From owner-freebsd-hackers@FreeBSD.ORG Tue Sep 3 14:58:17 2013 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 404F4DE3 for ; Tue, 3 Sep 2013 14:58:17 +0000 (UTC) (envelope-from florent@peterschmitt.fr) Received: from peterschmitt.fr (peterschmitt.fr [5.135.177.31]) by mx1.freebsd.org (Postfix) with ESMTP id 069662358 for ; Tue, 3 Sep 2013 14:58:17 +0000 (UTC) Received: from [172.29.180.39] (unknown [194.214.114.46]) by peterschmitt.fr (Postfix) with ESMTPSA id C0D726736 for ; Tue, 3 Sep 2013 16:58:13 +0200 (CEST) Message-ID: <5225F9E3.4000101@peterschmitt.fr> Date: Tue, 03 Sep 2013 17:01:55 +0200 From: Florent Peterschmitt User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130821 Icedove/17.0.8 MIME-Version: 1.0 To: freebsd-hackers@freebsd.org Subject: Re: Zfs encryption property for freebsd 8.3 References: <226721378210462@web15j.yandex.ru> <5225D49B.2080807@peterschmitt.fr> In-Reply-To: X-Enigmail-Version: 1.5.1 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="----enig2DRWFLJIARQSGUVEONUCK" X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Sep 2013 14:58:17 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2DRWFLJIARQSGUVEONUCK Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Le 03/09/2013 16:53, Alan Somers a =E9crit : > GELI is full-disk encryption. It's far superior to ZFS encryption. Yup, but is there a possibility to encrypt a ZFS volume (not a whole pool) with a separate GELI partition? Also, in-ZFS encryption would be a nice thing if it could work like an LVM/LUKS where each logical LVM volume can be encrypted or not and have its own crypt key. I saw that Illumos has ZFS encrytion in the TODO list. --=20 Florent Peterschmitt | Please: florent@peterschmitt.fr | * Avoid HTML/RTF in E-mail. +33 (0)6 64 33 97 92 | * Send PDF for documents. http://florent.peterschmitt.fr | * Trim your quotations. Really. Proudly powered by Open Source | Thank you :) ------enig2DRWFLJIARQSGUVEONUCK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIbBAEBAgAGBQJSJfnjAAoJEFr01BkajbiBCvoP93U6FGySZEIZ9aUI1+903cUT /S7NeIwaCd+eoH2GxpX/niSF8BjiK4ToUrsmmeAOkj7Uu/AZHRxwT7iz+P6svEQQ Nqg3UVdb2Pj27Tu/O12IaTE21h0USA95/O7V4Tsy+4rpcxTkfQN+MArznrkGCsjq SXFeFBbiHzuus4Cpl0U3IbSuNqdBHhVategU/GHKfvkBGNboieMiARgNkU5ly5Z6 c/ZuOi3SLnVk8EH2mlHhcNFS7S6o6yRWARaz9HUrLnHXUWGvLnsmcs9B/zl8AcnM JhjCay9p9xbA1mbpScvCszaHx4Ngg3uXchdVWRvykRYyd8xRVIE0fDTn2mYrGd5n GAUcaZiq2+qk06ghWPm6foxNZzg0fUrQc1MwV0fCNEIaRP0m+TTZu715KUepux/E LNejAWIk+qD08oZ6033rrWuN+wNts0/2PrwdVkcGsJY7tfkri9gkOHen7E6scRcF OYA29K23H0x4JlB7efvKWVFQCVuS066Ci61uELF+8mxwiHhZII37hz1VWhS3Qc0y cb45N6bFJ1dKlEbmuYRSLgRomBWNGrFODFxabjEprMJ8ULP00iUUYFEARoSzlX1t NR4FeJtcoMNQ9tjvg0nxRr60jxUZAG4Q+qVz814sRc7r0ZaYVZqTidq/ViF01Bo5 zC2R5g8GS184ojHsXvE= =2raA -----END PGP SIGNATURE----- ------enig2DRWFLJIARQSGUVEONUCK--