Linux eqvuivalent for pkgtool

[FransUrbo]

Sorry for making this a abug, but this is more of a documentation issue...

How do one create a raw, encrypted key on Linux?

I have an old Solaris VM, which primary use now is just to run:

pktool genkey keystore=file outkey=out.key keytype=aes keylen=256

This would then be copied onto the Linux machine and used with:

zfs create  -o encryption=aes-256-gcm -o keysource=raw,file:////.../out.key ....

What would I do this on Linux instead?

[lundman]

Well, you could certainly do something like;

keysource=hex,file
 dd if=/dev/random bs=32 count=1 | od -A n -v -t x1 | tr -d ' \n' > out.key

Or with extra entropy from the key wrapping;

keysource=passphrase,file
dd if=/dev/random bs=32 count=1 | base64 > out.key

[FransUrbo]

Oh... That was a lot easier than I had expected :), thanx.

Should we add some information about keysource etc in the README as well?

[lundman]

That's a good idea. I'm sure any extra documentation will be appreciated by someone trying to do the same. I just never get around to doing it myself :) And rogue seems even busier... Oh and if you've had some success with crypto, maybe reply to that zfs-discuss thread, since at the moment the thread makes it sound like it does not work...

[FransUrbo]

I'll see what I can do about adding some more documentation and examples then.

What thread are you thinking of?

[zfsrogue]

Thank you.