I just tested crypto a little and I have some send/receive specific questions about it. It would be great if someone could clarify.
Currently ZFS has no background rewriter. However the fact that ZFS applies most of the properties and tunables (like dedup or compression) on write time for all newly written data makes send/receive a good (offline) workaround to compress, decompress or dup/dedup all your data by just doing a local send/receive. I wanted to test the same thing for crypto. Crypto is a create only propert, so I can not change it to encrypt or decrypt a existing dataset. It seems that I can send a encrypted dataset to a unencrypted target. If I send via -p (to keep the properties), this works also and ZFS asks me for a passphrase. When testing the other way around, encrypting existing datasets, I would like to send a (unencrypted) dataset to a encrypted target set. It seems however that this is not possible. --- r...@solaris11:~# zfs list mypool/secret_received cannot open 'mypool/secret_received': dataset does not exist r...@solaris11:~# zfs send mypool/plaint...@test | zfs receive -o encryption=on mypool/secret_received cannot receive: cannot override received encryption --- Is there a implementation/technical reason for not allowing this ? Based on the tests that "decryption by send/receive" works, I would assume that "encryption by send/receive" would also be technically possible ?? Also it seems that I can not "decrypt by send/receive" if I want to send all other properties: --- r...@solaris11:~# zfs send -p mypool/sec...@test | zfs receive -x encryption mypool/publicneu cannot receive: cannot override received encryption --- This looks like a implementation limitation to me, because actually it is the same as the simple working "non property" send receive above. Some clarification on the impact of encryption to send/receive would help. Regards, Robert -- This message posted from opensolaris.org _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
