To “Unlock Datasets” my TrueNAS Scale ( upgraded from CORE ) is asking for:
“From a key file” or “Provide keys/passphrases manually”.
Not a problem, I’ve got the .tar file downloaded from the last update.
Unfortunately there’s no .json file, just the “freenas-v1.db” and the binary file named “pwenc_secret” in the tar file.
What I need from a knowledgeable forum member is an example JSON file to make one from: either the “pwenc_secret” data ( as hex or base64 ? ) or a field in the .db file.
Or, the same idea as above but to make me a “Dataset Key” to use the option “Provide keys/passphrases manually”.
I can code a solution ( in windows, no python ) if I get how it is supposed to work
Maybe I should add some context:
My box died. Build one. But my old PC died too. Well, I killed it when I realized I downloaded from a wrong site and the installer had a trojan or the like, surely waiting for some idle time to run. So I unplug the PC some 30 min. after I realized that I made an oops.
Made a VHD from that old drive as I didn’t have a backup. Don’t matter, I have everything in that RaidZ2 so it’s ok.
That died too so, don’t matter, I’ll get me a bigger box for not 8 as before but 24 HDDs and a new motherboard.
I had no memory of encrypting those datasets. It got me by surprise.
Fortunately I have the settings from an upgrade in that recovered VHD.
The problem is that I use the share ( TrueNAS box ) as a set it and forget it and don’t follow though with what’s new. Or even what I did last, or when.
In any case, the prior post is what am at. Thanks for reading.
Waiting for an answer I started to look at what I’ve got. Maybe is simple.
The “pwenc_secret” file has a 64 byte long string in Hex. It coincides with the length of a JSON file but didn’t work.
Then I listed the tables of the sqlite DB. Found one called “storage_encrypteddataset” so I though that I got lucky. The fields are “id,name,encryption_key,kmip_uid” so I pasted the “encryption_key” data but is too long. The data in that base 64 is even longer. So no dice.
I just installed TrueNAS to a new motherboard. I remember doing that in CORE and when it came time to use the drives, it would just import it.
This time around the datasets were encrypted. I thought that giving the password would be enough but it did not workout as I thought.
Am by no means knowledgeable in TrueNAS but figure that if all the data is there, there should be a way to get that string back.
If is not a security problem sharing such thing, could the calculation to recover the password be shared ?
I do understand that it should not have come to this
Did you enable encryption for this pool when you created it? (i.e, the root dataset gets encrypted and subsequent child datasets.) If so, did you use a passphrase or keystring?
What password? Because earlier you wrote:
What does this mean?
First thing’s first: Did you try to import the config file that you previously exported? If so, what was the result?
No I didn’t nor know how to do that. But I guess I can find out.
In regards of your other questions: I posted the history line to give some context.
So no, I don’t have a password. What I called a password was finding the tar file with a file called pwenc_secret therefore I thought I had the password that just wasn’t in JSON format. That…,I pulled the notions out my … “imagination”.
If the algorithm to recreate what I need is not known given that it may take a developer to know it, then I’ll reinstall ( I guess ) and import the tar file.
I don’t know. I rather have a tool ( that I’d code if I find the working principles ).
You’re an MVP. Can, what I think is the easiest ( code a tool ) be done ?, or do I have to import the tarball ?
Saved the tarball from the new setup then loaded the old setup.
The old setup had the networking of the prior hardware and setup. Hence, it was a pain to make it work again ( since I guess everything ) but got it up and running ( there are only so many choices ).
All I have now with the old setup, is the old setup, dah
Therefore, ( needing the new setup ) extracted the JSON files I needed from this old setup and re-loaded the settings from the new tarball I just saved.
After restoring the new setup, unlocked the ZFS encryption, and lived happily ever after. The end.
The above story telling is for anyone reading this hoping for a solution. This was my, ( I’d say very lucky ) solution