By Darren Moffat-Oracle on Sep 13, 2012
I've just been asked twice this week how I would demonstrate ZFS encryption really is encrypting the data on disk. It needs to be really simple and the target isn't forensics or cryptanalysis just a quick demo to show the before and after.
I usually do this small demo using a pool based on files so I can run strings(1) on the "disks" that make up the pool. The demo will work with real disks too but it will take a lot longer (how much longer depends on the size of your disks). The file hamlet.txt is this one from gutenberg.org
# mkfile 64m /tmp/pool1_file # zpool create clear_pool /tmp/pool1_file # cp hamlet.txt /clear_pool # grep -i hamlet /clear_pool/hamlet.txt | wc -l
Note the number of times hamlet appears
# zpool export clear_pool # strings /tmp/pool1_file | grep -i hamlet | wc -l
Note the number of times hamlet appears on disk - it is 2 more because the file is called hamlet.txt and file names are in the clear as well and we keep at least two copies of metadata.
Now lets encrypt the file systems in the pool.
Note you MUST use a new pool file don't reuse the one from above.
# mkfile 64m /tmp/pool2_file # zpool create -O encryption=on enc_pool /tmp/pool2_file Enter passphrase for 'enc_pool': Enter again: # cp hamlet.txt /enc_pool # grep -i hamlet /enc_pool/hamlet.txt | wc -l
Note the number of times hamlet appears is the same as before
# zpool export enc_pool # strings /tmp/pool2_file | grep -i hamlet | wc -l
Note the word hamlet doesn't appear at all!
As a said above this isn't indended as "proof" that ZFS does encryption properly just as a quick to do demo.