# cat /tmp/p aaaaaaaaaabbbbbbbbbbccccccccccz # zfs create -o encryption=aes-256-ccm -o keysource="raw,file:///tmp/p" test-0/testp # zfs get objsetid test-0/testp NAME PROPERTY VALUE SOURCE test-0/testp objsetid 192 - # mdb -k Loading modules: [ unix genunix specfs dtrace mac cpu.generic uppc apix zvpsm scsi_vhci iommu zfs lsc sd ip hook neti arp usba kssl stmf stmf_sbd sockfs lofs random idm nvme sata ufs cpc crypto fcip fctl fcp smbsrv nfs zvmm logindmux nsmb ptm sppp ipc ] > ::spa ADDR STATE NAME REALNAME ffffa1c13a33b000 ACTIVE test-0 - ffffa1c13a38b000 ACTIVE test-1 - ffffa1c13a097000 ACTIVE rpool - > ffffa1c13a33b000::spa |::print spa spa_keystore->sk_dslkeys|::walk avl|::if zcrypt_keystore_node_t skn_os = 0t192|::print zcrypt_keystore_node_t skn_wrapkey->zk_key.cku_data.cku_key_value.cku_v_length skn_wrapkey->zk_key.cku_data.cku_key_value.cku_v_length = 0x100 > 0x100 % 8 = X 20 > ffffa1c13a33b000::spa |::print spa spa_keystore->sk_dslkeys|::walk avl|::if zcrypt_keystore_node_t skn_os = 0t192|::print zcrypt_keystore_node_t skn_wrapkey->zk_key.cku_data.cku_key_value.cku_v_data|::dump -un 0x20 0 1 2 3 4 5 6 7 8 9 a b c d e f 0123456789abcdef ffffa1c149dcdd20: 61616161 61616161 61616262 62626262 aaaaaaaaaabbbbbb ffffa1c149dcdd30: 62626262 63636363 63636363 63637a0a bbbbccccccccccz.
Tuesday, June 12, 2018
Extracting ZFS Wrapping Key
Thanks to Victor Latushkin, below is a procedure on how to extract ZFS wrapping key for a given dataset.
Notice that key length is encoded in number of bits so it needs to be converted.
No comments:
Post a Comment