One of many many options OpenZFS brings to the desk is ZFS native encryption. First launched in OpenZFS 0.8, native encryption permits a system administrator to transparently encrypt information at-rest inside ZFS itself. This obviates the necessity for separate instruments like LUKS, VeraCrypt, or BitLocker.
OpenZFS encryption algorithm defaults to both
aes-256-ccm (previous to 0.8.4) or
aes-256-gcm (>= 0.8.4) when
encryption=on is ready. However it might even be specified straight. Presently supported algorithms are:
aes-256-ccm(default in OpenZFS < 0.8.4)
aes-256-gcm(default in OpenZFS >= 0.8.4)
There’s extra to OpenZFS native encryption than the algorithms used, although—so we’ll attempt to provide you with a quick however stable grounding within the sysadmin’s-eye perspective on the “why” and “what” in addition to the straightforward “how.”
Why (or why not) OpenZFS native encryption?
A intelligent sysadmin who needs to supply at-rest encryption does not really need OpenZFS native encryption, clearly. As talked about within the introduction,
VeraCrypt, and plenty of different schemes can be found and may be layered both beneath or atop OpenZFS itself.
First, the “why not”
Placing one thing like Linux’s
LUKS beneath OpenZFS has a bonus—with the whole disk encrypted, an enterprising attacker can now not see the names, sizes, or properties of ZFS
zvols with out entry to the important thing. In actual fact, the attacker cannot essentially see that ZFS is in use in any respect!
However there are vital disadvantages to placing
LUKS (or comparable) beneath OpenZFS. One of many gnarliest is that every particular person disk which shall be a part of the pool have to be encrypted, with every quantity loaded and decrypted previous to the ZFS pool
import stage. This is usually a noticeable problem for ZFS programs with many disks—in some circumstances, many tens of disks. One other drawback with encryption-beneath-ZFS is that the additional layer is an additional factor to go incorrect—and it is able to undo all of ZFS’ regular integrity ensures.
LUKS or comparable atop OpenZFS eliminates the aforementioned issues—a
zvol solely wants one key no matter what number of disks are concerned, and the
LUKS layer can’t undo OpenZFS’ integrity ensures from right here. Sadly, encryption-atop-ZFS introduces a brand new drawback—it successfully nerfs OpenZFS inline compression, since encrypted information is usually incompressible. This method additionally requires using one
zvol per encrypted filesystem, together with a visitor filesystem (e.g.,
ext4) to format the
LUKS quantity itself with.
Now, the “why”
OpenZFS native encryption splits the distinction: it operates atop the traditional ZFS storage layers and due to this fact does not nerf ZFS’ personal integrity ensures. Nevertheless it additionally does not intervene with ZFS compression—information is compressed previous to being saved to an encrypted
There’s an much more compelling cause to decide on OpenZFS native encryption, although—one thing known as “uncooked ship.” ZFS replication is ridiculously quick and environment friendly—steadily a number of orders of magnitude sooner than filesystem-neutral instruments like
rsync—and uncooked ship makes it attainable not solely to copy encrypted
zvols, however to take action with out exposing the important thing to the distant system.
Which means you need to use ZFS replication to again up your information to an untrusted location, with out issues about your personal information being learn. With uncooked ship, your information is replicated with out ever being decrypted—and with out the backup goal ever having the ability to decrypt it in any respect. This implies you may replicate your offsite backups to a good friend’s home or at a industrial service like rsync.net or zfs.rent with out compromising your privateness, even when the service (or good friend) is itself compromised.
Within the occasion that you should recuperate your offsite backup, you may merely replicate it again to your individual location—then, and solely then, loading the decryption key to really entry the info. This works for both full replication (transferring each single block throughout the wire) or asynchronous incremental replication (starting from a generally held snapshot and solely transferring the blocks which have modified since that snapshot).
What’s encrypted—and what isn’t?
OpenZFS native encryption is not a full-disk encryption scheme—it is enabled or disabled on a per-data set / per-zvol foundation, and it can’t be turned on for whole swimming pools as a complete. The contents of encrypted information units or zvols are protected against at-rest spying—however the metadata describing the info units/zvols themselves will not be.
For instance we create an encrypted information set named
pool/encrypted, and beneath it we create a number of extra baby information units. The
encryption property for the youngsters is inherited by default from the dad or mum information set, so we will see the next:
[email protected]:~# zfs create -o encryption=on -o keylocation=immediate -o keyformat=passphrase banshee/encrypted Enter passphrase: Re-enter passphrase: [email protected]:~# zfs create banshee/encrypted/child1 [email protected]:~# zfs create banshee/encrypted/child2 [email protected]:~# zfs create banshee/encrypted/child3 [email protected]:~# zfs checklist -r banshee/encrypted NAME USED AVAIL REFER MOUNTPOINT banshee/encrypted 1.58M 848G 432K /banshee/encrypted banshee/encrypted/child1 320K 848G 320K /banshee/encrypted/child1 banshee/encrypted/child2 320K 848G 320K /banshee/encrypted/child2 banshee/encrypted/child3 320K 848G 320K /banshee/encrypted/child3 [email protected]:~# zfs get encryption banshee/encrypted/child1 NAME PROPERTY VALUE SOURCE banshee/encrypted/child1 encryption aes-256-gcm -
In the intervening time, our encrypted information units are all mounted. However even when we unmount them and unload the encryption key—making them inaccessible—we will nonetheless see that they exist, together with their properties:
[email protected]:~# wget -qO /banshee/encrypted/child2/HuckFinn.txt http://textfiles.com/etext/AUTHORS/TWAIN/huck_finn [email protected]:~# zfs unmount banshee/encrypted [email protected]:~# zfs unload-key -r banshee/encrypted 1 / 1 key(s) efficiently unloaded [email protected]:~# zfs mount banshee/encrypted can't mount 'banshee/encrypted': encryption key not loaded [email protected]:~# ls /banshee/encrypted/child2 ls: can't entry '/banshee/encrypted/child2': No such file or listing [email protected]:~# zfs checklist -r banshee/encrypted NAME USED AVAIL REFER MOUNTPOINT banshee/encrypted 2.19M 848G 432K /banshee/encrypted banshee/encrypted/child1 320K 848G 320K /banshee/encrypted/child1 banshee/encrypted/child2 944K 848G 720K /banshee/encrypted/child2 banshee/encrypted/child3 320K 848G 320K /banshee/encrypted/child3
As we will see above, after unloading the encryption key, we will now not see our freshly-downloaded copy of Huckleberry Finn in
/banshee/encrypted/child2/. What we can nonetheless see is the existence—and construction—of our whole ZFS-encrypted tree. We are able to additionally see every encrypted information set’s properties, together with however not restricted to the
REFER of every information set.
It is value noting that making an attempt to
ls an encrypted information set which does not have its key loaded will not essentially produce an error:
[email protected]:~# zfs get keystatus banshee/encrypted NAME PROPERTY VALUE SOURCE banshee/encrypted keystatus unavailable - r[email protected]:~# ls /banshee/encrypted [email protected]:~#
It is because a unadorned listing exists on the host, even when the precise information set will not be mounted. Reloading the important thing does not robotically remount the info set, both:
[email protected]:~# zfs load-key -r banshee/encrypted Enter passphrase for 'banshee/encrypted': 1 / 1 key(s) efficiently loaded [email protected]:~# zfs mount | grep encr [email protected]:~# ls /banshee/encrypted [email protected]:~# ls /banshee/encrypted/child2 ls: can't entry '/banshee/encrypted/child2': No such file or listing
So as to entry our contemporary copy of Huckleberry Finn, we’ll additionally want to really mount the freshly key-reloaded information units:
[email protected]:~# zfs get keystatus banshee/encrypted/child2 NAME PROPERTY VALUE SOURCE banshee/encrypted/child2 keystatus out there - [email protected]:~# ls -l /banshee/encrypted/child2 ls: can't entry '/banshee/encrypted/child2': No such file or listing [email protected]:~# zfs mount -a [email protected]:~# ls -lh /banshee/encrypted/child2 complete 401K -rw-r--r-- 1 root root 554K Jun 13 2002 HuckFinn.txt
Now that we have each loaded the mandatory key and mounted the info units, we will see our encrypted information once more.