From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 37F7982B46 for ; Wed, 1 Dec 2021 04:40:37 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 22FEE2D25E for ; Wed, 1 Dec 2021 04:40:07 +0100 (CET) Received: from mail-yb1-xb2c.google.com (mail-yb1-xb2c.google.com [IPv6:2607:f8b0:4864:20::b2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 5E4D62D247 for ; Wed, 1 Dec 2021 04:40:05 +0100 (CET) Received: by mail-yb1-xb2c.google.com with SMTP id y68so59180812ybe.1 for ; Tue, 30 Nov 2021 19:40:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=W1d66OhuL2gW2JogCJIw7sDh3sB8yRRGU//RAf3EtSY=; b=chTamxw0Q8wJrGsCPWZFs/uf7T0+T711necUd8P5o/MosYVWiT7LztExXEnr9JSxua 730PuH/AttJV+A6AKSUjaQLRBO2/3AkrHdfnjci0yVvRWnT6NP2lHd0OfnAzQmYtOAFn tttjCm7Xt+CLaOc5hBWacQc6CwWsCe+bDrD1319+CezHehNgU24i4QwMINncHog9OAhV fI9mOKHGZv3pZLJuEBYsMdJpewdEElVFkCpPGrylURvFWban0EQxIbabMR+cCIdObf0r tGAcbQQUWWt9poIpbLmBlcWuyT02WGu9eO6xmOwUc1+phhOJFTVrELKme68ssldujoEx aDSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=W1d66OhuL2gW2JogCJIw7sDh3sB8yRRGU//RAf3EtSY=; b=w7Eu50drP5R3MKhUClO36nfpdmnjALDWCgXJ8icO7jB0UmZGk5yLdgBT+gpqtOkZaX RZUmivrAMv9x4H3Yb9ACTga9STAvv2CT0DxSmnoxKZNeelqyKc7NhU11ZkG72zKKgORi IJVWLDqNj3APd6VocVyIKUQ0t4tRY1056wOotYLVgzG8vWJC5fuZ7pFc2zH4yVrPZ1gw okMsDbv43UvXgNXwI6y3rpWL3nz8G8Hf4GMmzJXgyaK9Qhq8NLcmyvrM/DrMTGknN5pN OAjoAO0+rlmRY4ok8MAgVeOjvtgbpcJ/2eUf/V/5wfoHIWlqQEBC2q+Wiiwnaxhkz6tc 815Q== X-Gm-Message-State: AOAM530ZKTObDyqw2ZVGz6ej1b/punSbHAAHHq6pMhVSUTeaKnLb1Wmr FL2oChgqB5zpyyXZFyiGlrpbZ9nlkNzOSOrD84s= X-Google-Smtp-Source: ABdhPJwbB232HeTmeSMfVaIvDm5noLQr7lDP4ujXSZc3DMepv8ZDYVjGXVC0HITeNuA716XrnlZKoZGb3kskR3W0Ck8= X-Received: by 2002:a05:6902:1208:: with SMTP id s8mr4102755ybu.379.1638329998054; Tue, 30 Nov 2021 19:39:58 -0800 (PST) MIME-Version: 1.0 References: <5a879cf8-ed5a-783a-29a7-6d175b2605f7@proxmox.com> In-Reply-To: From: Eric Abreu Date: Tue, 30 Nov 2021 22:39:46 -0500 Message-ID: To: athompso@athompso.net Cc: Proxmox VE user list , Thomas Lamprecht X-SPAM-LEVEL: Spam detection results: 0 AWL 0.089 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain FREEMAIL_ENVFROM_END_DIGIT 0.25 Envelope-from freemail username ends in digit FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider HTML_MESSAGE 0.001 HTML included in message KAM_NUMSUBJECT 0.5 Subject ends in numbers excluding current years KAM_SHORT 0.001 Use of a URL Shortener for very short URL POISEN_SPAM_PILL_4 0.1 random spam to be learned in bayes RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: [PVE-User] Where is ZFS encryption key in Proxmox 7.1 X-BeenThere: pve-user@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE user list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Dec 2021 03:40:37 -0000 Ok. Thank you Adam. On Tue, Nov 30, 2021, 9:58 PM Adam Thompson wrote: > No. That means that the encryption *feature* is enabled, i.e. you may now > proceed to encrypt your dataset... if you really want to find out exactly > how that breaks things, I guess. > If it came back as disabled, you would not be able to use encryption at > all on that dataset. > -Adam > > Get Outlook for Android > ________________________________ > From: pve-user on behalf of Eric > Abreu > Sent: Tuesday, November 30, 2021 6:31:31 PM > To: Thomas Lamprecht > Cc: Proxmox VE user list > Subject: Re: [PVE-User] Where is ZFS encryption key in Proxmox 7.1 > > Hello Thomas, > > I have repeated the following steps: > > 1 - Went to PVE Node/ ZFS/ Create ZFS/ > 2 - On the dialogue box name = my_pool, Add Storage (check), Select Devices > (2 x 1TB disks), RAID Level = Mirror, Compression = off, ashift = 12 > 3 - Hit Create > 4 - Open the command line on my pve node and typed: > zpool get feature@encryption my_pool > > And I got this as a response: > > NAME PROPERTY VALUE SOURCE > my_pool feature@encryption enabled local > > Does that mean encryption is enabled? > > Thanks again. > > On Tue, Nov 30, 2021 at 12:17 PM Eric Abreu wrote: > > > Hi Thomas, > > > > Thanks for the quick response. I'm going to repeat the steps to create > the > > ZFS pool from the web interface and paste them here. I'm pretty sure I > did > > everything from the dashboard and the encryption was enabled by default. > > I'll keep you posted. Thanks again for your help. > > > > On Tue, Nov 30, 2021 at 3:37 AM Thomas Lamprecht < > t.lamprecht@proxmox.com> > > wrote: > > > >> Hi, > >> > >> On 30.11.21 04:36, Eric Abreu wrote: > >> > I have created a ZFS pool from Proxmox 7.1 web interface with 2 SSDs > in > >> > RAID 1. I noticed that everything works fine after I created the pool, > >> and > >> > ZFS at REST encryption was also enabled. After rebooting the server it > >> did > >> > not ask for a passphrase so my guess is that Proxmox is getting the > key > >> > from somewhere in the file system. Anyone could help me find out > where? > >> > >> Well, how did you enable ZFS at rest encryption? As that is something > >> that won't > >> be done automatically, and the local-storage web-interface/api currently > >> does not > >> allow to configure that either. > >> > >> cheers, > >> Thomas > >> > >> > _______________________________________________ > pve-user mailing list > pve-user@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > _______________________________________________ > pve-user mailing list > pve-user@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user > >