Anthony Scarpino wrote: > How does this differ from the import of the pool?.. Say for example an > incorrectly entered passphrase..
In the case where you don't present the correct key you just get garbage file data because it doesn't decrypt correctly. In the key change case if you decrypt the dataset key with the wrong "current" DSKEK you get something that looks like a key for the dataset but it is the wrong one. You then reencrypt the dataset key with the new DSKEK you have lost all access to your data on read because it now gets decrypted with the wrong per dataset key and is garbage (at least until you change it back to the correct DSKEK assuming it still exists). -- Darren J Moffat
