application. This method of encryption places a high load on the server as the software performs many mathematical operations using host processing power. Several applications including HP Open View Storage Data Protector 6.0 offer encryption as a feature. Although the security of date encrypted this way is very high (as the data is encrypted in transit), because encrypted data is highly random it then becomes impossible to achieve any data compression downstream in the tape drive and therefore storage is inefficient.

• Keys managed by the ISV application, also known as in-band key management. The ISV software supplies the keys and manages them, and the Ultrium LTO4 Tape Drive then performs the encryption. Keys would be referenced by the key-associated data and stored in the applications internal database. (Please refer to your individual ISV backup application vendor for support of this functionality).

• An in-band encryption appliance intercepts the Fibre Channel links and encrypts the data in-flight. These products are available from several vendors such as Neoscale and Decru. Key management is from a hardened key management appliance. This method is independent of ISV software and supports legacy tape drives and libraries. Data compression must be performed by these devices as compression within the tape drive is not possible after encryption.

• A SAN fabric switch with encryption capability is similar to the in-band appliance, but encryption hardware is embedded in the switch.

• A Key Management Appliance works with enterprise class libraries such as the HP StorageWorks EML and ESL E-series libraries. It is known as out-of-band key management, as the key is supplied to the tape drive by the key management appliance. Figure 8 shows the basic components of a key management appliance. The backup applications have no knowledge of the encryption capability of the tape drive. The keys are supplied to the tape library controller by way of a network connection using a Secure Sockets Layer (SSL), recently renamed Transport Layer Security (TLS). This is an encrypted connection necessary to protect the security of the keys in transit from the appliance. To set up the security, a digital certificate is installed into the library management hardware. This establishes the necessary secure connection. The setup of the SSL/TLS uses public key encryption, but then after the handshake is complete, a secret key passes to encrypt the link. When tapes are restored, the key associated data, (retrieved from the tape), is used to reference the request for the correct key to decrypt the tape independent of the backup application.