Darren J Moffat wrote: > Anthony Scarpino wrote: >> How does this differ from the import of the pool?.. Say for example an >> incorrectly entered passphrase.. > > In the case where you don't present the correct key you just get garbage > file data because it doesn't decrypt correctly.
So is the intent that when you import a pool and give the wrong passphrase the the pool is still important, just the encrypted datasets are garbage and unaccessable.. or that the import will fail?.. > > In the key change case if you decrypt the dataset key with the wrong > "current" DSKEK you get something that looks like a key for the dataset > but it is the wrong one. You then reencrypt the dataset key with the > new DSKEK you have lost all access to your data on read because it now > gets decrypted with the wrong per dataset key and is garbage (at least > until you change it back to the correct DSKEK assuming it still exists). > somehow comparing to a successful import would be good, but it hinging on your thought on the above question...
