How to use keyfiles,for ZFS whole disk encryption

Does anyone have a working implementation using keyfiles, preferably on SD Card, instead of a prompt for ZFS? I know how to do this with linux LVM/LUKS. In my opinion the FreeBSD full disk encryption solutions are WAY more secure, but I would really like to use keyfiles instead of getting prompted during boot.

I can't find a way to do it with google-magic.

Update from January 2020

This question was answered in 2011, and the answer I gave pertains specifically to contemporary Solaris 11 behavior. This does not apply to OpenZFS, illumos, or ZFS on Linux.

That being said, the original answer remains, for posterity.

You have to create your key first. ZFS supports two types of file based keys. Hex, and raw. For this you can use openssl to generate the key.

openssl rand -out /media/stick/key 16

The 16 creates a 16-byte (i.e., 128-bit) key. For a 192-bit or 256-bit key use 24 or 32 respectively.

Then create your dataset as you normally would, specifying the key.

zfs create -o encryption=on -o keysource=raw,file:///media/stick/key rpool/encrypted

You can also use the -hex flag to openssl rand and keysource=hex for a human readable hex value in the file.

How to use keyfiles,for ZFS whole disk encryption

Best Answer

Update from January 2020

Related Question

Best Answer

Update from January 2020

Related Solutions

FreeBSD + ZFS + Encryption? Alternatives? Suggestions

Ubuntu – Full disk encryption with dm-crypt (without LUKS)

Related Question