Date: Sat, 17 Oct 2020 03:40:38 -0400 From: Ryan Moeller <freqlabs@FreeBSD.org> To: freebsd-current@freebsd.org Subject: Re: OpenZFS: using an encrypted dataset without a prompt for its passphrase Message-ID: <4fb31ed5-2281-13cf-e45e-28dae27f26b3@FreeBSD.org> In-Reply-To: <b2d53380-ffe8-9cdf-063e-c95120104c12@gmail.com> References: <b2d53380-ffe8-9cdf-063e-c95120104c12@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/17/20 1:54 AM, Graham Perrin wrote: > root@momh167-gjp4-8570p:~ # zfs get all Transcend/VirtualBox | grep -e > creation -e key -e crypt > Transcend/VirtualBox creation Wed Sep 2 19:02 2020 - > Transcend/VirtualBox encryption aes-256-gcm - > Transcend/VirtualBox keylocation prompt local > Transcend/VirtualBox keyformat passphrase - > Transcend/VirtualBox encryptionroot Transcend/VirtualBox - > Transcend/VirtualBox keystatus unavailable - > root@momh167-gjp4-8570p:~ # > > I was prompted in early September but since then, no prompts. > > I can export and import the pool (Transcend) without entering the > passphrase. > > Is this intended behaviour and if so: how does the pool – or the > computer to which I connect the device (a mobile hard disk drive) – > know that entry of the phrase is unnecessary? This is intentional. The pool can be imported but the filesystem is not mounted until the key is loaded. See zfs-load-key(8) -Ryan > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to > "freebsd-current-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4fb31ed5-2281-13cf-e45e-28dae27f26b3>