[prev in list] [next in list] [prev in thread] [next in thread] 

List:       zfs-crypto-discuss
Subject:    [zfs-crypto-discuss] Re: [zfs-discuss] Re: ZFS secure files deletion
From:       Darren.Moffat () Sun ! COM (Darren J Moffat)
Date:       2006-03-16 8:18:59
Message-ID: 44198FE6.2030106 () Sun ! COM
[Download RAW message or body]

Wes Williams wrote:
> I hope we?re on the same page here.  Of course the encrypted ZFS file system is in \
> the works and will be very important to government and several industries, and I \
> suppose the deletion of encrypted files by simply losing an encryption key as you \
> suggest sounds quite efficient and reasonable. 
> Please clarify your ?support in the format(1m) command? as referenced from Trusted \
> Solaris ? does it now work on ZFS filesystems as well?  Perhaps in the future?  Or, \
> only on UFS now and forever?

No it doesn't work on ZFS file systems or even on UFS ones.

Why ? because it doesn't work at the file system layer at all it works
at the disk layer (or really the layer the device layer which
depending on the type of storage you have may or may not be a real
single physical disk).

So the analyze/purge functionality in format(1m) CAN be used to 
"securely delete" content of a ZFS file system by acting on
the components of the pool.   What we gain by using a crypto
file system and key destruction is that you can destroy individual
ZFS data sets at will (or using an external semi-trusted key manager
at predetermined time points) rather than destroying at the device
layer.

Also it isn't from Trusted Solaris at all it has always been in
Solaris it is just that the FAQ entry I used as a reference happens
to be part of the Trusted Solaris FAQ because it was those customers
that asked about this most.

-- 
Darren J Moffat


[prev in list] [next in list] [prev in thread] [next in thread]