On 09/24/11 10:47, Nikola M. wrote:
On 08/12/11 12:12 PM, Giovanni Schmid wrote:
I'm wondering if rsyncing a ZFS with encryption set to on could work.
More precisely:
suppose there are hosts A and B, both with encrypted zfs
rpool/export/home/user/shared;
suppose user on host A runs the command
user$ rsync -avz shared/ B:shared/
But does it blend? :P (and how it affect zfs send)
I don't understand what "blend" means in this context.
The rsync will work just fine if the encrypted file system is mounted
because rsync has no way to know if encryption is being used it is
completely transparent.
Maybe better question is: Is data stream encrypted,
when sending encrypted zfs dataset changes from one system to another,
using zfs send?
Not it is not, the ZFS send stream is the data as seen at the DMU layer
of ZFS and is taken from the ARC. This means it is both decrypted and
decompressed. This is how ZFS send works. The send stream does have
the encryption properties stored in it so when you do the 'zfs recv' you
will end up with an encrypted dataset again but the data encryption keys
will be different (because they are generated at dataset create time).
--
Darren J Moffat
_______________________________________________
security-discuss mailing list
[email protected]
