So today I believe I have encrypted data (part of Hamlet in case you care[1]) in a ZFS file system for the first time without having a panic.[2]
However.... when I read the data back using cat(1) I get garbage. Garbage of the correct size that looks very much like it would be the ciphertext! Now I think this is because I used crypto_encrypt(9f) with the inplace encryption. I believe this means that we now have the ciphertext in the ARC. Now that might actually be a good thing in some cases since it means that if the key goes away (ie user removed it) we don't need to flush the cache; it wasn't what I was trying to do at the moment though and I actually thought that was going to be one of the harder problems to solve :-) So I went back and looked at how compression works and noticed that it uses zio_push/pop_transform. I had tried using that before but it just resulted in panics so I put it aside for a while. So should I be using the zio transform stuff here ? If so how is it supposed to work, who allocates memory etc. Assuming that I do want to actually have the data encrypted in the ARC is there a hook some where that I can have zio_decrypt_data called or is this something I'll need to add myself ? Cheers [1] Yeah I should use something else since that is already in the Solaris source base (and put there by me). [2] NOTE: This is still a prototype and is using a hardcoded key because this is for ZIO pipeline testing not even beta test. -- Darren J Moffat
