From owner-freebsd-current@freebsd.org Sat Oct 17 07:40:39 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 22C8742E3C2 for ; Sat, 17 Oct 2020 07:40:39 +0000 (UTC) (envelope-from freqlabs@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CCw1305vFz3XLb for ; Sat, 17 Oct 2020 07:40:39 +0000 (UTC) (envelope-from freqlabs@FreeBSD.org) Received: from Ryans-MBP.attlocal.net (unknown [IPv6:2600:1700:358a:c660:69bf:cad1:99bc:22ec]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: freqlabs/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id C68E81F8C9 for ; Sat, 17 Oct 2020 07:40:38 +0000 (UTC) (envelope-from freqlabs@FreeBSD.org) Subject: Re: OpenZFS: using an encrypted dataset without a prompt for its passphrase To: freebsd-current@freebsd.org References: From: Ryan Moeller Message-ID: <4fb31ed5-2281-13cf-e45e-28dae27f26b3@FreeBSD.org> Date: Sat, 17 Oct 2020 03:40:38 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.12.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Oct 2020 07:40:39 -0000 On 10/17/20 1:54 AM, Graham Perrin wrote: > root@momh167-gjp4-8570p:~ # zfs get all Transcend/VirtualBox | grep -e > creation -e key -e crypt > Transcend/VirtualBox  creation              Wed Sep  2 19:02 2020     - > Transcend/VirtualBox  encryption aes-256-gcm               - > Transcend/VirtualBox  keylocation prompt                    local > Transcend/VirtualBox  keyformat passphrase                - > Transcend/VirtualBox  encryptionroot Transcend/VirtualBox      - > Transcend/VirtualBox  keystatus unavailable               - > root@momh167-gjp4-8570p:~ # > > I was prompted in early September but since then, no prompts. > > I can export and import the pool (Transcend) without entering the > passphrase. > > Is this intended behaviour and if so: how does the pool – or the > computer to which I connect the device (a mobile hard disk drive) – > know that entry of the phrase is unnecessary? This is intentional. The pool can be imported but the filesystem is not mounted until the key is loaded. See zfs-load-key(8) -Ryan > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to > "freebsd-current-unsubscribe@freebsd.org"