Re: OpenZFS: using an encrypted dataset without a prompt for its passphrase
On 10/17/20 9:02 AM, Graham Perrin wrote: root@momh167-gjp4-8570p:~ # date ; uname -v ; uptime Sat Oct 17 14:00:10 BST 2020 FreeBSD 13.0-CURRENT #69 r366648: Tue Oct 13 05:49:05 BST 2020 root@momh167-gjp4-8570p:/usr/obj/usr/src/amd64.amd64/sys/GENERIC-NODEBUG 2:00PM up 9 mins, 5 users, load averages: 0.29, 0.56, 0.31 root@momh167-gjp4-8570p:~ # zpool export Transcend && ls -hl /Volumes/t500/VirtualBox ; zpool import Transcend && ls -hl /Volumes/t500/VirtualBox ls: /Volumes/t500/VirtualBox: No such file or directory total 18 drwxr-xr-x 2 grahamperrin grahamperrin 2B Sep 11 19:28 CloudReady drwxr-xr-x 6 grahamperrin grahamperrin 6B May 8 09:04 FreeBSD drwxr-xr-x 4 grahamperrin grahamperrin 4B Sep 20 17:03 Linux drwxr-xr-x 4 grahamperrin grahamperrin 7B Oct 16 17:41 Windows root@momh167-gjp4-8570p:~ # zfs get all Transcend/VirtualBox | grep -e crypt -e key -e mountpoint | sort Transcend/VirtualBox encryption aes-256-gcm - Transcend/VirtualBox encryptionroot Transcend/VirtualBox - Transcend/VirtualBox keyformat passphrase - Transcend/VirtualBox keylocation prompt local Transcend/VirtualBox keystatus unavailable - Transcend/VirtualBox mountpoint /Volumes/t500/VirtualBox inherited from Transcend root@momh167-gjp4-8570p:~ # zfs --version zfs-0.8.0-1 zfs-kmod-v2020100400-zfs_79f0935fa root@momh167-gjp4-8570p:~ # This doesn't necessarily mean the encrypted filesystem is mounted though. The contents you are seeing must be in the parent filesystem. Check the output of the mount command, you should find Transcend/VirtualBox is not mounted. ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: OpenZFS: using an encrypted dataset without a prompt for its passphrase
On 17/10/2020 12:35, Ryan Moeller wrote: On 10/17/20 5:55 AM, Graham Perrin wrote: On 17/10/2020 08:40, Ryan Moeller wrote: This is intentional. The pool can be imported but the filesystem is not mounted until the key is loaded. Thanks, the file system mounts without me entering a passphrase; is this intentional? It shouldn't be possible. # zfs mount storage/crypt cannot mount 'storage/crypt': encryption key not loaded root@momh167-gjp4-8570p:~ # date ; uname -v ; uptime Sat Oct 17 14:00:10 BST 2020 FreeBSD 13.0-CURRENT #69 r366648: Tue Oct 13 05:49:05 BST 2020 root@momh167-gjp4-8570p:/usr/obj/usr/src/amd64.amd64/sys/GENERIC-NODEBUG 2:00PM up 9 mins, 5 users, load averages: 0.29, 0.56, 0.31 root@momh167-gjp4-8570p:~ # zpool export Transcend && ls -hl /Volumes/t500/VirtualBox ; zpool import Transcend && ls -hl /Volumes/t500/VirtualBox ls: /Volumes/t500/VirtualBox: No such file or directory total 18 drwxr-xr-x 2 grahamperrin grahamperrin 2B Sep 11 19:28 CloudReady drwxr-xr-x 6 grahamperrin grahamperrin 6B May 8 09:04 FreeBSD drwxr-xr-x 4 grahamperrin grahamperrin 4B Sep 20 17:03 Linux drwxr-xr-x 4 grahamperrin grahamperrin 7B Oct 16 17:41 Windows root@momh167-gjp4-8570p:~ # zfs get all Transcend/VirtualBox | grep -e crypt -e key -e mountpoint | sort Transcend/VirtualBox encryption aes-256-gcm - Transcend/VirtualBox encryptionroot Transcend/VirtualBox - Transcend/VirtualBox keyformat passphrase - Transcend/VirtualBox keylocation prompt local Transcend/VirtualBox keystatus unavailable - Transcend/VirtualBox mountpoint /Volumes/t500/VirtualBox inherited from Transcend root@momh167-gjp4-8570p:~ # zfs --version zfs-0.8.0-1 zfs-kmod-v2020100400-zfs_79f0935fa root@momh167-gjp4-8570p:~ # ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: OpenZFS: using an encrypted dataset without a prompt for its passphrase
On 10/17/20 5:55 AM, Graham Perrin wrote: On 17/10/2020 08:40, Ryan Moeller wrote: This is intentional. The pool can be imported but the filesystem is not mounted until the key is loaded. Thanks, the file system mounts without me entering a passphrase; is this intentional? It shouldn't be possible. # zfs mount storage/crypt cannot mount 'storage/crypt': encryption key not loaded ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: OpenZFS: using an encrypted dataset without a prompt for its passphrase
On 17/10/2020 08:40, Ryan Moeller wrote: This is intentional. The pool can be imported but the filesystem is not mounted until the key is loaded. Thanks, the file system mounts without me entering a passphrase; is this intentional? ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: OpenZFS: using an encrypted dataset without a prompt for its passphrase
On 10/17/20 1:54 AM, Graham Perrin wrote: root@momh167-gjp4-8570p:~ # zfs get all Transcend/VirtualBox | grep -e creation -e key -e crypt Transcend/VirtualBox creation Wed Sep 2 19:02 2020 - Transcend/VirtualBox encryption aes-256-gcm - Transcend/VirtualBox keylocation prompt local Transcend/VirtualBox keyformat passphrase - Transcend/VirtualBox encryptionroot Transcend/VirtualBox - Transcend/VirtualBox keystatus unavailable - root@momh167-gjp4-8570p:~ # I was prompted in early September but since then, no prompts. I can export and import the pool (Transcend) without entering the passphrase. Is this intended behaviour and if so: how does the pool – or the computer to which I connect the device (a mobile hard disk drive) – know that entry of the phrase is unnecessary? This is intentional. The pool can be imported but the filesystem is not mounted until the key is loaded. See zfs-load-key(8) -Ryan ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
OpenZFS: using an encrypted dataset without a prompt for its passphrase
root@momh167-gjp4-8570p:~ # zfs get all Transcend/VirtualBox | grep -e creation -e key -e crypt Transcend/VirtualBox creation Wed Sep 2 19:02 2020 - Transcend/VirtualBox encryption aes-256-gcm - Transcend/VirtualBox keylocation prompt local Transcend/VirtualBox keyformat passphrase - Transcend/VirtualBox encryptionroot Transcend/VirtualBox - Transcend/VirtualBox keystatus unavailable - root@momh167-gjp4-8570p:~ # I was prompted in early September but since then, no prompts. I can export and import the pool (Transcend) without entering the passphrase. Is this intended behaviour and if so: how does the pool – or the computer to which I connect the device (a mobile hard disk drive) – know that entry of the phrase is unnecessary? ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"