From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <athompso@athompso.net>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 5644C82B36
 for <pve-user@lists.proxmox.com>; Wed,  1 Dec 2021 03:58:46 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 3F5A12CFDD
 for <pve-user@lists.proxmox.com>; Wed,  1 Dec 2021 03:58:16 +0100 (CET)
Received: from CAN01-TO1-obe.outbound.protection.outlook.com
 (mail-to1can01on0724.outbound.protection.outlook.com
 [IPv6:2a01:111:f400:fe5d::724])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id EDD912CFC8
 for <pve-user@lists.proxmox.com>; Wed,  1 Dec 2021 03:58:14 +0100 (CET)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=SBWHk47RCxxqJ7aM/Wvk61+8uijmXg6qHB/3XnwD1lQQNh14BiQf9NFUz20KtX/uCQ8A/HGPckGShQhD2DvF1NLmflez4ULphHP4I6mjPpu35opd2iuytPWFwSIWsQSD9VfBdrxChMr8texU+35XbeMY/26bcIcMVT/wGKCyQSv01BV6C/l/Zoc5ZLqrHoLpv2VVM6VoENSq0HCpMJyXEsPrl9Yk8lV+Ck0zQKdeo7g8rT/Ki7dNyalKy4/6ZqVDQ99QaWRbo6MW6RxRNx9TG7Sev7wqjSrk/Lq9X71U3ycKHRxSL7bWt8cEL/rsNxn6/z4Vi/ZvI2YhFYQr3Mk2Kg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=eH2cIgDXzAzmgTxcpqUbgI1koyIBRuk9uuTZekLLBlA=;
 b=m8NDk4rpvRcvXA0Ym0hlQNa+VoHj1zIe/vMtlgpjSyhEPH0+oVj2lYYOdveedII191ClSySU4ex4rm3HFdOkvezzZU52sENiENyFN32UBNdJrNgLQVj1MDkvItHuRYgkrb7WzdxuB0Uxi2pXPxMvU2A8/nPx+0jRBDoYJey+QrXA5CBhZnsXQXAlKStUbfHEUgLCvzb2IhEpyhIPpAGZGoFCmZ8Qr4E/Q8G0JDby3jPF4Iqhk/OOqwwV6+nAVVc84RH7kgr5YZiePHZPqRB5Wp1cSzNh3u/lmI4ZzhiOjkrqW0HnaS8kMD55krdX1JgkOthG9+nEdWr1t0hp4JEmCQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=athompso.net; dmarc=pass action=none header.from=athompso.net;
 dkim=pass header.d=athompso.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=BGETCA.onmicrosoft.com; s=selector2-BGETCA-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=eH2cIgDXzAzmgTxcpqUbgI1koyIBRuk9uuTZekLLBlA=;
 b=nFQM2ErDeNWiOPDgJrjrOW8LbgUEwMdc7//vKeuzgHIOndZoR7cXxtDJfiF2le00OZZ0EXwCq+WTgxgOjPSD+65ma3GfInJPe7M7Vg3hi7K4AJ+5xuQNfpTGVPk/ft6Gch3nfqUVZL7CvCmhrRCyIqim+oNb1u3Q6z0WW7hfIKg=
Received: from YT2PR01MB4622.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b01:3d::9)
 by YT2PR01MB5838.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b01:56::13) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4734.24; Wed, 1 Dec
 2021 02:58:06 +0000
Received: from YT2PR01MB4622.CANPRD01.PROD.OUTLOOK.COM
 ([fe80::2d23:cc5b:3b74:9b44]) by YT2PR01MB4622.CANPRD01.PROD.OUTLOOK.COM
 ([fe80::2d23:cc5b:3b74:9b44%7]) with mapi id 15.20.4755.011; Wed, 1 Dec 2021
 02:58:06 +0000
From: Adam Thompson <athompso@athompso.net>
To: Proxmox VE user list <pve-user@lists.proxmox.com>, Thomas Lamprecht
 <t.lamprecht@proxmox.com>
CC: Proxmox VE user list <pve-user@lists.proxmox.com>
Thread-Topic: [PVE-User] Where is ZFS encryption key in Proxmox 7.1
Thread-Index: AQHX5ZuRbvQmjiovDEWlxnm6STuPDqwbv9SAgACRJoCAAHlhgIAAKF38
Date: Wed, 1 Dec 2021 02:58:06 +0000
Message-ID: <YT2PR01MB462235244657E1D3679BA866AB689@YT2PR01MB4622.CANPRD01.PROD.OUTLOOK.COM>
References: <CACEJK8PbmYcKTL8E4+JQ+L80L3cxcVcE4K7KKwBU9R77sh7nHQ@mail.gmail.com>
 <5a879cf8-ed5a-783a-29a7-6d175b2605f7@proxmox.com>
 <CACEJK8N20D2tw+-fkL6rGSVk35y4oAqfj_BrSPcrLhE_7UKdFA@mail.gmail.com>
 <CACEJK8MCyAtsz_V4hc42E0cbmk7Qde5zS0LVQr+zw2OrVJYu5w@mail.gmail.com>
In-Reply-To: <CACEJK8MCyAtsz_V4hc42E0cbmk7Qde5zS0LVQr+zw2OrVJYu5w@mail.gmail.com>
Accept-Language: en-CA, en-US
Content-Language: en-CA
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=athompso.net;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 80bc6262-861d-4eb5-c103-08d9b476665e
x-ms-traffictypediagnostic: YT2PR01MB5838:
x-microsoft-antispam-prvs: <YT2PR01MB58381DC9AF743C9D2786AE82AB689@YT2PR01MB5838.CANPRD01.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:5236;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: BqFH23bbS8OxBPwG1iK72O7Sk9Z3bItxAQ7laBEXK/xiRnrPAI15TDJRZi1Le8nOlDK+JVHQgVftDU6rk1hMkRB9Wq8Uhy8qyLsxsXj4mTH9BHalqBNV8cuYUabTAj/HaCUfW0vZZZNPSVLuv37XB7Em3jp07tFCntMTWks5/eDPb6sXuIFTkx0Jo7YM4TMwJH6W6Qg8hzMDpgSFfMGkyUxraGbD7ETdcnbfUuwcmFbyS3VNDu+gFxe9qf2LtYWJV6lMPdCqva6ueY4Dw/0tVbxseCyDh1OEcIIFPiXDqFUmEQfhpFa7fNZqhYJnB4hYQ8OC1gDKPfX5gQiNd7+hKta7GHeBuwrYWzjljhA4F82rdl+TIOTfjpXpHzZTsp4uQJ+PTBtPVgSFfl5Fim0rEI4AuyL1aQo3u3c4e3OHCe8AY0V/dS3d1a6qfLVdL4sXFkd9I9pxqI3LfWatI9GhzvXFm/aKs6oauqndPP+Sm8BPkF/J97EoBwuM00u2hzHIVaZ4p5ILGe10c29rFrtfaJnWlrIOXS/D6aT9RWlxsCWhJSteWacYr7qSM2tfGCUOrfxP1nhfq4GWqSPS0GoKD/orKcxGQPkaTVyS0KXuxvCdbalq6YlMypdY0kHXiO/ujoGuiVUH4nl7U44JaR1iZbPYxfQLJHFa2iAwhDv8n18H4KU2+Jnjj+VfOowEZtq+Y1BA+ctRGanw/b1y/FbT1G9wNXgqPn33I10QMzdnhQZELfRMTvd0i3utVEiwCHMoaIru3E2QtIrC4YWgJu5mM/e3gFLhf46Di6Nuf/wl3eo=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:YT2PR01MB4622.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE;
 SFS:(366004)(346002)(376002)(39830400003)(136003)(396003)(83380400001)(8936002)(110136005)(6506007)(166002)(8676002)(86362001)(45080400002)(71200400001)(508600001)(186003)(4326008)(52536014)(55016003)(966005)(2906002)(33656002)(9686003)(38100700002)(53546011)(64756008)(316002)(66446008)(7696005)(26005)(122000001)(66946007)(76116006)(38070700005)(66556008)(66476007)(5660300002);
 DIR:OUT; SFP:1102; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?ZZa6G4yzr/IT8taojHkm1wcGYLqziDhkszCQfSubspwd6w7ZCtMGZgE3KAT1?=
 =?us-ascii?Q?ZFwpjEfNbYCdRVN+Vgp7UkQQzGcmMncqSetJgDnL0ffyv4yVlgesF6UXulGw?=
 =?us-ascii?Q?CmV3GalekOYvVjy9PlNLyjzXh8uVIky6Tmo58fGgV9+kJhpw6goAjDdJacDP?=
 =?us-ascii?Q?QT5euMgiNUPFLjPcKFm9huhqENF9wVmq8EQOTNE6ZUPAY5cQIAGyVlYrMaB8?=
 =?us-ascii?Q?ZX4mmvzinSxjm+iK6uRL2ekS7pgxrdETqoxywWGMsTBzV7N0iro8VmEkd7Sl?=
 =?us-ascii?Q?v03lIUYZFkhiElGQ0ALS4Dh1o3LF83/nfOcFtajwCfpmBFx9cTjrqc332qUQ?=
 =?us-ascii?Q?YdTKeD8nZgi/wYe6Oj7kM2lhLtYqoGDSzq0jN4933erDrb5LNqYY6MVb6LWf?=
 =?us-ascii?Q?vtHb0PEfG2nNFcQdSUKMa8NqZXUirBK3UZ94EE7qq1JR1e/yF28gQ/R8jFPt?=
 =?us-ascii?Q?FUHBWcJiBT+YvvrQ4dVucwNksuw886ltyPLQTI2vWZmXKEiCarXwVSL9Zdut?=
 =?us-ascii?Q?w3+JUKhLcHKvoX913ArlSWtNmnCP7C7as1+jIpC22OtKVpLcDF/BuDa1AJA7?=
 =?us-ascii?Q?lvXYPatTtKTaERPkrIMHHJTAkVxQNZ2H/XKicTjgIMx8rUlyWW/pBLIp17XM?=
 =?us-ascii?Q?qLCjQAWogoQ2QI7OyQ1elQZ22FRfKSmiwED41JiN+SlJ7gfWcEs5FEv1zBDs?=
 =?us-ascii?Q?GLdTrWJFvBMpCcTRWZO04hAExeLxWGkmxjvKp62trEEFGfMk3B5ucFyWJJIi?=
 =?us-ascii?Q?FtO2dD6GH7PH3mkT6YAEmdcTa4l0rT3p+JGl/aZKKl/QWTojoEfaxgHQQpO7?=
 =?us-ascii?Q?FOuDWNvt5KaMOxDm5XTok/P6eKVYUbwHTrPH0Wt8V0U0VKrnEEa0vaAvB29f?=
 =?us-ascii?Q?IyDTI3yyWq9jP5xeR3adMV6VCNluhBdCsB0Z4HUddigXvYQeVubkiKRcVOEb?=
 =?us-ascii?Q?/odlLvxTJBF4sZf19qkPliW3twcy9Eg4O4Tb2bIovV7PgLvfDkZa2BTSX+TW?=
 =?us-ascii?Q?5/6Od8o8Wy12TbMd2NIXVBtHZP/BoZ2HDtuzsk/B8v7h2pd5v0dpw9Eb0njd?=
 =?us-ascii?Q?jqgCGTB+X5WZXkUDgtDxL+Ix9+MjPqYQOk23PviXi9tuMuXDLX3+SLE3rzhc?=
 =?us-ascii?Q?kB479DZeObBuxO+Q7H8N+wZZ5D/SXked+Cg9iURRQi8zJsKTeMcMma15BILB?=
 =?us-ascii?Q?p71iMG13he8ufk4AoX1DooypABKkZ3mLfXPg8HkrZLmDpaVgndzY0GkffDly?=
 =?us-ascii?Q?z3xAfVh6X48/DnwN2WZSGR2JyY+jikarzyFR7dlocQf+hgpJfAH9Gf7kReO6?=
 =?us-ascii?Q?GmB8edYCBtlHU+OqThWiB1ejODa6SlP/xpjOLs5R1sti7OousdzHA6eT5DFi?=
 =?us-ascii?Q?lExbn4AjBfM1sOUAMFRWF386QUIF7TwCOHdsEIBqxHzOoqg9esI1x+50HVNQ?=
 =?us-ascii?Q?IH3Dlso1fAxEdZDqXezMYxVwBN8x6xFPSg93U+FXmQ9/qy08dvkdf/x/92+d?=
 =?us-ascii?Q?BYbjVeoGpAsJUP7457ZOLX+KS2mt7KkHOIxJwsZs1HrTPHybPNWdLr2mzurz?=
 =?us-ascii?Q?QIpfIYbzfX4OijKDEZqAdozq7PtTnmbP09VJMKkd6BDQLmlZZz27Xf5qNRjZ?=
 =?us-ascii?Q?/DmSk7gyY/uJq7yRHS4z1AJHA65tgj8E6OyrfVNtYxRi?=
MIME-Version: 1.0
X-OriginatorOrg: athompso.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: YT2PR01MB4622.CANPRD01.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 80bc6262-861d-4eb5-c103-08d9b476665e
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Dec 2021 02:58:06.5425 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 10d7fd83-719f-4fa4-ab6b-855821d5b188
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: gYRDQPEnHd/P3p2d82zMXIV308anKw3PYPIqIogf6gz3ZDR0pAZ6Zdq5ouSExaLJ6Cy9wvM7vmneJS20EDThFA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YT2PR01MB5838
X-SPAM-LEVEL: Spam detection results:  0
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DKIM_SIGNED               0.1 Message has a DKIM or DK signature,
 not necessarily valid
 DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
 HTML_MESSAGE            0.001 HTML included in message
 KAM_NUMSUBJECT 0.5 Subject ends in numbers excluding current years
 KAM_SHORT               0.001 Use of a URL Shortener for very short URL
 SPF_HELO_PASS          -0.001 SPF: HELO matches SPF record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [bgetca.onmicrosoft.com, proxmox.com]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
Subject: Re: [PVE-User] Where is ZFS encryption key in Proxmox 7.1
X-BeenThere: pve-user@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE user list <pve-user.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-user>, 
 <mailto:pve-user-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-user/>
List-Post: <mailto:pve-user@lists.proxmox.com>
List-Help: <mailto:pve-user-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user>, 
 <mailto:pve-user-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Wed, 01 Dec 2021 02:58:46 -0000

No.  That means that the encryption *feature* is enabled, i.e. you may now =
proceed to encrypt your dataset... if you really want to find out exactly h=
ow that breaks things, I guess.
If it came back as disabled, you would not be able to use encryption at all=
 on that dataset.
-Adam

Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: pve-user <pve-user-bounces@lists.proxmox.com> on behalf of Eric Abreu=
 <abreuer1521@gmail.com>
Sent: Tuesday, November 30, 2021 6:31:31 PM
To: Thomas Lamprecht <t.lamprecht@proxmox.com>
Cc: Proxmox VE user list <pve-user@lists.proxmox.com>
Subject: Re: [PVE-User] Where is ZFS encryption key in Proxmox 7.1

Hello Thomas,

I have repeated the following steps:

1 - Went to PVE Node/ ZFS/ Create ZFS/
2 - On the dialogue box name =3D my_pool, Add Storage (check), Select Devic=
es
(2 x 1TB disks), RAID Level =3D Mirror, Compression =3D off, ashift =3D 12
3 - Hit Create
4 - Open the command line on my pve node and typed:
zpool get feature@encryption my_pool

And I got this as a response:

NAME     PROPERTY            VALUE               SOURCE
my_pool  feature@encryption  enabled             local

Does that mean encryption is enabled?

Thanks again.

On Tue, Nov 30, 2021 at 12:17 PM Eric Abreu <abreuer1521@gmail.com> wrote:

> Hi Thomas,
>
> Thanks for the quick response. I'm going to repeat the steps to create th=
e
> ZFS pool from the web interface and paste them here. I'm pretty sure I di=
d
> everything from the dashboard and the encryption was enabled by default.
> I'll keep you posted. Thanks again for your help.
>
> On Tue, Nov 30, 2021 at 3:37 AM Thomas Lamprecht <t.lamprecht@proxmox.com=
>
> wrote:
>
>> Hi,
>>
>> On 30.11.21 04:36, Eric Abreu wrote:
>> > I have created a ZFS pool from Proxmox 7.1 web interface with 2 SSDs i=
n
>> > RAID 1. I noticed that everything works fine after I created the pool,
>> and
>> > ZFS at REST encryption was also enabled. After rebooting the server it
>> did
>> > not ask for a passphrase so my guess is that Proxmox is getting the ke=
y
>> > from somewhere in the file system. Anyone could help me find out where=
?
>>
>> Well, how did you enable ZFS at rest encryption? As that is something
>> that won't
>> be done automatically, and the local-storage web-interface/api currently
>> does not
>> allow to configure that either.
>>
>> cheers,
>> Thomas
>>
>>
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user