This discussion is archived
4 Replies Latest reply: Aug 22, 2013 4:04 PM by cindys RSS

zfs encryption

988801 Newbie
Currently Being Moderated

Hi guys,

 

can someone please explain to me how zfs encryption works?  I will really appreciate it.

 

Thank you

Arrey

  • 1. Re: zfs encryption
    Pascal Kreyer - Oracle Expert
    Currently Being Moderated

    man zfs_encrypt

  • 2. Re: zfs encryption
    cindys Pro
    Currently Being Moderated

    This article by Darren Moffat is good too:

     

    How to Manage ZFS Data Encryption

     

    Thanks, Cindy

  • 3. Re: zfs encryption
    988801 Newbie
    Currently Being Moderated

    Thanks Cindy.

    I read up on zfs encryption and practiced it. However, I can still see the contents of the encrypted file system as a regular user.  Can you please tell me what I am doing wrong? Isn't encryption supposed to prevent users from seeing or copying data in an encrypted file system?

     

    Thanks again for your help.

  • 4. Re: zfs encryption
    cindys Pro
    Currently Being Moderated

    The encrypted file system's passphrase or other key (format type) must be provided when the encrypted file system is mounted or when the system is rebooted. This prevents hackers from accessing the protected data by attempting to mount the file system, like when the system is rebooted. You can further prevent users from the accessing the data in the encrypted file system by setting specific permissions or ACLs. So, the encrypted file system can only be accessed when mounted, by providing the encrypted keys, and further, by specifying who can access the data.

     

    Thanks, Cindy

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points