Understanding How Encryption Works

Status
Not open for further replies.
W

wave2453

Dabbler
Joined
Oct 31, 2017
Messages
21
Hello,
I figured this was a different kind of question about the encryption so I should create a new post.

I am trying to figure out how the encryption works and how I can prove it works. As I explained in my other post I am looking to put PHI data on my FreeNAS 11.1 U4 system and it will be audited by external auditors.

I am looking to find out how key management is handled and how can i prove that. I am specifically looking for the following

-Where is the data encrypting key stored?
-is the data encrypting key protected with a key encrypting key and if so where is it stored?
-Is there a command, documentation or config file that shows the above to be true?

Thank You!
 
kdragon75

kdragon75

Wizard
Joined
Aug 7, 2016
Messages
2,457
HIPAA does not require data encryption at rest but I would still strongly recommend doing so. Please review the official FreeNAS documentation regarding encryption for some important and useful information. If that does not answer your questions, please feel free to let us know what you still need.
 
W

wave2453

Dabbler
Joined
Oct 31, 2017
Messages
21
Thanks for your response kdragon.

I am not talking about HIPAA I am referring to the PCI standard I should have more clearly specified that in my initial response so I apologize for that. I have also reviewed the documentation you pointed me to. This document is great for setting up encryption but does a poor job of describing what the encryption is doing or how the keys are managed.

What I am looking for is.

-Where is the data encrypting key stored?
-is the data encrypting key protected with a key encrypting key and if so where is it stored?
-Is there a command, documentation or config file that shows the above to be true?
 
kdragon75

kdragon75

Wizard
Joined
Aug 7, 2016
Messages
2,457
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
W

wave2453

Dabbler
Joined
Oct 31, 2017
Messages
21
Thank @danb35 for the clarification. I unfortunately have still not been able to find much about how the key management is handled in FreeNAS.
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
I think that proving it is going to be a matter of "use the source, Luke." And as to "how the key management is handled in FreeNAS", I believe the best answer is "poorly", based on the number of threads here where people with encrypted pools have lost them. But my own smartass-ness aside, I don't believe FreeNAS's use of encryption has changed significantly since the 9.0 days, or maybe even earlier (with the exception of The Release That Must Not Be Named). Thus, if @Dusan's post was correct at the time, it's highly likely it's still correct today.

This really should be documented--suggest you file a bug against the docs that will be ignored for a few years.
 
W

wave2453

Dabbler
Joined
Oct 31, 2017
Messages
21
Thank you @danb35. I will probably go off of what @Dusan said. I will also file a bug report whether it gets recognized or not is a different matter but at least an issue is logged. I believe the security behind the keys is good it's just no one has taken the time to document it.

Thanks Again!
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
Key management after setup, as I understand it, is that FreeNAS stores the first key, which only works in combination with the password. The recovery key is always managed exclusively by the admin.
 
Status
Not open for further replies.

Similar threads

W
  • Locked
Encryption Type
Replies
3
Views
2K
wave2453
W
Ben1010101
  • Locked
Encryption Checklist?
Replies
7
Views
4K
devnullius
devnullius
M
  • Locked
Encryption - Key ONLY Locking
Replies
7
Views
2K
houruomu
H
C
  • Locked
SOLVED Encryption keys
Replies
4
Views
5K
CyBiS
C
Nvious1
Encryption using Offline Keys
Replies
5
Views
2K
PhiloEpisteme
PhiloEpisteme
Top