From nobody Thu Jun 10 22:54:08 2021 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 251CA11CC894 for ; Thu, 10 Jun 2021 22:54:11 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4G1K6B3cLmz4pY6 for ; Thu, 10 Jun 2021 22:54:10 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: by mail-wr1-x42b.google.com with SMTP id e11so3995808wrg.3 for ; Thu, 10 Jun 2021 15:54:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=9zibayV1cXLhb8Kk+ZskCQDkaXtwUHrq1XMAeyjnd+M=; b=QrP9EG5xkjxCnrkaE0NpCbIfDotQ2dZbaTxXiMF2dmShz4IJoF8KPyUrKsQBM7MqJD ctS/62WCjDdmbxFRpXoRaGWYRNqs2qpA4nO0Y0FaRUk6611ufE/611gkNYyD7xwxZsBo qZsDj5JTZpPs6aj12tPRoj8vH+UoY87PkS+WJntwRcHK9ecWTHHhreMTh7t1Xfh4kZpx AHX6JBS//lreCpDhI2D/WKFwe8nLVcdTqkZV/ChAaPEfFSoiDOaWfsj/w/MTe5wdeQTs vApDe7GNGnQYdRVU9ZNBghiko8JrKidirnpFnkCu+5kTYM7MrIkgwgYQZrkC7QW7hpyv pbdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=9zibayV1cXLhb8Kk+ZskCQDkaXtwUHrq1XMAeyjnd+M=; b=bi3WXltNIMZ2Qoksc/o7dY7JZNzl+g3Xhed3YKLtMdDkvS2iBGak3p//e2QCS1pEil uDYH9KxFwAw2XPVgGLFL+G43lGuz7Z9SVMQahembmM51o+vNWvQShu/CQwhzSxfUxiBQ mO/Bqnach7vfCAwMg6sV+sHShbgLmQez5Tjlj/H4L2rEa67S7JGxHHYg/6S2Wst9wT5J B4nN9FDs5hzfFCoVWSEwBgbqy0O1Ahhow1vITd5jvsqy77Vf2tKWEskTMe8YIn6qGBn6 uj3rM0IbCyAkJPglEKb8eo1UQ+lModWeKQmxJLwSlTdRQ/Z8+Y7ywq+jHBG0WbZllSfn Zw6w== X-Gm-Message-State: AOAM533UU/+7YYeZmYDpvzsSWk9e9uHuKh0aXf2kBjTyM3Pn/TdcuIDC JWB+nNLVKsoOztIVH9VU1FswIH67UA5rEw== X-Google-Smtp-Source: ABdhPJya2EUvyiwWpe4hzRwAtmltxSIqjPfxmbwhFN4x5BSDZM2qoemPVW5tzZFx/m0UqORj/niAtQ== X-Received: by 2002:a05:6000:1a87:: with SMTP id f7mr710002wry.172.1623365648273; Thu, 10 Jun 2021 15:54:08 -0700 (PDT) Received: from [192.168.1.10] (88-105-96-80.dynamic.dsl.as9105.com. [88.105.96.80]) by smtp.gmail.com with ESMTPSA id 89sm5290001wrq.14.2021.06.10.15.54.07 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 10 Jun 2021 15:54:07 -0700 (PDT) Subject: OpenZFS encryption: documentation To: freebsd-current@freebsd.org References: From: Graham Perrin Message-ID: <83746d1a-218b-32d4-89dd-7aacc9fff61a@gmail.com> Date: Thu, 10 Jun 2021 23:54:08 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-GB X-Rspamd-Queue-Id: 4G1K6B3cLmz4pY6 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=QrP9EG5x; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grahamperrin@gmail.com designates 2a00:1450:4864:20::42b as permitted sender) smtp.mailfrom=grahamperrin@gmail.com X-Spamd-Result: default: False [-3.59 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.60)[-0.596]; RECEIVED_SPAMHAUS_PBL(0.00)[88.105.96.80:received]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MID_RHS_MATCH_FROM(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[2a00:1450:4864:20::42b:from]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2a00:1450:4864:20::42b:from:127.0.2.255]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::42b:from]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-current] X-ThisMailContainsUnwantedMimeParts: N On 09/06/2021 03:15, grarpamp wrote: > … You could find some initial doc and video about zfs encryption > on openzfs.org and youtube, and … Also, 'Encryption' under > … file and zvol data, file attributes, ACLs, permission bits, directory listings, FUID mappings, and userused / groupused data. ZFS will not encrypt metadata related to the pool structure, including dataset and snapshot names, dataset hierarchy, properties, file size, file holes, and deduplication tables (though the deduplicated data itself is encrypted). … man 8 zfs-load-key