Re: Is ZFS native encryption safe to use?

From: Frank Leonhardt <freebsd-doc_at_fjl.co.uk>
Date: Wed, 13 Sep 2023 11:33:39 UTC
On 24/08/2023 13:08, infoomatic wrote:
> On 24.08.23 00:43, Dewayne wrote:
>> Thx for the performance hint.  Were you using the same cipher on each?
>
> Yes, I have tried various combinations, but the difference was so huge
> that I did not let the benchmarks finish cause I felt it was wasted time
> and resources!
>
>
>> On 23/08/2023 5:34 pm, infoomatic wrote:
>>> last time (when 13.0 was released) I compared them:
>>>
>>> *) GELI + normal zfs was significantly faster than encrypted-zfs
>>> *) encrypted zfs to share files between Linux and FreeBSD did not work
>>> properly, resulting in Files non-readable on FreeBSD
>>>
Might be obvious, but I should make the point that if you use GELI to 
encrypt anything on FreeBSD, Linux won't be able to read it so it's just 
as much of a cross-platform problem as ZFS encryption not being portable.

Another observation on the use cases - if you're backing up encrypted 
ZFS datasets the backups are encrypted; if you backup from GELI they 
will be clear unless you encrypt them again.