# cat /tmp/p
aaaaaaaaaabbbbbbbbbbccccccccccz
# zfs create -o encryption=aes-256-ccm -o keysource="raw,file:///tmp/p" test-0/testp
# zfs get objsetid test-0/testp
NAME PROPERTY VALUE SOURCE
test-0/testp objsetid 192 -
# mdb -k
Loading modules: [ unix genunix specfs dtrace mac cpu.generic uppc apix zvpsm scsi_vhci iommu zfs lsc sd ip hook neti arp usba kssl stmf stmf_sbd sockfs lofs random idm nvme sata ufs cpc crypto fcip fctl fcp smbsrv nfs zvmm logindmux
nsmb ptm sppp ipc ]
> ::spa
ADDR STATE NAME REALNAME
ffffa1c13a33b000 ACTIVE test-0 -
ffffa1c13a38b000 ACTIVE test-1 -
ffffa1c13a097000 ACTIVE rpool -
> ffffa1c13a33b000::spa |::print spa spa_keystore->sk_dslkeys|::walk avl|::if zcrypt_keystore_node_t skn_os = 0t192|::print zcrypt_keystore_node_t skn_wrapkey->zk_key.cku_data.cku_key_value.cku_v_length
skn_wrapkey->zk_key.cku_data.cku_key_value.cku_v_length = 0x100
> 0x100 % 8 = X
20
> ffffa1c13a33b000::spa |::print spa spa_keystore->sk_dslkeys|::walk avl|::if zcrypt_keystore_node_t skn_os = 0t192|::print zcrypt_keystore_node_t skn_wrapkey->zk_key.cku_data.cku_key_value.cku_v_data|::dump -un 0x20
0 1 2 3 4 5 6 7 8 9 a b c d e f 0123456789abcdef
ffffa1c149dcdd20: 61616161 61616161 61616262 62626262 aaaaaaaaaabbbbbb
ffffa1c149dcdd30: 62626262 63636363 63636363 63637a0a bbbbccccccccccz.
Tuesday, June 12, 2018
Extracting ZFS Wrapping Key
Thanks to Victor Latushkin, below is a procedure on how to extract ZFS wrapping key for a given dataset.
Notice that key length is encoded in number of bits so it needs to be converted.
No comments:
Post a Comment