I am trying to figure out encryption using native ZFS encryption. I am able to do everything as per guides:
https://forum.proxmox.com/threads/native-full-disk-encryption-with-zfs.140170/
&
https://privsec.dev/posts/linux/using-native-zfs-encryption-with-proxmox/
but there are still a few steps that make no sense to me.
1.) When you create the encryption keys, you seem to need to transfer them from the live boot environment to your production server via USB. Otherwise these keys get deleted and your encryption becomes useless? In my case I created the encryption keys in the root directory, but once I log into Proxmox, they are gone - "find", finds nothing on the computer.
2.) Following logic from question #1 If the keys are stored in / then if you log into a live session from bootable media, you can access these keys and hence decrypt the datasets? I haven't tried this yet but it's what I suspect is the case?
https://forum.proxmox.com/threads/native-full-disk-encryption-with-zfs.140170/
&
https://privsec.dev/posts/linux/using-native-zfs-encryption-with-proxmox/
but there are still a few steps that make no sense to me.
1.) When you create the encryption keys, you seem to need to transfer them from the live boot environment to your production server via USB. Otherwise these keys get deleted and your encryption becomes useless? In my case I created the encryption keys in the root directory, but once I log into Proxmox, they are gone - "find", finds nothing on the computer.
2.) Following logic from question #1 If the keys are stored in / then if you log into a live session from bootable media, you can access these keys and hence decrypt the datasets? I haven't tried this yet but it's what I suspect is the case?
Last edited:
