When an encrypted ZFS dataset has unencrypted child nodes, this breaks the handling of a zfs send stream which will erroneously terminate with "inherited key must be loaded" when encountering the unencrypted dataset. It's likely this issue will need to be pushed upstream to OpenZFS. The following script will demonstrate the behavior: ---BEGIN--- #!/bin/sh -eux if [ ! -f test.key ]; then dd if=/dev/random of=test.key bs=32 count=1 fi KEY=file://$(realpath test.key) DEV1=$(mdconfig -at swap -s 1G) zpool create -Oencryption=on -Okeyformat=raw -Okeylocation=${KEY} test1 ${DEV1} zfs create test1/dir1 zfs create -oencryption=off test1/dir1/dir2 zfs snap -r test1@snap DEV2=$(mdconfig -at swap -s 1G) zpool create test2 ${DEV2} zfs send -Rw test1@snap | zfs recv test2/recv ---END--- And a sample output: ---BEGIN--- + [ ! -f test.key ] + dd 'if=/dev/random' 'of=test.key' 'bs=32' 'count=1' 1+0 records in 1+0 records out 32 bytes transferred in 0.000043 seconds (752569 bytes/sec) + realpath test.key + KEY=file:///root/test.key + mdconfig -at swap -s 1G + DEV1=md0 + zpool create '-Oencryption=on' '-Okeyformat=raw' '-Okeylocation=file:///root/test.key' test1 md0 + zfs create test/dir1 + zfs create '-oencryption=off' test1/dir1/dir2 + zfs snap -r test1@snap + mdconfig -at swap -s 1G + DEV2=md1 + zpool create test2 md1 + zfs send -Rw test1@snap + zfs recv test2/recv cannot receive new filesystem stream: inherited key must be loaded warning: cannot send 'test1/dir1/dir2@snap': signal received ---END---