When using an locator for the keysource, the certificate that the server presents must be one that is trusted by libcurl and OpenSSL.
A GET on the URL returns just the key value or the passphrase, according to what was requested in the format part of the keysource property. Transporting key information in the clear using this method is not recommended. location – The key or a passphrase file location on a secure server. Pkcs11 – A URI describing the location of a key or a passphrase in a PKCS#11 token Prompt – You are prompted for a key or a passphrase when the file system is created or mountedįile:/// filename – The key or a passphrase file location in a file system Passphrase – A character string that generates a key Keysource property as follows: keysource=format,location The format and location of the wrapping key are specified in the Is either in a file (in raw or hex format) or it The encrypted file system is created, to the kernel. Key is passed from the zfs command, as in the above example when The default encryption algorithm is aes-128-ccm when a file system's encryption value isĪ wrapping key is used to encrypt the actual data encryption keys. For example: # zfs get encryption tank/home/darren # zfs create -o encryption=on tank/home/darrenĮnter passphrase for 'tank/home/darren': xxxxxxxĬonfirm that the file system has encryption enabled. The default encryption policy is to promptįor a passphrase, which must be a minimum of 8 characters in length. For example, the tank/home/darren file system isĬreated with the encryption property enabled. You can set an encryption policy when a ZFS file system isĬreated, but the policy cannot be changed.
#Openzfs native encryption software
ZFS encryption uses the Oracle Solaris Cryptographic Framework, which gives it access to any available hardware acceleration or optimized software implementations of the encryption algorithms automatically.Ĭurrently, you cannot encrypt the ZFS root file system or other OS components, such as the /var directory, even if it is a separate file system. Key management can be delegated through ZFS delegated administration.ĭata is encrypted using AES (Advanced Encryption Standard) with key lengths of 128, 192, and 256 in the CCM and GCM operation modes. ZFS encryption is inheritable to descendent file systems. You have the flexibility of encrypting specific file systems. You can use your existing storage pools as long as they are upgraded. Like other ZFS operations, encryption operations such as key changes and rekey are performed online. ZFS encryption is integrated with the ZFS command set. Theīenefits of using ZFS encryption are as follows: Key is needed by the data owner to access the encoded data. Setting User and Group Quotas on a ZFS File SystemĮncryption is the process where data is encoded for privacy and a
Troubleshooting ZFS File System Sharing Problems ZFS File Sharing Within a Non-Global Zone ZFS Sharing with Per-Property Inheritance Managing Oracle Solaris ZFS File SystemsĬreating, Destroying, and Renaming ZFS File Systems
Managing Oracle Solaris ZFS Storage Poolsĥ. Getting Started With Oracle Solaris ZFSģ. Oracle Solaris ZFS File System (Introduction)Ģ.
0 kommentar(er)
