someone seems to work on that feature for zfs on linux https://github.com/zfsrogue/zfs-crypto
maybe thats something which could be a start "Günther Alka via smartos-discuss" <[email protected]> hat am 15. März 2015 um 21:27 geschrieben: > Edward Snowden shows us that > > - you must care about your data. always, everywhere > - must not allow any admin to see your data > - must use end to end encryption (do not trust your provider, you need a > personal key) > - you cannot lock out NSA & Co, but most others (and NSA needs a lot of > efforts if any data is end-user encrypted) > - any effort is better than the current „all is open" > > even if you simply care about some business/private data without any criminal > background > > > > > > > > IMNSHO, relying on the filesystem to encrypt data is far inferior to > > encrypting > > at the application. If you have something worth hiding, do not rely on > > cleartext > > at any infrastructure level. The guvmint routinely shows how they've > > already > > compromised those things we use to build infrastructure. > > -- richard > > > > > > > > > > > > This is important for everything especially to cloud storage. > > > Transport encryption is worthless if the data on a server is open > > > and not encrypted in a way that only a single end-user can access/encrypt > > > data with a user-key not the server admin. Any current ZFS encryption is > > > worthless in this sense as you unlock data on bootup and then its open for > > > every admin or server process. > > > > > > In this case, as SmartOS is intended for cloud-use I hope that > > > there will come something in the future that gives us this level of > > > security at a end-user level. > > > > > > > > > Gea > > > > > > > > > > > > On 15.03.2015 05:22, Jonathan Paget via smartos-discuss wrote: > > > > > > > > > > I forgot about lofi > > > > > > > > zones/$UUID--lofi-backend0 ---> /dev/$UUID--lofi-device0 > > > > > > > > vmadm get $UUID | json disks | grep zfs_filesystem > > > > zfs_filesystem": "zones/$UUID--lofi-device0" > > > > > > > > or something like the above > > > > > > > > > > > > > > > > On Sat, Mar 14, 2015 at 5:11 PM, Richard Elling > > > > <[email protected] > > > > <mailto:[email protected]> > wrote: > > > > > > > > > > > > > > > > > > > > > > > > > On Mar 14, 2015, at > > > > > > > > > > > 2:08 PM, Jonathan Paget via > > > > > > > > > > > smartos-discuss < > > > > > > > > > > > [email protected] > > > > > > > > > > > > > > > > <mailto:[email protected]> > > > > > > > > > > > > wrote: > > > > > > >> Are there any encryption options? > > > > > > > > > > > > Your only real option is for a KVM guest to use > > > > > > encryption inside a Zone (CentOS and Ubuntu offer encryption at > > > > > > their install screens). Some people use ZVOLs as back-ends for > > > > > > FreeBSD's GELI on FreeBSD, or use GELI to encrypt the underlying > > > > > > vdevs of their zpool, but FreeBSD Jails aren't anywhere near a > > > > > > complete alternative to zones. > > > > > > > > > > > > > > > > > > > > > > lofi on SmartOS, managed with the lofiadm command. > > > > > There would be some > > > > > assembly required, but shouldn't need any new code. > > > > > -- richard > > > > > > > > > > > > > > > > > > > > > > > > > > > If you need to run Windows guests, you could > > > > > > probably find a way to PXE-boot them off of iSCSI targets (running > > > > > > in another Zone) that have encrypted back-ends or just have them use > > > > > > Samba to access encrypted volumes. > > > > > > > > > > > > > > > > > > Yes I understand everything I typed above is very > > > > > > ugly. I would really like to see encrypted added to the > > > > > > illumos/ZFS or OpenZFS feature set, would do it myself if I > > > > > > currently held the necessary skillset. > > > > > > > > > > > > > > > > > > On Sat, Mar 14, 2015 at 2:00 PM, George Linn via > > > > > > smartos-discuss <[email protected] > > > > > > <mailto:[email protected]> > wrote: > > > > > > > > > > > > > Are there > > > > > > > > > > > > > any encryption options? > > > > > > > > > > > > > Specifically if the SmartOS > > > > > > > > > > > > > installation is used primarily > > > > > > > > > > > > > for hosting Zones. Could sleep > > > > > > > > > > > > > better knowing that if my machine > > > > > > > > > > > > > was physically compromised my > > > > > > > > > > > > > data would be a bit more > > > > > > > > > > > > > difficult to access. > > > > > > > > > > > > > > > > > > > > > > > > > > > > -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > > > > > > From: Brian Bennett via smartos-discuss > > > > > > > <[email protected] > > > > > > > <mailto:[email protected]> > > > > > > > > To: [email protected] > > > > > > > <mailto:[email protected]> ; George Linn > > > > > > > <[email protected] <mailto:[email protected]> > > > > > > > > Sent: Saturday, March 14, 2015 4:29 PM > > > > > > > Subject: Re: [smartos-discuss] ZFS encryption > > > > > > > > > > > > > > ZFS encryption was integrated into Solaris 11 > > > > > > > after OpenSolaris updates stopped. That's not to say it couldn't > > > > > > > be added, but it hasn't been a priority so far. > > > > > > > > > > > > > > -- > > > > > > > Brian Bennett > > > > > > > Systems Engineer, Cloud Operations, Joyent, > > > > > > > Inc. > > > > > > > 655 Montgomery St., Suite 1600 | San > > > > > > > Francisco | California | 94111 > > > > > > > [email protected] > > > > > > > <mailto:[email protected]> | www.joyent.com > > > > > > > <http://www.joyent.com/> > > > > > > > office 415-400-0645 <tel:415-400-0645> | > > > > > > > mobile 619-663-IPv6 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On > > > > > > > > > > > > > > > Mar 14, 2015, at 11:17 > > > > > > > > > > > > > > > AM, George Linn via > > > > > > > > > > > > > > > smartos-discuss < > > > > > > > > > > > > > > > > > > > > > > [email protected] > > > > > > > > > > > > > > > > > > > > > > <mailto:[email protected]> > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > After some searching, it seems that > > > > > > > > there is no integrated encryption for ZFS in SmartOS that would > > > > > > > > allow something like the following to happen: > > > > > > > > > > > > > > > > zfs create -o encryption=on > > > > > > > > rpool/export/somthing > > > > > > > > > > > > > > > > Can encryption be used with ZFS at all > > > > > > > > on SmartOS? I see some examples of creating encrypted block > > > > > > > > devices in OpenIndiana but I am not sure how this is helpful in > > > > > > > > a general sense on SmartOS since my disk space is all allocated > > > > > > > > during the initial installation of SmartOS. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > smartos-discuss | Archives > > > > > > > > <https://www.listbox.com/member/archive/184463/=now> > > > > > > > > > > > > > > > > <https://www.listbox.com/member/archive/rss/184463/26986985-d0246faa> > > > > > > > > | Modify <https://www.listbox.com/member/?&;> Your Subscription > > > > > > > > <http://www.listbox.com/> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------- > > > > > > > smartos-discuss > > > > > > > Archives: > > > > > > > https://www.listbox.com/member/archive/184463/=now > > > > > > > <https://www.listbox.com/member/archive/184463/=now> > > > > > > > RSS Feed: > > > > > > > > > > > > > > https://www.listbox.com/member/archive/rss/184463/26967883-1315225c > > > > > > > <https://www.listbox.com/member/archive/rss/184463/26967883-1315225c> > > > > > > > Modify Your Subscription: > > > > > > > https://www.listbox.com/member/?&; > > > > > > > <https://www.listbox.com/member/?&;> > > > > > > > Powered by Listbox: http://www.listbox.com > > > > > > > <http://www.listbox.com/> > > > > > > > > > > > > > > > > > > > > > > > > > > > > smartos-discuss | Archives > > > > > > > <https://www.listbox.com/member/archive/184463/=now> > > > > > > > > > > > > > > <https://www.listbox.com/member/archive/rss/184463/26912851-a47b45cc> > > > > > > > | Modify <https://www.listbox.com/member/?&;> Your Subscription > > > > > > > <http://www.listbox.com/> > > > > > > > > > > > > > > > > > > > > > > > > > > smartos-discuss | Archives > > > > > > <https://www.listbox.com/member/archive/184463/=now> > > > > > > > > > > > > <https://www.listbox.com/member/archive/rss/184463/21953302-fd56db47> > > > > > > | Modify <https://www.listbox.com/member/?&;> Your Subscription > > > > > > <http://www.listbox.com/> > > > > > > > > > > > > > > > > > > > > > > > > > smartos-discuss | Archives > > > > <https://www.listbox.com/member/archive/184463/=now> > > > > <https://www.listbox.com/member/archive/rss/184463/23140977-a7885f8f> > > > > | Modify <https://www.listbox.com/member/?&;> Your Subscription > > > > <http://www.listbox.com/> > > > > > > > > > > > > > > > > > -- > > > Gea > > > > > > > > > smartos-discuss | Archives > > > <https://www.listbox.com/member/archive/184463/=now> > > > <https://www.listbox.com/member/archive/rss/184463/21953302-fd56db47> | > > > Modify <https://www.listbox.com/member/?&;> Your Subscription > > > <http://www.listbox.com/> > > > > > > > > > > smartos-discuss | Archives > > <https://www.listbox.com/member/archive/184463/=now> > > <https://www.listbox.com/member/archive/rss/184463/23140977-a7885f8f> | > > Modify <https://www.listbox.com/member/?&;> Your Subscription > > <http://www.listbox.com/> > > > > > > > smartos-discuss | Archives > <https://www.listbox.com/member/archive/184463/=now> > <https://www.listbox.com/member/archive/rss/184463/26910370-9cc4a721> | Modify > <https://www.listbox.com/member/?&;> > Your Subscription <http://www.listbox.com> > ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
