That’s a good idea. Extra steps, but worth it.
@Darkmoon1212, you need to understand that @neofusion and @swc-phil are my sock puppet accounts. If you find anything helpful from them, please direct your thanks to me.
1 Like
Ok, you were the first and deserved your trophy 
.
1 Like
I can confirm I am @winnielinnie’s sock puppet.
1 Like
Yeah that did it, I got the datasets unlocked, now I’ll import the config but not much difference since I have the 2 disks degraded. Thank you everyone!
2 Likes
Borrowed from another thread:
@swc-phil asked me to tell you about this method, which allows you to access your encrypted datasets if all other measures fail. The only difference is that instead of generating a random, meaningless string, you’ll be generating a string that has personal meaning to you, which allows you to retrieve the key if everything else fails.
I’m not a big fan of doing it this way, but @swc-phil thinks it’s the coolest thing ever. 
I see, but if you change the photo location won’t that change metadata therefore the hash and subsequently the key?
Nope. The hash remains the same, as long as the file is not edited or modified.
The file can be anywhere. Local drive, USB, email, cloud. As long as it’s the original, unmodified file. Location doesn’t matter.
TrueNAS / ZFS will have no awareness of this file. All it knows about is the hex string. How you generated or came across the string is irrelevant to ZFS. For all it knows, it’s just another random string.
If you move a file it’ll most likely change metadata therefore size. If hashing is based on size that means the value will change and so will the key.
I’ll try it and report back
Absolutely not.
Any tool that modifies the file’s data and/or size because of a move or copy operation cannot be trusted with your data.
A file’s timestamp does not change its data. This is a filesystem property. The file’s data itself is still exactly the same 1’s and 0’s, even if you change its modification time or location.
EDIT: You should still be using the typical steps of keeping your encryption key safe, such as with an exported keyfile and a passphrase manager. The “sha256” method is a safety net if all else fails.
There is a much bigger concern with this method. If you gonna give it a try, you should read the entire discussion.
It’s actually much less complicated than the discussion makes it seem.
You’re basically using a sha256 hash of a meaningful file known only to yourself as the keystring, instead of a randomly generated one, which allows you to recover your key if all else fails.
Nothing else changes in regards to data protection and encryption.