A quick-start guide to OpenZFS native encryption
One of the many features OpenZFS brings to the table is ZFS native encryption. First introduced in OpenZFS 0.8, native encryption allows a system administrator to transparently encrypt data at-rest within ZFS itself. This obviates the need for separate tools like LUKS, VeraCrypt, or BitLocker.
OpenZFS encryption algorithm defaults to either aes-256-ccm
(prior to 0.8.4) or aes-256-gcm
(>= 0.8.4) when encryption=on
is set. But it may also be specified directly. Currently supported algorithms are:
aes-128-ccm
aes-192-ccm
aes-256-ccm
(default in OpenZFS < 0.8.4)aes-128-gcm
aes-192-gcm
aes-256-gcm
(default in OpenZFS >= 0.8.4)
There's more to OpenZFS native encryption than the algorithms used, though—so we'll try to give you a brief but solid grounding in the sysadmin's-eye perspective on the "why" and "what" as well as the simple "how."
Read 49 remaining paragraphs | Comments
from Tech – Ars Technica https://ift.tt/3zMaAkp
Comments
Post a Comment