Re: [Qemu-devel] Re: [PATCH] qemu-img: set encrypted disk image password

[Laurent Vivier]

Le 30 juil. 08 à 21:17, Sebastian Herbszt a écrit :

> Laurent Vivier wrote:
> > > This patch modify qemu-img to ask and set a password when an  
> > > encrypted
> > > disk image is created.
> > Well, this one is stupid, the other one is good...
>
> Back when nuitari-qemu posted about this problem [1], i came up with  
> almost
> exactly the same patch. Why is it "stupid" ?
>
> [1] http://lists.gnu.org/archive/html/qemu-devel/2008-06/msg00344.html


* For the first point:

Qemu-img doesn't need a password when it creates the disk image  
because there is nothing to encrypt in an empty image and the password  
is never stored in it.

When qemu reads an encrypted image it uses the given password (the  
key) to decrypt the data, if it is not the key given to encrypt it,  
the data will be invalid.

It's why this patch is stupid...

You can test this:
- qemu-img create -f qcow2 -e encrypted.qcow2
 - qemu -hda boot.img -hdb encrypted.qcow2
type a password (you need my last patch)

# mkfs /dev/hdb
# fsck -f /dev/hdb
-> OK
# halt

- qemu -hda boot.img -hdb encrypted.qcow2
type a different password

# fsck -f /dev/hdb
-> NOT OK

- qemu -hda boot.img -hdb encrypted.qcow2
type the good  password
# fsck -f /dev/hdb
-> OK

Qemu-img needs the password to convert an image because there are  
encrypted data to read an convert.

* For the second point:

it's what my other patch try to solve.

Regards,
Laurent
----------------------- Laurent Vivier ----------------------
"The best way to predict the future is to invent it."
- Alan Kay