On 06/05/2012 08:01 AM, Yves Pagani wrote:
I did a dd if=/dev/random of=data.key bs=1M count=1... After your
mail, I
digged a little bit in the source code and by doing a openssl enc
-aes-256-cbc -k secret -P -md sha1 and copying the (key part only) outcome
into a file, I was able to do a hfs_mount. Neverthless I obtained a strange
result : from the client, I copied some file to the mount point, files were
copied on the different servers. On the client, I then unmounted the
filesystem and remounted it without giving the data key. And of course, the
files were encrypted as expected. But on the servers, the files are always
in cleared form ! Is it a normal behaviour ? I thought that when I copied
the files to the servers, they were encrypted before being sent.
That is indeed what's supposed to happen, and I just rechecked to make sure it
does. Your result seems very strange to me, because if you mount without a
data key then the crypt translator won't even be loaded and therefore there
should be no transformations on the data . . . and yet you report that the data
read that way appears to be encrypted. If it had been stored plain, who's
encrypting it in that case? Can you send the client volfiles (from the logs)
that are being used when you mount with and without an encryption key?