Passphrase confusion. Why would I need one?

troudee

Explorer
Joined
Mar 26, 2020
Messages
69
Hello everybody!

I've stumbled upon a sentence in the FreeNAS 11.3-U5 User Guide that confuses me:

Warning: Do not export/disconnect an encrypted pool if the passphrase has not been set! An encrypted
pool cannot be reimported without a passphrase!

Why? As far as I understood...
  • An encrypted pool has two keys, stored on the system dataset: the encryption key and the recovery key
  • The encryption key can be encrypted with a passphrase
  • To unlock the pool, you need the encryption key (plus passphrase if any) OR the recovery key
So, why would I need a passphrase set if want to read an encrypted pool after
exporting? In my mental model, exporting is comparable to the
"remove safely" in Windows or unmounting in Linux, so my mental model says
that it has to be done on each shutdown or reboot of the system...

Please correct me, I think I am wrong. :smile:
 
Top