From owner-freebsd-questions@FreeBSD.ORG Sun Mar 29 06:31:58 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2FAF11AC for ; Sun, 29 Mar 2015 06:31:58 +0000 (UTC) Received: from mail-ie0-x22d.google.com (mail-ie0-x22d.google.com [IPv6:2607:f8b0:4001:c03::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E9F606CD for ; Sun, 29 Mar 2015 06:31:57 +0000 (UTC) Received: by iedfl3 with SMTP id fl3so109158895ied.1 for ; Sat, 28 Mar 2015 23:31:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-type; bh=G6Ay1M0GOPwRot7J7zCjpC+ZMKh+x62MDFbCka5DRgc=; b=UIoWN0ggQ44pk13vvqVHXXQK7pz110O5QOiQojgcxh0HYWGPNqUg3B0GK5VUVC/LOq IsOgTQFY3ujok02fAZlC+UMwge0QGbySp6EAhmfecp7UTIA1tGFggj46i95jG1QCITPx SZ7xF3xAv8fn324uUd5Fpr5zx4nCDKoBkSeOUOSp1FFoGdzAPMNSr1nWKv5KLa5bA5r5 v41rLUPpl1FmP2hFrFqYaRHtv1cgvGH7yA4Va+3KifdfDZjSKD/3ABsJsE6/1H1t51Aa p89Am7cUnrj9u67MMDCN6pKNC0xQi+qY38XylPFVD86mcr51bRXtzJ+hzI65Fvx70rbn dtXw== X-Received: by 10.42.235.78 with SMTP id kf14mr39221507icb.11.1427610717334; Sat, 28 Mar 2015 23:31:57 -0700 (PDT) MIME-Version: 1.0 References: <55173F0B.8000605@stevenpeguero.com> In-Reply-To: <55173F0B.8000605@stevenpeguero.com> From: Ben Woods Date: Sun, 29 Mar 2015 06:31:56 +0000 Message-ID: Subject: Re: ZFS Encryption Availability To: steven@stevenpeguero.com, freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Mar 2015 06:31:58 -0000 ZFS in FreeBSD does not come with built in encryption support. It is however very common in the freebsd world to encrypt your partition with geli(8) and then put a ZFS filesystem inside that encrypted partition. This works really well, especially if you have hardware crypto such as aesni(4). Read more about making a geli(8) encrypted partition here (scroll passed the gbde(4) encryption option unless it takes your fancy): https://www.freebsd.org/doc/handbook/disks-encrypting.html Then put your ZFS filesystem in the encrypted partition. More help here: https://www.freebsd.org/doc/handbook/zfs.html Good luck! -Ben On Sun, 29 Mar 2015 at 7:54 am Steven Peguero wrote: > Hello, > > In advance, I apologize for asking this particular question, as I'm > coming from the Linux world, but I wanted to know if encryption is > natively supported on FreeBSD for miscellaneous ZFS pools/datasets. > > If such functionality does exist, how exactly would I go about initially > setting up encryption for a particular ZFS pool/dataset and manually > decrypting it at boot using a passphrase? It seems as though this > particular topic has not yet been mentioned in the official handbook, > unfortunately. > > In advance, thank you for your response! > > Steven > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" >