is possible to retrieve encryption key from .db or from cli?

[m0nsieurPsych0]

Hi everyone,

I have 2 pools that are encrypted using the key on the root of the pool. Now those pools unlock at boot, so those keys must be stored somewhere in the boot drive.
As the titles says, I would like to retrieve those because I have a weird problem that I'm trying to fix (stuck at boot on spa_history.c while setting cachefile), but can't seem to find a solution right now.

How one would go about exploring the .db file to extract those keys?
Or how one would export those keys from the cli?

Thank you very much for your help!

 

[gary_1]

sqlite3 /data/freenas-v1.db

Then you can list tables, select data from within or dump the entire lot out to a file and grep it. I'm not sure where in that the key may be however.

I would consider copying and running your search on a copy of the db just in case of issues.

I've not used the cli yet, so if it's possible via others will need to chime in.

In the future you should make it a priority to always download any keys used to encrypt your pool at the time you enable encryption and ensure they're safely stored in multiple places, or printed out. You do not want a loss of your boot volume (or update bug) to cause loss of access to all your pools :(

 

[m0nsieurPsych0]

I was able to get my system booting and download the keys after all.
But just for the sake of the next person looking for an alternative way of getting those keys I think we should press further.

I did dump the file, but I cannot find the key when searching specifically. I do see a lot of base64, but even when I convert they keys to Base64 it's not matching anything either.

I will try to write some python program to help elucidate this. Will update when it's done.

In the meantime, if anyone else has idea as to where the keys should be in the database. Let us know!

 

[Q00]

For how to extract zfs keys from cli see https://milek.blogspot.com/2022/02/truenas-scale-zfs-wrapping-key.html