docs(zfs): Explain how to confirm new master key (#1)

2023-03-05 04:00:51 +01:00 · 2023-03-05 04:00:51 +01:00 · 9943b6c61b
commit 9943b6c61b
parent a19adbfe28
1 changed files with 10 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -156,6 +156,16 @@ In order to generate a new master key after you've changed your user key as ment
    ```
    The parent `zpool/root` is inheriting this property from `zpool` which will make sure that `zpool/root/archlinux-frn` essentially gets its key now from `zpool`. Both `zpool/root/archlinux-frn` and `zpool` use the same exact `keylocation` with identical content. This operation is instant.

+## Finishing touches
+
+Just to confirm that the master key has changed run this commands. It takes a moment to output data:
+
+```
+zfs send --raw zpool/root/archlinux-frn@rekey | zstream dump | sed -n -e '/crypt_keydata/,/end crypt/p; /END/q'
+```
+
+Repeat for source dataset `zpool/root/archlinux-sxu@rekey`. You're particularly interested in parameters `DSL_CRYPTO_MASTER_KEY_1` and the initialization vector `DSL_CRYPTO_IV`. Notice that they differ between old and new dataset confirming that your new dataset has a new master key.
+
 Optionally you may want to clean up:

 1. In newly keyed/reencrypted system dataset destroy its snapshot