A quick-start guide to OpenZFS native encryption

by
Jim Salter
from Ars Technica - All content on (#5KEWW)
padlocks-21344863_70a51dc698_o-800x600.j

Enlarge / On-disk encryption is a complex topic, but this article should give you a solid handle on OpenZFS' implementation. (credit: Paul Downey / Flickr CC BY 2.0)

One of the many features OpenZFS brings to the table is ZFS native encryption. First introduced in OpenZFS 0.8, native encryption allows a system administrator to transparently encrypt data at rest within ZFS itself. This obviates the need for separate tools like LUKS, VeraCrypt, or BitLocker.

OpenZFS' encryption algorithm defaults to either aes-256-ccm (prior to 0.8.4) or aes-256-gcm (>= 0.8.4) when encryption=on is set. But it may also be specified directly. Currently supported algorithms are:

  • aes-128-ccm
  • aes-192-ccm
  • aes-256-ccm (default in OpenZFS < 0.8.4)
  • aes-128-gcm
  • aes-192-gcm
  • aes-256-gcm (default in OpenZFS >= 0.8.4)

There's more to OpenZFS native encryption than the algorithms used, though-so we'll try to give you a brief but solid grounding in the sysadmin's-eye perspective on the "why" and "what" as well as the simple "how."

Read 49 remaining paragraphs | Comments

index?i=_HpfDV7Ke0M:u3z-MXoh7ZQ:V_sGLiPB index?i=_HpfDV7Ke0M:u3z-MXoh7ZQ:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments