A quick-start guide to OpenZFS native encryption
Credit:
Arstechnica
One of the many features OpenZFS brings to the table is ZFS native encryption. First introduced in OpenZFS 0.8, native encryption allows a system administrator to transparently encrypt data at-rest within ZFS itself. This obviates the need for separate tools like LUKS, VeraCrypt, or BitLocker.
OpenZFS encryption algorithm defaults to either aes-256-ccm (prior to 0.8.4) or aes-256-gcm (>= 0.8.4) when encryption=on is set. But it may also be specified directly. Currently supported algorithms are:
- aes-128-ccm
- aes-192-ccm
- aes-256-ccm (default in OpenZFS < 0.8.4)
- aes-128-gcm
- aes-192-gcm
- aes-256-gcm (default in OpenZFS >= 0.8.4)