[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class fo
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling |
Date: |
Mon, 19 Oct 2015 17:30:25 +0100 |
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Mon, Oct 19, 2015 at 06:28:26PM +0200, Paolo Bonzini wrote:
>
>
> On 19/10/2015 18:24, Daniel P. Berrange wrote:
> > The input format, eg the encoding of the data=XXXX value, or the contents
> > of the file, and the output format, which is that required by the consumer
> > inside QEMU. We convert between the two. eg you can provide data in base64
> > even if QEMU ultimately needs to use it in plain utf-8 format, or
> > vica-verca.
>
> Right. In the end QCryptoSecret only needs to provide a raw output;
> converting it to something else, and possibly applying restrictions such
> as UTF-8, should depend on the user. Of course the API can include
> helper functions for common restrictions, but in general a "secret
> storage" module is independent of them.
>
> > IIUC, you're suggesting that for the input format, the data=XXX value
> > should allow a choice of utf8 or base64, while the external file could
> > just take raw or base64 data. That's easy enough to wire up - just add
> > a 3rd option to the format enum and make raw be the default for files.
>
> Almost.
>
> I am also saying that the utf8 case for data=XXX actually should be raw,
> because utf8 is just a limitation of JSON and not of the data=XXX
> interface. Non-UTF8 data=XXX would then be accepted for the -object
> command line option.
Ah ok, I see what you mean now
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
- [Qemu-block] [PATCH 00/17] Framework for securely passing secrets to QEMU, Daniel P. Berrange, 2015/10/19
- [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
- Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Paolo Bonzini, 2015/10/19
- Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
- Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Paolo Bonzini, 2015/10/19
- Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
- Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Paolo Bonzini, 2015/10/19
- Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
- Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Paolo Bonzini, 2015/10/19
- Re: [Qemu-block] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling,
Daniel P. Berrange <=
[Qemu-block] [PATCH 03/17] rbd: add support for getting password from QCryptoSecret object, Daniel P. Berrange, 2015/10/19
[Qemu-block] [PATCH 05/17] iscsi: add support for getting CHAP password via QCryptoSecret API, Daniel P. Berrange, 2015/10/19
[Qemu-block] [PATCH 02/17] crypto: add support for loading encrypted x509 keys, Daniel P. Berrange, 2015/10/19
[Qemu-block] [PATCH 04/17] curl: add support for HTTP authentication parameters, Daniel P. Berrange, 2015/10/19
[Qemu-block] [PATCH 07/17] qcow2: add a 'keyid' parameter to qcow2 options, Daniel P. Berrange, 2015/10/19
[Qemu-block] [PATCH 06/17] qcow: add a 'keyid' parameter to qcow options, Daniel P. Berrange, 2015/10/19